From 245bc53f915de7af8785fc8c2e065c0a6851dda9 Mon Sep 17 00:00:00 2001 From: cantor Date: Fri, 20 Apr 2007 01:03:37 +0000 Subject: [PATCH] Extend encryption algorithm automation. git-svn-id: https://svn.middleware.georgetown.edu/cpp-xmltooling/trunk@281 de75baf8-a10c-0410-a50a-987c0e22f00f --- xmltooling/encryption/Encrypter.h | 10 ++-- xmltooling/encryption/impl/Encrypter.cpp | 28 ++++++++++- xmltooling/security/BasicX509Credential.h | 63 +---------------------- xmltooling/security/impl/BasicX509Credential.cpp | 64 ++++++++++++++++++++++++ 4 files changed, 96 insertions(+), 69 deletions(-) diff --git a/xmltooling/encryption/Encrypter.h b/xmltooling/encryption/Encrypter.h index c0f5463..efe658a 100644 --- a/xmltooling/encryption/Encrypter.h +++ b/xmltooling/encryption/Encrypter.h @@ -201,15 +201,11 @@ namespace xmlencryption { /** * Maps a data encryption algorithm to an appropriate key transport algorithm to use. * - * @param algorithm data encryption algorithm + * @param credential the key encryption key + * @param encryptionAlg data encryption algorithm * @return a key transport algorithm */ - static const XMLCh* getKeyTransportAlgorithm(const XMLCh* algorithm) { - if (xercesc::XMLString::equals(algorithm,DSIGConstants::s_unicodeStrURI3DES_CBC)) - return DSIGConstants::s_unicodeStrURIRSA_1_5; - else - return DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1; - } + static const XMLCh* getKeyTransportAlgorithm(const xmltooling::Credential& credential, const XMLCh* encryptionAlg); private: void checkParams(EncryptionParams& encParams, KeyEncryptionParams* kencParams); diff --git a/xmltooling/encryption/impl/Encrypter.cpp b/xmltooling/encryption/impl/Encrypter.cpp index b3dfb93..95d5da7 100644 --- a/xmltooling/encryption/impl/Encrypter.cpp +++ b/xmltooling/encryption/impl/Encrypter.cpp @@ -196,7 +196,7 @@ EncryptedData* Encrypter::decorateAndUnmarshall(EncryptionParams& encParams, Key if (!kek) throw EncryptionException("Credential in KeyEncryptionParams structure did not supply a public key."); if (!kencParams->m_algorithm) - kencParams->m_algorithm = getKeyTransportAlgorithm(encParams.m_algorithm); + kencParams->m_algorithm = getKeyTransportAlgorithm(kencParams->m_credential, encParams.m_algorithm); m_cipher->setKEK(kek->clone()); // ownership of this belongs to us, for some reason... @@ -279,3 +279,29 @@ EncryptedKey* Encrypter::encryptKey(const unsigned char* keyBuffer, unsigned int throw EncryptionException(string("XMLSecurity exception while encrypting: ") + e.getMsg()); } } + +const XMLCh* Encrypter::getKeyTransportAlgorithm(const Credential& credential, const XMLCh* encryptionAlg) +{ + const char* alg = credential.getAlgorithm(); + if (!alg || !strcmp(alg, "RSA")) { + if (XMLString::equals(encryptionAlg,DSIGConstants::s_unicodeStrURI3DES_CBC)) + return DSIGConstants::s_unicodeStrURIRSA_1_5; + else + return DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1; + } + else if (!strcmp(alg, "AES")) { + switch (credential.getKeySize()) { + case 128: + return DSIGConstants::s_unicodeStrURIKW_AES128; + case 192: + return DSIGConstants::s_unicodeStrURIKW_AES192; + case 256: + return DSIGConstants::s_unicodeStrURIKW_AES256; + } + } + else if (!strcmp(alg, "DESede")) { + return DSIGConstants::s_unicodeStrURIKW_3DES; + } + + return NULL; +} diff --git a/xmltooling/security/BasicX509Credential.h b/xmltooling/security/BasicX509Credential.h index b6accbe..c9ee377 100644 --- a/xmltooling/security/BasicX509Credential.h +++ b/xmltooling/security/BasicX509Credential.h @@ -79,67 +79,8 @@ namespace xmltooling { public: virtual ~BasicX509Credential(); - const char* getAlgorithm() const { - if (m_key) { - switch (m_key->getKeyType()) { - case XSECCryptoKey::KEY_RSA_PRIVATE: - case XSECCryptoKey::KEY_RSA_PUBLIC: - case XSECCryptoKey::KEY_RSA_PAIR: - return "RSA"; - - case XSECCryptoKey::KEY_DSA_PRIVATE: - case XSECCryptoKey::KEY_DSA_PUBLIC: - case XSECCryptoKey::KEY_DSA_PAIR: - return "DSA"; - - case XSECCryptoKey::KEY_HMAC: - return "HMAC"; - - case XSECCryptoKey::KEY_SYMMETRIC: { - XSECCryptoSymmetricKey* skey = static_cast(m_key); - switch (skey->getSymmetricKeyType()) { - case XSECCryptoSymmetricKey::KEY_3DES_192: - return "DESede"; - case XSECCryptoSymmetricKey::KEY_AES_128: - return "AES"; - case XSECCryptoSymmetricKey::KEY_AES_192: - return "AES"; - case XSECCryptoSymmetricKey::KEY_AES_256: - return "AES"; - } - } - } - } - return NULL; - } - - unsigned int getKeySize() const { - if (m_key) { - switch (m_key->getKeyType()) { - case XSECCryptoKey::KEY_RSA_PRIVATE: - case XSECCryptoKey::KEY_RSA_PUBLIC: - case XSECCryptoKey::KEY_RSA_PAIR: { - XSECCryptoKeyRSA* rkey = static_cast(m_key); - return rkey->getLength(); - } - - case XSECCryptoKey::KEY_SYMMETRIC: { - XSECCryptoSymmetricKey* skey = static_cast(m_key); - switch (skey->getSymmetricKeyType()) { - case XSECCryptoSymmetricKey::KEY_3DES_192: - return 192; - case XSECCryptoSymmetricKey::KEY_AES_128: - return 128; - case XSECCryptoSymmetricKey::KEY_AES_192: - return 192; - case XSECCryptoSymmetricKey::KEY_AES_256: - return 256; - } - } - } - } - return 0; - } + const char* getAlgorithm() const; + unsigned int getKeySize() const; XSECCryptoKey* getPrivateKey() const { if (m_key) { diff --git a/xmltooling/security/impl/BasicX509Credential.cpp b/xmltooling/security/impl/BasicX509Credential.cpp index 05b7a30..0550baa 100644 --- a/xmltooling/security/impl/BasicX509Credential.cpp +++ b/xmltooling/security/impl/BasicX509Credential.cpp @@ -110,3 +110,67 @@ void X509Credential::extractNames(XSECCryptoX509* x509, set& names) GENERAL_NAMES_free(altnames); } } + +const char* BasicX509Credential::getAlgorithm() const +{ + if (m_key) { + switch (m_key->getKeyType()) { + case XSECCryptoKey::KEY_RSA_PRIVATE: + case XSECCryptoKey::KEY_RSA_PUBLIC: + case XSECCryptoKey::KEY_RSA_PAIR: + return "RSA"; + + case XSECCryptoKey::KEY_DSA_PRIVATE: + case XSECCryptoKey::KEY_DSA_PUBLIC: + case XSECCryptoKey::KEY_DSA_PAIR: + return "DSA"; + + case XSECCryptoKey::KEY_HMAC: + return "HMAC"; + + case XSECCryptoKey::KEY_SYMMETRIC: { + XSECCryptoSymmetricKey* skey = static_cast(m_key); + switch (skey->getSymmetricKeyType()) { + case XSECCryptoSymmetricKey::KEY_3DES_192: + return "DESede"; + case XSECCryptoSymmetricKey::KEY_AES_128: + return "AES"; + case XSECCryptoSymmetricKey::KEY_AES_192: + return "AES"; + case XSECCryptoSymmetricKey::KEY_AES_256: + return "AES"; + } + } + } + } + return NULL; +} + +unsigned int BasicX509Credential::getKeySize() const +{ + if (m_key) { + switch (m_key->getKeyType()) { + case XSECCryptoKey::KEY_RSA_PRIVATE: + case XSECCryptoKey::KEY_RSA_PUBLIC: + case XSECCryptoKey::KEY_RSA_PAIR: { + XSECCryptoKeyRSA* rkey = static_cast(m_key); + return rkey->getLength(); + } + + case XSECCryptoKey::KEY_SYMMETRIC: { + XSECCryptoSymmetricKey* skey = static_cast(m_key); + switch (skey->getSymmetricKeyType()) { + case XSECCryptoSymmetricKey::KEY_3DES_192: + return 192; + case XSECCryptoSymmetricKey::KEY_AES_128: + return 128; + case XSECCryptoSymmetricKey::KEY_AES_192: + return 192; + case XSECCryptoSymmetricKey::KEY_AES_256: + return 256; + } + } + } + } + return 0; +} -- 2.1.4