-/*
- * Copyright 2001-2007 Internet2
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
#include "logging.h"
#include "encryption/Decrypter.h"
#include "encryption/EncryptedKeyResolver.h"
+#include "encryption/Encryption.h"
#include "security/Credential.h"
#include "security/CredentialCriteria.h"
#include "security/CredentialResolver.h"
#include <xsec/framework/XSECAlgorithmMapper.hpp>
#include <xsec/framework/XSECAlgorithmHandler.hpp>
#include <xsec/utils/XSECBinTXFMInputStream.hpp>
+#include <xsec/xenc/XENCCipher.hpp>
#include <xsec/xenc/XENCEncryptedData.hpp>
#include <xsec/xenc/XENCEncryptedKey.hpp>
using namespace xmlencryption;
using namespace xmlsignature;
using namespace xmltooling;
+using namespace xercesc;
using namespace std;
+Decrypter::Decrypter(const CredentialResolver* credResolver, CredentialCriteria* criteria, const EncryptedKeyResolver* EKResolver)
+ : m_cipher(nullptr), m_credResolver(credResolver), m_criteria(criteria), m_EKResolver(EKResolver)
+{
+}
+
Decrypter::~Decrypter()
{
if (m_cipher)
XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher);
}
+void Decrypter::setEncryptedKeyResolver(const EncryptedKeyResolver* EKResolver)
+{
+ m_EKResolver=EKResolver;
+}
+
+void Decrypter::setKEKResolver(const CredentialResolver* resolver, CredentialCriteria* criteria)
+{
+ m_credResolver=resolver;
+ m_criteria=criteria;
+}
+
DOMDocumentFragment* Decrypter::decryptData(const EncryptedData& encryptedData, XSECCryptoKey* key)
{
- if (encryptedData.getDOM()==NULL)
+ if (encryptedData.getDOM()==nullptr)
throw DecryptionException("The object must be marshalled before decryption.");
// We can reuse the cipher object if the document hasn't changed.
if (m_cipher && m_cipher->getDocument()!=encryptedData.getDOM()->getOwnerDocument()) {
XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher);
- m_cipher=NULL;
+ m_cipher=nullptr;
}
if (!m_cipher)
// Resolve a decryption key directly.
vector<const Credential*> creds;
- int types =
- CredentialCriteria::KEYINFO_EXTRACTION_KEY |
- CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES |
- CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES;
+ int types = CredentialCriteria::KEYINFO_EXTRACTION_KEY | CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES;
if (m_criteria) {
m_criteria->setUsage(Credential::ENCRYPTION_CREDENTIAL);
m_criteria->setKeyInfo(encryptedData.getKeyInfo(), types);
// We need to find an encrypted decryption key somewhere. We'll need the underlying algorithm...
const XMLCh* algorithm=
- encryptedData.getEncryptionMethod() ? encryptedData.getEncryptionMethod()->getAlgorithm() : NULL;
+ encryptedData.getEncryptionMethod() ? encryptedData.getEncryptionMethod()->getAlgorithm() : nullptr;
if (!algorithm)
throw DecryptionException("No EncryptionMethod/@Algorithm set, key decryption cannot proceed.");
// Check for external resolver.
- const EncryptedKey* encKey=NULL;
+ const EncryptedKey* encKey=nullptr;
if (m_EKResolver)
encKey = m_EKResolver->resolveKey(encryptedData, recipient);
else {
void Decrypter::decryptData(ostream& out, const EncryptedData& encryptedData, XSECCryptoKey* key)
{
- if (encryptedData.getDOM()==NULL)
+ if (encryptedData.getDOM()==nullptr)
throw DecryptionException("The object must be marshalled before decryption.");
// We can reuse the cipher object if the document hasn't changed.
if (m_cipher && m_cipher->getDocument()!=encryptedData.getDOM()->getOwnerDocument()) {
XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher);
- m_cipher=NULL;
+ m_cipher=nullptr;
}
if (!m_cipher)
auto_ptr<XSECBinTXFMInputStream> in(m_cipher->decryptToBinInputStream(encryptedData.getDOM()));
XMLByte buf[8192];
- unsigned int count = in->readBytes(buf, sizeof(buf));
+ xsecsize_t count = in->readBytes(buf, sizeof(buf));
while (count > 0)
out.write(reinterpret_cast<char*>(buf),count);
}
// Resolve a decryption key directly.
vector<const Credential*> creds;
- int types =
- CredentialCriteria::KEYINFO_EXTRACTION_KEY |
- CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES |
- CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES;
+ int types = CredentialCriteria::KEYINFO_EXTRACTION_KEY | CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES;
if (m_criteria) {
m_criteria->setUsage(Credential::ENCRYPTION_CREDENTIAL);
m_criteria->setKeyInfo(encryptedData.getKeyInfo(), types);
// We need to find an encrypted decryption key somewhere. We'll need the underlying algorithm...
const XMLCh* algorithm=
- encryptedData.getEncryptionMethod() ? encryptedData.getEncryptionMethod()->getAlgorithm() : NULL;
+ encryptedData.getEncryptionMethod() ? encryptedData.getEncryptionMethod()->getAlgorithm() : nullptr;
if (!algorithm)
throw DecryptionException("No EncryptionMethod/@Algorithm set, key decryption cannot proceed.");
// Check for external resolver.
- const EncryptedKey* encKey=NULL;
+ const EncryptedKey* encKey=nullptr;
if (m_EKResolver)
encKey = m_EKResolver->resolveKey(encryptedData, recipient);
else {
if (!m_credResolver)
throw DecryptionException("No CredentialResolver supplied to provide decryption keys.");
- if (encryptedKey.getDOM()==NULL)
+ if (encryptedKey.getDOM()==nullptr)
throw DecryptionException("The object must be marshalled before decryption.");
- XSECAlgorithmHandler* handler = XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(algorithm);
- if (!handler)
- throw DecryptionException("Unrecognized algorithm, no way to build object around decrypted key.");
+ XSECAlgorithmHandler* handler;
+ try {
+ handler = XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(algorithm);
+ if (!handler)
+ throw DecryptionException("Unrecognized algorithm, no way to build object around decrypted key.");
+ }
+ catch(XSECException& e) {
+ auto_ptr_char temp(e.getMsg());
+ throw DecryptionException(string("XMLSecurity exception while decrypting key: ") + temp.get());
+ }
+ catch(XSECCryptoException& e) {
+ throw DecryptionException(string("XMLSecurity exception while decrypting key: ") + e.getMsg());
+ }
// We can reuse the cipher object if the document hasn't changed.
if (m_cipher && m_cipher->getDocument()!=encryptedKey.getDOM()->getOwnerDocument()) {
XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseCipher(m_cipher);
- m_cipher=NULL;
+ m_cipher=nullptr;
}
if (!m_cipher)
m_cipher=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newCipher(encryptedKey.getDOM()->getOwnerDocument());
// Resolve key decryption keys.
- int types =
- CredentialCriteria::KEYINFO_EXTRACTION_KEY |
- CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES |
- CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES;
+ int types = CredentialCriteria::KEYINFO_EXTRACTION_KEY | CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES;
vector<const Credential*> creds;
if (m_criteria) {
m_criteria->setUsage(Credential::ENCRYPTION_CREDENTIAL);
projects / shibboleth / cpp-xmltooling.git / blobdiff