/**
* Maps a data encryption algorithm to an appropriate key transport algorithm to use.
*
- * @param algorithm data encryption algorithm
+ * @param credential the key encryption key
+ * @param encryptionAlg data encryption algorithm
* @return a key transport algorithm
*/
- static const XMLCh* getKeyTransportAlgorithm(const XMLCh* algorithm) {
- if (xercesc::XMLString::equals(algorithm,DSIGConstants::s_unicodeStrURI3DES_CBC))
- return DSIGConstants::s_unicodeStrURIRSA_1_5;
- else
- return DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1;
- }
+ static const XMLCh* getKeyTransportAlgorithm(const xmltooling::Credential& credential, const XMLCh* encryptionAlg);
private:
void checkParams(EncryptionParams& encParams, KeyEncryptionParams* kencParams);
if (!kek)
throw EncryptionException("Credential in KeyEncryptionParams structure did not supply a public key.");
if (!kencParams->m_algorithm)
- kencParams->m_algorithm = getKeyTransportAlgorithm(encParams.m_algorithm);
+ kencParams->m_algorithm = getKeyTransportAlgorithm(kencParams->m_credential, encParams.m_algorithm);
m_cipher->setKEK(kek->clone());
// ownership of this belongs to us, for some reason...
throw EncryptionException(string("XMLSecurity exception while encrypting: ") + e.getMsg());
}
}
+
+const XMLCh* Encrypter::getKeyTransportAlgorithm(const Credential& credential, const XMLCh* encryptionAlg)
+{
+ const char* alg = credential.getAlgorithm();
+ if (!alg || !strcmp(alg, "RSA")) {
+ if (XMLString::equals(encryptionAlg,DSIGConstants::s_unicodeStrURI3DES_CBC))
+ return DSIGConstants::s_unicodeStrURIRSA_1_5;
+ else
+ return DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1;
+ }
+ else if (!strcmp(alg, "AES")) {
+ switch (credential.getKeySize()) {
+ case 128:
+ return DSIGConstants::s_unicodeStrURIKW_AES128;
+ case 192:
+ return DSIGConstants::s_unicodeStrURIKW_AES192;
+ case 256:
+ return DSIGConstants::s_unicodeStrURIKW_AES256;
+ }
+ }
+ else if (!strcmp(alg, "DESede")) {
+ return DSIGConstants::s_unicodeStrURIKW_3DES;
+ }
+
+ return NULL;
+}
public:
virtual ~BasicX509Credential();
- const char* getAlgorithm() const {
- if (m_key) {
- switch (m_key->getKeyType()) {
- case XSECCryptoKey::KEY_RSA_PRIVATE:
- case XSECCryptoKey::KEY_RSA_PUBLIC:
- case XSECCryptoKey::KEY_RSA_PAIR:
- return "RSA";
-
- case XSECCryptoKey::KEY_DSA_PRIVATE:
- case XSECCryptoKey::KEY_DSA_PUBLIC:
- case XSECCryptoKey::KEY_DSA_PAIR:
- return "DSA";
-
- case XSECCryptoKey::KEY_HMAC:
- return "HMAC";
-
- case XSECCryptoKey::KEY_SYMMETRIC: {
- XSECCryptoSymmetricKey* skey = static_cast<XSECCryptoSymmetricKey*>(m_key);
- switch (skey->getSymmetricKeyType()) {
- case XSECCryptoSymmetricKey::KEY_3DES_192:
- return "DESede";
- case XSECCryptoSymmetricKey::KEY_AES_128:
- return "AES";
- case XSECCryptoSymmetricKey::KEY_AES_192:
- return "AES";
- case XSECCryptoSymmetricKey::KEY_AES_256:
- return "AES";
- }
- }
- }
- }
- return NULL;
- }
-
- unsigned int getKeySize() const {
- if (m_key) {
- switch (m_key->getKeyType()) {
- case XSECCryptoKey::KEY_RSA_PRIVATE:
- case XSECCryptoKey::KEY_RSA_PUBLIC:
- case XSECCryptoKey::KEY_RSA_PAIR: {
- XSECCryptoKeyRSA* rkey = static_cast<XSECCryptoKeyRSA*>(m_key);
- return rkey->getLength();
- }
-
- case XSECCryptoKey::KEY_SYMMETRIC: {
- XSECCryptoSymmetricKey* skey = static_cast<XSECCryptoSymmetricKey*>(m_key);
- switch (skey->getSymmetricKeyType()) {
- case XSECCryptoSymmetricKey::KEY_3DES_192:
- return 192;
- case XSECCryptoSymmetricKey::KEY_AES_128:
- return 128;
- case XSECCryptoSymmetricKey::KEY_AES_192:
- return 192;
- case XSECCryptoSymmetricKey::KEY_AES_256:
- return 256;
- }
- }
- }
- }
- return 0;
- }
+ const char* getAlgorithm() const;
+ unsigned int getKeySize() const;
XSECCryptoKey* getPrivateKey() const {
if (m_key) {
GENERAL_NAMES_free(altnames);
}
}
+
+const char* BasicX509Credential::getAlgorithm() const
+{
+ if (m_key) {
+ switch (m_key->getKeyType()) {
+ case XSECCryptoKey::KEY_RSA_PRIVATE:
+ case XSECCryptoKey::KEY_RSA_PUBLIC:
+ case XSECCryptoKey::KEY_RSA_PAIR:
+ return "RSA";
+
+ case XSECCryptoKey::KEY_DSA_PRIVATE:
+ case XSECCryptoKey::KEY_DSA_PUBLIC:
+ case XSECCryptoKey::KEY_DSA_PAIR:
+ return "DSA";
+
+ case XSECCryptoKey::KEY_HMAC:
+ return "HMAC";
+
+ case XSECCryptoKey::KEY_SYMMETRIC: {
+ XSECCryptoSymmetricKey* skey = static_cast<XSECCryptoSymmetricKey*>(m_key);
+ switch (skey->getSymmetricKeyType()) {
+ case XSECCryptoSymmetricKey::KEY_3DES_192:
+ return "DESede";
+ case XSECCryptoSymmetricKey::KEY_AES_128:
+ return "AES";
+ case XSECCryptoSymmetricKey::KEY_AES_192:
+ return "AES";
+ case XSECCryptoSymmetricKey::KEY_AES_256:
+ return "AES";
+ }
+ }
+ }
+ }
+ return NULL;
+}
+
+unsigned int BasicX509Credential::getKeySize() const
+{
+ if (m_key) {
+ switch (m_key->getKeyType()) {
+ case XSECCryptoKey::KEY_RSA_PRIVATE:
+ case XSECCryptoKey::KEY_RSA_PUBLIC:
+ case XSECCryptoKey::KEY_RSA_PAIR: {
+ XSECCryptoKeyRSA* rkey = static_cast<XSECCryptoKeyRSA*>(m_key);
+ return rkey->getLength();
+ }
+
+ case XSECCryptoKey::KEY_SYMMETRIC: {
+ XSECCryptoSymmetricKey* skey = static_cast<XSECCryptoSymmetricKey*>(m_key);
+ switch (skey->getSymmetricKeyType()) {
+ case XSECCryptoSymmetricKey::KEY_3DES_192:
+ return 192;
+ case XSECCryptoSymmetricKey::KEY_AES_128:
+ return 128;
+ case XSECCryptoSymmetricKey::KEY_AES_192:
+ return 192;
+ case XSECCryptoSymmetricKey::KEY_AES_256:
+ return 256;
+ }
+ }
+ }
+ }
+ return 0;
+}