Class XMLCipher
- java.lang.Object
-
- org.apache.xml.security.encryption.XMLCipher
-
public class XMLCipher extends java.lang.Object
XMLCipher
encrypts and decrypts the contents ofDocument
s,Element
s andElement
contents. It was designed to resemblejavax.crypto.Cipher
in order to facilitate understanding of its functioning.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private class
XMLCipher.Factory
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
AES_128
AES 128 Cipherstatic java.lang.String
AES_128_GCM
AES 128 GCM Cipherstatic java.lang.String
AES_128_KeyWrap
AES 128 Cipher KeyWrapstatic java.lang.String
AES_192
AES 192 Cipherstatic java.lang.String
AES_192_GCM
AES 192 GCM Cipherstatic java.lang.String
AES_192_KeyWrap
AES 192 Cipher KeyWrapstatic java.lang.String
AES_256
AES 256 Cipherstatic java.lang.String
AES_256_GCM
AES 256 GCM Cipherstatic java.lang.String
AES_256_KeyWrap
AES 256 Cipher KeyWrapprivate java.lang.String
algorithm
URI of algorithm that is being used for cryptographic operationstatic java.lang.String
BASE64_ENCODING
Base64 encodingstatic java.lang.String
CAMELLIA_128
CAMELLIA 128 Cipherstatic java.lang.String
CAMELLIA_128_KeyWrap
CAMELLIA 128 Cipher KeyWrapstatic java.lang.String
CAMELLIA_192
CAMELLIA 192 Cipherstatic java.lang.String
CAMELLIA_192_KeyWrap
CAMELLIA 192 Cipher KeyWrapstatic java.lang.String
CAMELLIA_256
CAMELLIA 256 Cipherstatic java.lang.String
CAMELLIA_256_KeyWrap
CAMELLIA 256 Cipher KeyWrapprivate Canonicalizer
canon
Holds c14n to serialize, if initialized then _always_ use this c14n to serializeprivate int
cipherMode
Mode that the XMLCipher object is operating inprivate javax.crypto.Cipher
contextCipher
Cipher created during initialisation that is used for encryptionprivate org.w3c.dom.Document
contextDocument
Used for creation of DOM nodes in WRAP and ENCRYPT modesstatic int
DECRYPT_MODE
DECRYPT Modestatic java.lang.String
DIFFIE_HELLMAN
DIFFIE_HELLMAN Cipherprivate java.lang.String
digestAlg
private EncryptedData
ed
private EncryptedKey
ek
private static java.lang.String
ENC_ALGORITHMS
static int
ENCRYPT_MODE
ENCRYPT Modestatic java.lang.String
EXCL_XML_N14C
N14C_XML exclusivestatic java.lang.String
EXCL_XML_N14C_WITH_COMMENTS
N14C_XML exclusive with commentsprivate XMLCipher.Factory
factory
Instance of factory used to create XML Encryption objectsprivate static boolean
HAVE_FUNCTIONAL_IDENTITY_TRANSFORMER
private java.util.List<KeyResolverSpi>
internalKeyResolvers
List of internal KeyResolvers for DECRYPT and UNWRAP modes.private java.security.Key
kek
Local copy of the kek (used to decrypt EncryptedKeys during a DECRYPT_MODE operationprivate java.security.Key
key
Local copy of user's keyprivate static org.slf4j.Logger
LOG
static java.lang.String
N14C_XML
N14C_XMLstatic java.lang.String
N14C_XML_WITH_COMMENTS
N14C_XML with commentsstatic java.lang.String
PHYSICAL_XML_N14C
N14C_PHYSICAL preserve the physical representationprivate java.lang.String
requestedJCEProvider
Cryptographic provider requested by callerstatic java.lang.String
RIPEMD_160
RIPEMD Cipherstatic java.lang.String
RSA_OAEP
RSA OAEP Cipherstatic java.lang.String
RSA_OAEP_11
RSA OAEP Cipherstatic java.lang.String
RSA_v1dot5
RSA 1.5 Cipherprivate boolean
secureValidation
static java.lang.String
SEED_128
SEED 128 Cipherstatic java.lang.String
SEED_128_KeyWrap
SEED 128 Cipher KeyWrapprivate Serializer
serializer
Serializer class for going to/from UTF-8static java.lang.String
SHA1
SHA1 Cipherstatic java.lang.String
SHA256
SHA256 Cipherstatic java.lang.String
SHA512
SHA512 Cipherstatic java.lang.String
