Wrapper API for XML Decryption functionality.
More...
#include <xmltooling/encryption/Decrypter.h>
|
| Decrypter (const xmltooling::CredentialResolver *credResolver=0, xmltooling::CredentialCriteria *criteria=0, const EncryptedKeyResolver *EKResolver=0, bool requireAuthenticatedCipher=false) |
| Constructor. More...
|
|
void | setEncryptedKeyResolver (const EncryptedKeyResolver *EKResolver) |
| Replace the current EncryptedKeyResolver interface, if any, with a new one. More...
|
|
void | setKEKResolver (const xmltooling::CredentialResolver *resolver, xmltooling::CredentialCriteria *criteria) |
| Replace the current CredentialResolver interface, if any, with a new one. More...
|
|
xercesc::DOMDocumentFragment * | decryptData (const EncryptedData &encryptedData, XSECCryptoKey *key) |
| Decrypts the supplied information using the supplied key, and returns the resulting as a DOM fragment owned by the document associated with the marshalled EncryptedData object. More...
|
|
xercesc::DOMDocumentFragment * | decryptData (const EncryptedData &encryptedData, const XMLCh *recipient=0) |
| Decrypts the supplied information and returns the resulting as a DOM fragment owned by the document associated with the marshalled EncryptedData object. More...
|
|
void | decryptData (std::ostream &out, const EncryptedData &encryptedData, XSECCryptoKey *key) |
| Decrypts the supplied information to an output stream. More...
|
|
void | decryptData (std::ostream &out, const EncryptedData &encryptedData, const XMLCh *recipient=0) |
| Decrypts the supplied information to an output stream. More...
|
|
XSECCryptoKey * | decryptKey (const EncryptedKey &encryptedKey, const XMLCh *algorithm) |
| Decrypts the supplied information and returns the resulting key. More...
|
|
Wrapper API for XML Decryption functionality.
◆ Decrypter()
Constructor.
The final boolean parameter is used to enforce a requirement for an authenticated cipher suite such as AES-GCM or similar. These ciphers include an HMAC or equivalent step that prevents tampering. Newer applications should set this parameter to true unless the ciphertext has been independently authenticated, and even in such a case, it is rarely possible to prevent chosen ciphertext attacks by trusted signers.
- Parameters
-
credResolver | locked credential resolver to supply decryption keys |
criteria | optional external criteria to use with resolver |
EKResolver | locates an EncryptedKey pertaining to the EncryptedData |
requireAuthenticatedCipher | true iff the bulk data encryption algorithm must be an authenticated cipher |
◆ decryptData() [1/4]
xercesc::DOMDocumentFragment* xmlencryption::Decrypter::decryptData |
( |
const EncryptedData & |
encryptedData, |
|
|
XSECCryptoKey * |
key |
|
) |
| |
Decrypts the supplied information using the supplied key, and returns the resulting as a DOM fragment owned by the document associated with the marshalled EncryptedData object.
Note that the DOM nodes will be invalidated once that document is released. The caller should therefore process the DOM fragment as required and drop all references to it before that happens. The usual approach should be to unmarshall the DOM and then release it, or the DOM can also be imported into a separately owned document.
- Parameters
-
encryptedData | the data to decrypt |
key | the decryption key to use (it will not be freed internally) |
- Returns
- the decrypted DOM fragment
◆ decryptData() [2/4]
xercesc::DOMDocumentFragment* xmlencryption::Decrypter::decryptData |
( |
const EncryptedData & |
encryptedData, |
|
|
const XMLCh * |
recipient = 0 |
|
) |
| |
Decrypts the supplied information and returns the resulting as a DOM fragment owned by the document associated with the marshalled EncryptedData object.
Note that the DOM nodes will be invalidated once that document is released. The caller should therefore process the DOM fragment as required and drop all references to it before that happens. The usual approach should be to unmarshall the DOM and then release it, or the DOM can also be imported into a separately owned document.
- Parameters
-
encryptedData | the data to decrypt |
recipient | identifier of decrypting entity for use in identifying multi-cast keys |
- Returns
- the decrypted DOM fragment
◆ decryptData() [3/4]
void xmlencryption::Decrypter::decryptData |
( |
std::ostream & |
out, |
|
|
const EncryptedData & |
encryptedData, |
|
|
XSECCryptoKey * |
key |
|
) |
| |
Decrypts the supplied information to an output stream.
- Parameters
-
out | output stream to receive the decrypted data |
encryptedData | the data to decrypt |
key | the decryption key to use (it will not be freed internally) |
◆ decryptData() [4/4]
void xmlencryption::Decrypter::decryptData |
( |
std::ostream & |
out, |
|
|
const EncryptedData & |
encryptedData, |
|
|
const XMLCh * |
recipient = 0 |
|
) |
| |
Decrypts the supplied information to an output stream.
- Parameters
-
out | output stream to receive the decrypted data |
encryptedData | the data to decrypt |
recipient | identifier of decrypting entity for use in identifying multi-cast keys |
◆ decryptKey()
XSECCryptoKey* xmlencryption::Decrypter::decryptKey |
( |
const EncryptedKey & |
encryptedKey, |
|
|
const XMLCh * |
algorithm |
|
) |
| |
Decrypts the supplied information and returns the resulting key.
The caller is responsible for deleting the key. The algorithm of the key must be supplied by the caller based on knowledge of the associated EncryptedData information.
- Parameters
-
encryptedKey | the encrypted/wrapped key to decrypt |
algorithm | the algorithm associated with the decrypted key |
- Returns
- the decrypted key
◆ setEncryptedKeyResolver()
◆ setKEKResolver()
Replace the current CredentialResolver interface, if any, with a new one.
- Parameters
-
resolver | the locked CredentialResolver to attach, or nullptr to clear |
criteria | optional external criteria to use with resolver |
The documentation for this class was generated from the following file: