X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-xmltooling.git;a=blobdiff_plain;f=xmltooling%2Fencryption%2FEncrypter.h;h=1996b4836efbcd0667685c67b7b42b449b092aed;hp=1bf6945d777c18eff753f4ca861b0fc762bc7a92;hb=HEAD;hpb=6505807a62569ce65803b448b07a6872c6af2512 diff --git a/xmltooling/encryption/Encrypter.h b/xmltooling/encryption/Encrypter.h index 1bf6945..1996b48 100644 --- a/xmltooling/encryption/Encrypter.h +++ b/xmltooling/encryption/Encrypter.h @@ -1,17 +1,21 @@ -/* - * Copyright 2001-2007 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** @@ -23,10 +27,11 @@ #if !defined(__xmltooling_encrypter_h__) && !defined(XMLTOOLING_NO_XMLSEC) #define __xmltooling_encrypter_h__ -#include +#include -#include -#include +#include + +class XENCCipher; namespace xmltooling { class XMLTOOL_API Credential; @@ -34,6 +39,9 @@ namespace xmltooling { namespace xmlencryption { + class XMLTOOL_API EncryptedData; + class XMLTOOL_API EncryptedKey; + /** * Wrapper API for XML Encryption functionality. * Designed to allow both external and internal key generation as follows: @@ -51,7 +59,10 @@ namespace xmlencryption { * Summing up, if KeyEncryptionParams are used, a raw key must be available or the * key can be generated when the encryption algorithm itself is a standard one. If * no KeyEncryptionParams are supplied, then the key must be supplied either in raw - * or object form. + * or object form. + * + * Finally, when encrypting data, the key transport algorithm can be left blank to + * derive it from the data encryption algorithm. */ class XMLTOOL_API Encrypter { @@ -61,7 +72,6 @@ namespace xmlencryption { * Structure to collect encryption requirements. */ struct XMLTOOL_API EncryptionParams { - /** * Constructor. * @@ -75,57 +85,65 @@ namespace xmlencryption { * @param compact true iff the encrypted representation should be made as small as possible */ EncryptionParams( - const XMLCh* algorithm=DSIGConstants::s_unicodeStrURIAES256_CBC, - const unsigned char* keyBuffer=NULL, +#ifdef XSEC_OPENSSL_HAVE_AES + const XMLCh* algorithm=DSIGConstants::s_unicodeStrURIAES128_CBC, +#else + const XMLCh* algorithm=DSIGConstants::s_unicodeStrURI3DES_CBC, +#endif + const unsigned char* keyBuffer=nullptr, unsigned int keyBufferSize=0, - const xmltooling::Credential* credential=NULL, + const xmltooling::Credential* credential=nullptr, bool compact=false - ) : m_algorithm(algorithm), m_keyBuffer(keyBuffer), m_keyBufferSize(keyBufferSize), - m_credential(credential), m_compact(compact) { - } + ); - ~EncryptionParams() {} - private: + ~EncryptionParams(); + + /** Data encryption algorithm. */ const XMLCh* m_algorithm; + + /** Buffer containing encryption key. */ const unsigned char* m_keyBuffer; + + /** Size of buffer. */ unsigned int m_keyBufferSize; + + /** Credential containing the encryption key. */ const xmltooling::Credential* m_credential; + + /** Flag limiting the size of the encrypted XML representation. */ bool m_compact; - - friend class Encrypter; }; /** * Structure to collect key wrapping/transport requirements. */ struct XMLTOOL_API KeyEncryptionParams { - /** * Constructor. * * @param credential a Credential supplying the key encryption key - * @param algorithm the XML Encryption key wrapping or transport algorithm constant + * @param algorithm XML Encryption key wrapping or transport algorithm constant * @param recipient optional name of recipient of encrypted key */ KeyEncryptionParams( - const xmltooling::Credential& credential, - const XMLCh* algorithm, - const XMLCh* recipient=NULL - ) : m_credential(credential), m_algorithm(algorithm), m_recipient(recipient) { - } + const xmltooling::Credential& credential, const XMLCh* algorithm=nullptr, const XMLCh* recipient=nullptr + ); - ~KeyEncryptionParams() {} - private: + ~KeyEncryptionParams(); + + /** Credential containing key encryption key. */ const xmltooling::Credential& m_credential; + + /** Key transport or wrapping algorithm. */ const XMLCh* m_algorithm; + + /** Name of recipient that owns the key encryption key. */ const XMLCh* m_recipient; - - friend class Encrypter; }; - Encrypter() : m_cipher(NULL) {} + Encrypter(); - ~Encrypter(); + virtual ~Encrypter(); /** * Encrypts the supplied element and returns the resulting object. @@ -139,10 +157,12 @@ namespace xmlencryption { * * @param element the DOM element to encrypt * @param encParams primary encryption settings - * @param kencParams key encryption settings, or NULL + * @param kencParams key encryption settings, or nullptr * @return a stand-alone EncryptedData object, unconnected to the source DOM */ - EncryptedData* encryptElement(DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams=NULL); + EncryptedData* encryptElement( + xercesc::DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams=nullptr + ); /** * Encrypts the supplied element's children and returns the resulting object. @@ -156,10 +176,12 @@ namespace xmlencryption { * * @param element parent element of children to encrypt * @param encParams primary encryption settings - * @param kencParams key encryption settings, or NULL + * @param kencParams key encryption settings, or nullptr * @return a stand-alone EncryptedData object, unconnected to the source DOM */ - EncryptedData* encryptElementContent(DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams=NULL); + EncryptedData* encryptElementContent( + xercesc::DOMElement* element, EncryptionParams& encParams, KeyEncryptionParams* kencParams=nullptr + ); /** * Encrypts the supplied input stream and returns the resulting object. @@ -173,10 +195,10 @@ namespace xmlencryption { * * @param input the stream to encrypt * @param encParams primary encryption settings - * @param kencParams key encryption settings, or NULL + * @param kencParams key encryption settings, or nullptr * @return a stand-alone EncryptedData object, unconnected to any DOM */ - EncryptedData* encryptStream(std::istream& input, EncryptionParams& encParams, KeyEncryptionParams* kencParams=NULL); + EncryptedData* encryptStream(std::istream& input, EncryptionParams& encParams, KeyEncryptionParams* kencParams=nullptr); /** * Encrypts the supplied key and returns the resulting object. @@ -187,7 +209,18 @@ namespace xmlencryption { * @param compact true iff the encrypted representation should be made as small as possible * @return a stand-alone EncryptedKey object, unconnected to any DOM */ - EncryptedKey* encryptKey(const unsigned char* keyBuffer, unsigned int keyBufferSize, KeyEncryptionParams& kencParams, bool compact=false); + EncryptedKey* encryptKey( + const unsigned char* keyBuffer, unsigned int keyBufferSize, KeyEncryptionParams& kencParams, bool compact=false + ); + + /** + * Maps a data encryption algorithm to an appropriate key transport algorithm to use. + * + * @param credential the key encryption key + * @param encryptionAlg data encryption algorithm + * @return a key transport algorithm + */ + static const XMLCh* getKeyTransportAlgorithm(const xmltooling::Credential& credential, const XMLCh* encryptionAlg); private: void checkParams(EncryptionParams& encParams, KeyEncryptionParams* kencParams);