TRIPLEDES
Triple DES EDE (192 bit key) in CBC modestatic java.lang.String
TRIPLEDES_KeyWrap
Triple DES EDE (192 bit key) in CBC mode KEYWRAPstatic int
UNWRAP_MODE
UNWRAP Modestatic int
WRAP_MODE
WRAP Modestatic java.lang.String
XML_DSIG
XML Signature NS
-
Constructor Summary
Constructors Modifier Constructor Description private
XMLCipher(java.lang.String transformation, java.lang.String provider, java.lang.String canonAlg, java.lang.String digestMethod)
Creates a newXMLCipher
.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description private java.security.spec.AlgorithmParameterSpec
constructBlockCipherParameters(java.lang.String algorithm, byte[] iv)
Build anAlgorithmParameterSpec
instance used to initialize aCipher
instance for block cipher encryption and decryption.private javax.crypto.Cipher
constructCipher(java.lang.String algorithm, java.lang.String digestAlgorithm)
Construct a Cipher objectprivate javax.crypto.Cipher
constructCipher(java.lang.String algorithm, java.lang.String digestAlgorithm, java.lang.Exception nsae)
private javax.crypto.spec.OAEPParameterSpec
constructOAEPParameters(java.lang.String encryptionAlgorithm, java.lang.String digestAlgorithm, java.lang.String mgfAlgorithm, byte[] oaepParams)
Construct an OAEPParameterSpec object from the given parametersAgreementMethod
createAgreementMethod(java.lang.String algorithm)
Create an AgreementMethod objectCipherData
createCipherData(int type)
Create a CipherData objectCipherReference
createCipherReference(java.lang.String uri)
Create a CipherReference objectCipherValue
createCipherValue(java.lang.String value)
Create a CipherValue elementEncryptedData
createEncryptedData(int type, java.lang.String value)
Creates anEncryptedData
Element
.EncryptedKey
createEncryptedKey(int type, java.lang.String value)
Creates anEncryptedKey
Element
.EncryptionMethod
createEncryptionMethod(java.lang.String algorithm)
Create an EncryptionMethod objectEncryptionProperties
createEncryptionProperties()
Create an EncryptionProperties elementEncryptionProperty
createEncryptionProperty()
Create a new EncryptionProperty elementReferenceList
createReferenceList(int type)
Create a new ReferenceList objectTransforms
createTransforms()
Create a new Transforms objectTransforms
createTransforms(org.w3c.dom.Document doc)
Create a new Transforms object Because the handling of Transforms is currently done in the signature code, the creation of a Transforms object requires a context document.private org.w3c.dom.Document
decryptElement(org.w3c.dom.Element element)
DecryptsEncryptedData
in a single-part operation.private org.w3c.dom.Document
decryptElementContent(org.w3c.dom.Element element)
java.security.Key
decryptKey(EncryptedKey encryptedKey)
Decrypt a key from a passed in EncryptedKey structure.java.security.Key
decryptKey(EncryptedKey encryptedKey, java.lang.String algorithm)
Decrypt a key from a passed in EncryptedKey structurebyte[]
decryptToByteArray(org.w3c.dom.Element element)
Decrypt an EncryptedData element to a byte array.org.w3c.dom.Document
doFinal(org.w3c.dom.Document context, org.w3c.dom.Document source)
Process a DOMDocument
node.org.w3c.dom.Document
doFinal(org.w3c.dom.Document context, org.w3c.dom.Element element)
Process a DOMElement
node.org.w3c.dom.Document
doFinal(org.w3c.dom.Document context, org.w3c.dom.Element element, boolean content)
Process the contents of a DOMElement
node.EncryptedData
encryptData(org.w3c.dom.Document context, java.lang.String type, java.io.InputStream serializedData)
Returns anEncryptedData
interface.EncryptedData
