Simplify turning creds into KeyInfo for shared objects.
Add a function to derive key transport from data encryption algorithm.
* Summing up, if KeyEncryptionParams are used, a raw key must be available or the
* key can be generated when the encryption algorithm itself is a standard one. If
* no KeyEncryptionParams are supplied, then the key must be supplied either in raw
- * or object form.
+ * or object form.
+ *
+ * Finally, when encrypting data, the key transport algorithm can be left blank to
+ * derive it from the data encryption algorithm.
*/
class XMLTOOL_API Encrypter
{
* Constructor.
*
* @param credential a Credential supplying the key encryption key
- * @param algorithm the XML Encryption key wrapping or transport algorithm constant
+ * @param algorithm XML Encryption key wrapping or transport algorithm constant
* @param recipient optional name of recipient of encrypted key
*/
KeyEncryptionParams(
const xmltooling::Credential& credential,
- const XMLCh* algorithm,
+ const XMLCh* algorithm=NULL,
const XMLCh* recipient=NULL
) : m_credential(credential), m_algorithm(algorithm), m_recipient(recipient) {
}
const unsigned char* keyBuffer, unsigned int keyBufferSize, KeyEncryptionParams& kencParams, bool compact=false
);
+ /**
+ * Maps a data encryption algorithm to an appropriate key transport algorithm to use.
+ *
+ * @param algorithm data encryption algorithm
+ * @return a key transport algorithm
+ */
+ static const XMLCh* getKeyTransportAlgorithm(const XMLCh* algorithm) {
+ if (xercesc::XMLString::equals(algorithm,DSIGConstants::s_unicodeStrURI3DES_CBC))
+ return DSIGConstants::s_unicodeStrURIRSA_1_5;
+ else
+ return DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1;
+ }
+
private:
void checkParams(EncryptionParams& encParams, KeyEncryptionParams* kencParams);
EncryptedData* decorateAndUnmarshall(EncryptionParams& encParams, KeyEncryptionParams* kencParams);
xmlEncData->releaseThisAndChildrenDOM();
// KeyInfo?
- const KeyInfo* kinfo = encParams.m_credential ? encParams.m_credential->getKeyInfo(encParams.m_compact) : NULL;
+ KeyInfo* kinfo = encParams.m_credential ? encParams.m_credential->getKeyInfo(encParams.m_compact) : NULL;
if (kinfo)
- xmlEncData->setKeyInfo(kinfo->cloneKeyInfo());
+ xmlEncData->setKeyInfo(kinfo);
// Are we doing a key encryption?
if (kencParams) {
XSECCryptoKey* kek = kencParams->m_credential.getPublicKey();
if (!kek)
throw EncryptionException("Credential in KeyEncryptionParams structure did not supply a public key.");
+ if (!kencParams->m_algorithm)
+ kencParams->m_algorithm = getKeyTransportAlgorithm(encParams.m_algorithm);
m_cipher->setKEK(kek->clone());
// ownership of this belongs to us, for some reason...
// KeyInfo?
kinfo = kencParams->m_credential.getKeyInfo(encParams.m_compact);
if (kinfo)
- xmlEncKey->setKeyInfo(kinfo->cloneKeyInfo());
+ xmlEncKey->setKeyInfo(kinfo);
// Add the EncryptedKey inline.
if (!xmlEncData->getKeyInfo())
xmlEncKey->setRecipient(kencParams.m_recipient);
// KeyInfo?
