Extend encryption algorithm automation.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-xmltooling/trunk@281 de75baf8-a10c-0410-a50a-987c0e22f00f

diff --git a/xmltooling/encryption/Encrypter.h b/xmltooling/encryption/Encrypter.h
index c0f5463..efe658a 100644 (file)
--- a/xmltooling/encryption/Encrypter.h
+++ b/xmltooling/encryption/Encrypter.h
@@ -201,15 +201,11 @@ namespace xmlencryption {
         /**
          * Maps a data encryption algorithm to an appropriate key transport algorithm to use.
          * 
-         * @param algorithm data encryption algorithm
+         * @param credential    the key encryption key
+         * @param encryptionAlg data encryption algorithm
          * @return a key transport algorithm
          */
-        static const XMLCh* getKeyTransportAlgorithm(const XMLCh* algorithm) {
-            if (xercesc::XMLString::equals(algorithm,DSIGConstants::s_unicodeStrURI3DES_CBC))
-                return DSIGConstants::s_unicodeStrURIRSA_1_5;
-            else
-                return DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1;
-        }
+        static const XMLCh* getKeyTransportAlgorithm(const xmltooling::Credential& credential, const XMLCh* encryptionAlg);
         
     private:
         void checkParams(EncryptionParams& encParams, KeyEncryptionParams* kencParams);

diff --git a/xmltooling/encryption/impl/Encrypter.cpp b/xmltooling/encryption/impl/Encrypter.cpp
index b3dfb93..95d5da7 100644 (file)
--- a/xmltooling/encryption/impl/Encrypter.cpp
+++ b/xmltooling/encryption/impl/Encrypter.cpp
@@ -196,7 +196,7 @@ EncryptedData* Encrypter::decorateAndUnmarshall(EncryptionParams& encParams, Key
         if (!kek)
             throw EncryptionException("Credential in KeyEncryptionParams structure did not supply a public key.");
         if (!kencParams->m_algorithm)
-            kencParams->m_algorithm = getKeyTransportAlgorithm(encParams.m_algorithm);
+            kencParams->m_algorithm = getKeyTransportAlgorithm(kencParams->m_credential, encParams.m_algorithm);
 
         m_cipher->setKEK(kek->clone());
         // ownership of this belongs to us, for some reason...
@@ -279,3 +279,29 @@ EncryptedKey* Encrypter::encryptKey(const unsigned char* keyBuffer, unsigned int
         throw EncryptionException(string("XMLSecurity exception while encrypting: ") + e.getMsg());
     }
 }
+
+const XMLCh* Encrypter::getKeyTransportAlgorithm(const Credential& credential, const XMLCh* encryptionAlg)
+{
+    const char* alg = credential.getAlgorithm();
+    if (!alg || !strcmp(alg, "RSA")) {
+        if (XMLString::equals(encryptionAlg,DSIGConstants::s_unicodeStrURI3DES_CBC))
+            return DSIGConstants::s_unicodeStrURIRSA_1_5;
+        else
+            return DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1;
+    }
+    else if (!strcmp(alg, "AES")) {
+        switch (credential.getKeySize()) {
+            case 128:
+                return DSIGConstants::s_unicodeStrURIKW_AES128;
+            case 192:
+                return DSIGConstants::s_unicodeStrURIKW_AES192;
+            case 256:
+                return DSIGConstants::s_unicodeStrURIKW_AES256;
+        }
+    }
+    else if (!strcmp(alg, "DESede")) {
+        return DSIGConstants::s_unicodeStrURIKW_3DES;
+    }
+
+    return NULL;
+}

diff --git a/xmltooling/security/BasicX509Credential.h b/xmltooling/security/BasicX509Credential.h
index b6accbe..c9ee377 100644 (file)
--- a/xmltooling/security/BasicX509Credential.h
+++ b/xmltooling/security/BasicX509Credential.h
@@ -79,67 +79,8 @@ namespace xmltooling {
     public:
         virtual ~BasicX509Credential();
         
-        const char* getAlgorithm() const {
-            if (m_key) {
-                switch (m_key->getKeyType()) {
-                    case XSECCryptoKey::KEY_RSA_PRIVATE:
-                    case XSECCryptoKey::KEY_RSA_PUBLIC:
-                    case XSECCryptoKey::KEY_RSA_PAIR:
-                        return "RSA";
-
-                    case XSECCryptoKey::KEY_DSA_PRIVATE:
-                    case XSECCryptoKey::KEY_DSA_PUBLIC:
-                    case XSECCryptoKey::KEY_DSA_PAIR:
-                        return "DSA";
-                    
-                    case XSECCryptoKey::KEY_HMAC:
-                        return "HMAC";
-
-                    case XSECCryptoKey::KEY_SYMMETRIC: {
-                        XSECCryptoSymmetricKey* skey = static_cast<XSECCryptoSymmetricKey*>(m_key);
-                        switch (skey->getSymmetricKeyType()) {
-                            case XSECCryptoSymmetricKey::KEY_3DES_192:
-                                return "DESede";
-                            case XSECCryptoSymmetricKey::KEY_AES_128:
-                                return "AES";
-                            case XSECCryptoSymmetricKey::KEY_AES_192:
-                                return "AES";
-                            case XSECCryptoSymmetricKey::KEY_AES_256:
-                                return "AES";
-                        }
-                    }
-                }
-            }
-            return NULL;
-        }
-
-        unsigned int getKeySize() const {
-            if (m_key) {
-                switch (m_key->getKeyType()) {
-                    case XSECCryptoKey::KEY_RSA_PRIVATE:
-                    case XSECCryptoKey::KEY_RSA_PUBLIC:
-                    case XSECCryptoKey::KEY_RSA_PAIR: {
-                        XSECCryptoKeyRSA* rkey = static_cast<XSECCryptoKeyRSA*>(m_key);
-                        return rkey->getLength();
-                    }
-
-                    case XSECCryptoKey::KEY_SYMMETRIC: {
-                        XSECCryptoSymmetricKey* skey = static_cast<XSECCryptoSymmetricKey*>(m_key);
-                        switch (skey->getSymmetricKeyType()) {
-                            case XSECCryptoSymmetricKey::KEY_3DES_192:
-                                return 192;
-                            case XSECCryptoSymmetricKey::KEY_AES_128:
-                                return 128;
-                            case XSECCryptoSymmetricKey::KEY_AES_192:
-                                return 192;
-                            case XSECCryptoSymmetricKey::KEY_AES_256:
-                                return 256;
-                        }
-                    }
-                }
-            }
-            return 0;
-        }
+        const char* getAlgorithm() const;
+        unsigned int getKeySize() const;
 
         XSECCryptoKey* getPrivateKey() const {
             if (m_key) {

diff --git a/xmltooling/security/impl/BasicX509Credential.cpp b/xmltooling/security/impl/BasicX509Credential.cpp
index 05b7a30..0550baa 100644 (file)
--- a/xmltooling/security/impl/BasicX509Credential.cpp
+++ b/xmltooling/security/impl/BasicX509Credential.cpp
@@ -110,3 +110,67 @@ void X509Credential::extractNames(XSECCryptoX509* x509, set<string>& names)
         GENERAL_NAMES_free(altnames);
     }
 }
+
+const char* BasicX509Credential::getAlgorithm() const
+{
+    if (m_key) {
+        switch (m_key->getKeyType()) {
+            case XSECCryptoKey::KEY_RSA_PRIVATE:
+            case XSECCryptoKey::KEY_RSA_PUBLIC:
+            case XSECCryptoKey::KEY_RSA_PAIR:
+                return "RSA";
+
+            case XSECCryptoKey::KEY_DSA_PRIVATE:
+            case XSECCryptoKey::KEY_DSA_PUBLIC:
+            case XSECCryptoKey::KEY_DSA_PAIR:
+                return "DSA";
+            
+            case XSECCryptoKey::KEY_HMAC:
+                return "HMAC";
+
+            case XSECCryptoKey::KEY_SYMMETRIC: {
+                XSECCryptoSymmetricKey* skey = static_cast<XSECCryptoSymmetricKey*>(m_key);
+                switch (skey->getSymmetricKeyType()) {
+                    case XSECCryptoSymmetricKey::KEY_3DES_192:
+                        return "DESede";
+                    case XSECCryptoSymmetricKey::KEY_AES_128:
+                        return "AES";
+                    case XSECCryptoSymmetricKey::KEY_AES_192:
+                        return "AES";
+                    case XSECCryptoSymmetricKey::KEY_AES_256:
+                        return "AES";
+                }
+            }
+        }
+    }
+    return NULL;
+}
+
+unsigned int BasicX509Credential::getKeySize() const
+{
+    if (m_key) {
+        switch (m_key->getKeyType()) {
+            case XSECCryptoKey::KEY_RSA_PRIVATE:
+            case XSECCryptoKey::KEY_RSA_PUBLIC:
+            case XSECCryptoKey::KEY_RSA_PAIR: {
+                XSECCryptoKeyRSA* rkey = static_cast<XSECCryptoKeyRSA*>(m_key);
+                return rkey->getLength();
+            }
+
+            case XSECCryptoKey::KEY_SYMMETRIC: {
+                XSECCryptoSymmetricKey* skey = static_cast<XSECCryptoSymmetricKey*>(m_key);
+                switch (skey->getSymmetricKeyType()) {
+                    case XSECCryptoSymmetricKey::KEY_3DES_192:
+                        return 192;
+                    case XSECCryptoSymmetricKey::KEY_AES_128:
+                        return 128;
+                    case XSECCryptoSymmetricKey::KEY_AES_192:
+                        return 192;
+                    case XSECCryptoSymmetricKey::KEY_AES_256:
+                        return 256;
+                }
+            }
+        }
+    }
+    return 0;
+}