encryptData(org.w3c.dom.Document context, org.w3c.dom.Element element)
Returns anEncryptedData
interface.EncryptedData
encryptData(org.w3c.dom.Document context, org.w3c.dom.Element element, boolean contentMode)
Returns anEncryptedData
interface.private EncryptedData
encryptData(org.w3c.dom.Document context, org.w3c.dom.Element element, java.lang.String type, java.io.InputStream serializedData)
private org.w3c.dom.Document
encryptElement(org.w3c.dom.Element element)
Encrypts anElement
and replaces it with its encrypted counterpart in the contextDocument
, that is, theDocument
specified when one callsgetInstance
.private org.w3c.dom.Document
encryptElementContent(org.w3c.dom.Element element)
Encrypts aNodeList
(the contents of anElement
) and replaces its parentElement
's content with this the resultingEncryptedType
within the contextDocument
, that is, theDocument
specified when one callsgetInstance
.EncryptedKey
encryptKey(org.w3c.dom.Document doc, java.security.Key key)
Encrypts a key to an EncryptedKey structureEncryptedKey
encryptKey(org.w3c.dom.Document doc, java.security.Key key, java.lang.String mgfAlgorithm, byte[] oaepParams)
Encrypts a key to an EncryptedKey structureEncryptedKey
encryptKey(org.w3c.dom.Document doc, java.security.Key key, java.lang.String mgfAlgorithm, byte[] oaepParams, java.security.SecureRandom random)
Encrypts a key to an EncryptedKey structureEncryptedData
getEncryptedData()
Get the EncryptedData being builtEncryptedKey
getEncryptedKey()
Get the EncryptedData being build Returns the EncryptedData being built during an ENCRYPT operation.static XMLCipher
getInstance()
Returns anXMLCipher
that implements no specific transformation, and can therefore only be used for decrypt or unwrap operations where the encryption method is defined in theEncryptionMethod
element.static XMLCipher
getInstance(java.lang.String transformation)
Returns anXMLCipher
that implements the specified transformation and operates on the specified context document.static XMLCipher
getInstance(java.lang.String transformation, java.lang.String canon)
Returns anXMLCipher
that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.static XMLCipher
getInstance(java.lang.String transformation, java.lang.String canon, java.lang.String digestMethod)
Returns anXMLCipher
that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.static XMLCipher
getProviderInstance(java.lang.String provider)
Returns anXMLCipher
that implements no specific transformation, and can therefore only be used for decrypt or unwrap operations where the encryption method is defined in theEncryptionMethod
element.static XMLCipher
getProviderInstance(java.lang.String transformation, java.lang.String provider)
Returns anXMLCipher
that implements the specified transformation and operates on the specified context document.static XMLCipher
getProviderInstance(java.lang.String transformation, java.lang.String provider, java.lang.String canon)
Returns anXMLCipher
that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.static XMLCipher
getProviderInstance(java.lang.String transformation, java.lang.String provider, java.lang.String canon, java.lang.String digestMethod)
Returns anXMLCipher
that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.Serializer
getSerializer()
Get the Serializer algorithm to useprivate static boolean
haveFunctionalIdentityTransformer()
void
init(int opmode, java.security.Key key)
Initializes this cipher with a key.private static boolean
isValidEncryptionAlgorithm(java.lang.String algorithm)
Checks to ensure that the supplied algorithm is valid.EncryptedData