- const KeyInfo* kinfo = kencParams.m_credential.getKeyInfo(compact);
+ KeyInfo* kinfo = kencParams.m_credential.getKeyInfo(compact);
if (kinfo)
- xmlEncKey->setKeyInfo(kinfo->cloneKeyInfo());
+ xmlEncKey->setKeyInfo(kinfo);
xmlObjectKey.release();
return xmlEncKey;
#define __xmltooling_basicx509cred_h__
#include <xmltooling/security/X509Credential.h>
+#include <xmltooling/signature/KeyInfo.h>
#include <algorithm>
-namespace xmlsignature {
- class XMLTOOL_API KeyInfo;
-};
-
namespace xmltooling {
/**
return m_keyNames;
}
- const xmlsignature::KeyInfo* getKeyInfo(bool compact=false) const {
- return compact ? m_compactKeyInfo : (m_keyInfo ? m_keyInfo : m_compactKeyInfo);
+ xmlsignature::KeyInfo* getKeyInfo(bool compact=false) const {
+ if (compact || !m_keyInfo)
+ return m_compactKeyInfo ? m_compactKeyInfo->cloneKeyInfo() : NULL;
+ return m_keyInfo->cloneKeyInfo();
}
const std::vector<XSECCryptoX509*>& getEntityCertificateChain() const {
* communicating with other entities.
*
* @param compact true iff the communication medium is such that only compact forms should be included
- * @return reference to a KeyInfo object
+ * @return a KeyInfo object, which must be freed by the caller
*/
- virtual const xmlsignature::KeyInfo* getKeyInfo(bool compact=false) const=0;
+ virtual xmlsignature::KeyInfo* getKeyInfo(bool compact=false) const=0;
/**
* Get the credential context information, which provides additional information
return NULL;
}
- const KeyInfo* getKeyInfo(bool compact=false) const {
- return m_credctx->getKeyInfo();
+ KeyInfo* getKeyInfo(bool compact=false) const {
+ KeyInfo* ret = m_credctx->getKeyInfo() ? m_credctx->getKeyInfo()->cloneKeyInfo() : NULL;
+ if (ret && compact) {
+ ret->getKeyValues().clear();
+ ret->getSPKIDatas().clear();
+ ret->getPGPDatas().clear();
+ ret->getUnknownXMLObjects().clear();
+ const vector<X509Data*> x509Datas=const_cast<const KeyInfo*>(ret)->getX509Datas();
+ for (vector<X509Data*>::const_iterator x=x509Datas.begin(); x!=x509Datas.end(); ++x) {
+ (*x)->getX509Certificates().clear();
+ (*x)->getX509CRLs().clear();
+ (*x)->getUnknownXMLObjects().clear();
+ }
+ }
+ return ret;
}
const CredentialContext* getCredentialContext() const {
if (credential) {
delete m_keyInfo;
m_keyInfo = NULL;
- const KeyInfo* fromcred = credential->getKeyInfo();
- if (fromcred)
- m_keyInfo = fromcred->cloneKeyInfo();
+ m_keyInfo = credential->getKeyInfo();
}
if (m_keyInfo && (!m_signature->getKeyInfoList() || m_signature->getKeyInfoList()->isEmpty())) {
m_keyInfo->marshall(cachedDOM);
if (credential) {
delete m_keyInfo;
m_keyInfo = NULL;
- const KeyInfo* fromcred = credential->getKeyInfo();
- if (fromcred)
- m_keyInfo = fromcred->cloneKeyInfo();
+ m_keyInfo = credential->getKeyInfo();
}
if (m_keyInfo && (!m_signature->getKeyInfoList() || m_signature->getKeyInfoList()->isEmpty())) {
m_keyInfo->marshall(cachedDOM);
m_resolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(
FILESYSTEM_CREDENTIAL_RESOLVER,doc->getDocumentElement()
);
+ XMLObjectBuilder::registerDefaultBuilder(new UnknownElementBuilder());
}
void tearDown() {
+ XMLObjectBuilder::deregisterDefaultBuilder();
delete m_resolver;
}
Encrypter encrypter;
Encrypter::EncryptionParams ep;
- Encrypter::KeyEncryptionParams kep(*cred,DSIGConstants::s_unicodeStrURIRSA_1_5);
+ Encrypter::KeyEncryptionParams kep(*cred);
auto_ptr<EncryptedData> encData(encrypter.encryptElement(doc->getDocumentElement(),ep,&kep));
string buf;