loadEncryptedData(org.w3c.dom.Document context, org.w3c.dom.Element element)
Returns anEncryptedData
interface.EncryptedKey
loadEncryptedKey(org.w3c.dom.Document context, org.w3c.dom.Element element)
Returns anEncryptedKey
interface.EncryptedKey
loadEncryptedKey(org.w3c.dom.Element element)
Returns anEncryptedKey
interface.org.w3c.dom.Element
martial(EncryptedData encryptedData)
Martial an EncryptedData Takes an EncryptedData object and returns a DOM Element that represents the appropriateEncryptedData
org.w3c.dom.Element
martial(EncryptedKey encryptedKey)
Martial an EncryptedKey Takes an EncryptedKey object and returns a DOM Element that represents the appropriateEncryptedKey
org.w3c.dom.Element
martial(ReferenceList referenceList)
Martial a ReferenceList Takes a ReferenceList object and returns a DOM Element that represents the appropriateReferenceList
org.w3c.dom.Element
martial(org.w3c.dom.Document context, EncryptedData encryptedData)
Martial an EncryptedData Takes an EncryptedData object and returns a DOM Element that represents the appropriateEncryptedData
org.w3c.dom.Element
martial(org.w3c.dom.Document context, EncryptedKey encryptedKey)
Martial an EncryptedKey Takes an EncryptedKey object and returns a DOM Element that represents the appropriateEncryptedKey
org.w3c.dom.Element
martial(org.w3c.dom.Document context, ReferenceList referenceList)
Martial a ReferenceList Takes a ReferenceList object and returns a DOM Element that represents the appropriateReferenceList
void
registerInternalKeyResolver(KeyResolverSpi keyResolver)
This method is used to add a customKeyResolverSpi
to an XMLCipher.private static void
removeContent(org.w3c.dom.Node node)
Removes the contents of aNode
.void
setKEK(java.security.Key kek)
Set a Key Encryption Key.void
setSecureValidation(boolean secureValidation)
Set whether secure validation is enabled or not.void
setSerializer(Serializer serializer)
Set the Serializer algorithm to useprivate static void
validateTransformation(java.lang.String transformation)
Validate the transformation argument of getInstance or getProviderInstance
-
-
-
Field Detail
-
LOG
private static final org.slf4j.Logger LOG
-
TRIPLEDES
public static final java.lang.String TRIPLEDES
Triple DES EDE (192 bit key) in CBC mode- See Also:
- Constant Field Values
-
AES_128
public static final java.lang.String AES_128
AES 128 Cipher- See Also:
- Constant Field Values
-
AES_256
public static final java.lang.String AES_256
AES 256 Cipher- See Also:
- Constant Field Values
-
AES_192
public static final java.lang.String AES_192
AES 192 Cipher- See Also:
- Constant Field Values
-
AES_128_GCM
public static final java.lang.String AES_128_GCM
AES 128 GCM Cipher- See Also:
- Constant Field Values
-
AES_192_GCM
public static final java.lang.String AES_192_GCM
AES 192 GCM Cipher- See Also:
- Constant Field Values
-
AES_256_GCM
public static final java.lang.String AES_256_GCM
AES 256 GCM Cipher- See Also:
- Constant Field Values
-
SEED_128
public static final java.lang.String SEED_128
SEED 128 Cipher- See Also:
- Constant Field Values
-
CAMELLIA_128
public static final java.lang.String CAMELLIA_128
CAMELLIA 128 Cipher- See Also:
- Constant Field Values
-
CAMELLIA_192
public static final java.lang.String CAMELLIA_192
CAMELLIA 192 Cipher- See Also:
- Constant Field Values
-
CAMELLIA_256
public static final java.lang.String CAMELLIA_256
CAMELLIA 256 Cipher- See Also:
- Constant Field Values
-
RSA_v1dot5
public static final java.lang.String RSA_v1dot5
RSA 1.5 Cipher- See Also:
- Constant Field Values
-
RSA_OAEP
public static final java.lang.String RSA_OAEP
RSA OAEP Cipher- See Also:
- Constant Field Values
-
RSA_OAEP_11
public static final java.lang.String RSA_OAEP_11
RSA OAEP Cipher- See Also:
- Constant Field Values
-
DIFFIE_HELLMAN
public static final java.lang.String DIFFIE_HELLMAN
DIFFIE_HELLMAN Cipher- See Also:
- Constant Field Values
-
TRIPLEDES_KeyWrap
public static final java.lang.String TRIPLEDES_KeyWrap
Triple DES EDE (192 bit key) in CBC mode KEYWRAP- See Also:
- Constant Field Values
-
AES_128_KeyWrap
public static final java.lang.String AES_128_KeyWrap
AES 128 Cipher KeyWrap- See Also:
- Constant Field Values
-
AES_256_KeyWrap
public static final java.lang.String AES_256_KeyWrap
AES 256 Cipher KeyWrap- See Also:
- Constant Field Values
-
AES_192_KeyWrap
public static final java.lang.String AES_192_KeyWrap
AES 192 Cipher KeyWrap- See Also:
- Constant Field Values
-
CAMELLIA_128_KeyWrap
public static final java.lang.String CAMELLIA_128_KeyWrap
CAMELLIA 128 Cipher KeyWrap- See Also:
- Constant Field Values
-
CAMELLIA_192_KeyWrap
public static final java.lang.String CAMELLIA_192_KeyWrap
CAMELLIA 192 Cipher KeyWrap- See Also:
- Constant Field Values
-
CAMELLIA_256_KeyWrap
public static final java.lang.String CAMELLIA_256_KeyWrap
CAMELLIA 256 Cipher KeyWrap- See Also:
- Constant Field Values
-
SEED_128_KeyWrap
public static final java.lang.String SEED_128_KeyWrap
SEED 128 Cipher KeyWrap- See Also:
- Constant Field Values
-
SHA1
public static final java.lang.String SHA1
SHA1 Cipher- See Also:
- Constant Field Values
-
SHA256
public static final java.lang.String SHA256
SHA256 Cipher- See Also:
- Constant Field Values
-
SHA512
public static final java.lang.String SHA512
SHA512 Cipher- See Also:
- Constant Field Values
-
RIPEMD_160
public static final java.lang.String RIPEMD_160
RIPEMD Cipher- See Also:
- Constant Field Values
-
XML_DSIG
public static final java.lang.String XML_DSIG
XML Signature NS- See Also:
- Constant Field Values
-
N14C_XML
public static final java.lang.String N14C_XML
N14C_XML- See Also:
- Constant Field Values
-
N14C_XML_WITH_COMMENTS
public static final java.lang.String N14C_XML_WITH_COMMENTS
N14C_XML with comments- See Also:
- Constant Field Values
-
EXCL_XML_N14C
public static final java.lang.String EXCL_XML_N14C
N14C_XML exclusive- See Also:
- Constant Field Values
-
EXCL_XML_N14C_WITH_COMMENTS
public static final java.lang.String EXCL_XML_N14C_WITH_COMMENTS
N14C_XML exclusive with comments- See Also:
- Constant Field Values
-
PHYSICAL_XML_N14C
public static final java.lang.String PHYSICAL_XML_N14C
N14C_PHYSICAL preserve the physical representation- See Also:
- Constant Field Values
-
BASE64_ENCODING
public static final java.lang.String BASE64_ENCODING
Base64 encoding- See Also:
- Constant Field Values
-
ENCRYPT_MODE
public static final int ENCRYPT_MODE
ENCRYPT Mode- See Also:
- Constant Field Values
-
DECRYPT_MODE
public static final int DECRYPT_MODE
DECRYPT Mode- See Also:
- Constant Field Values
-
UNWRAP_MODE
public static final int UNWRAP_MODE
UNWRAP Mode- See Also:
- Constant Field Values
-
WRAP_MODE
public static final int WRAP_MODE
WRAP Mode- See Also:
- Constant Field Values
-
ENC_ALGORITHMS
private static final java.lang.String ENC_ALGORITHMS
- See Also:
- Constant Field Values
-
HAVE_FUNCTIONAL_IDENTITY_TRANSFORMER
private static final boolean HAVE_FUNCTIONAL_IDENTITY_TRANSFORMER
-
contextCipher
private javax.crypto.Cipher contextCipher
Cipher created during initialisation that is used for encryption
-
cipherMode
private int cipherMode
Mode that the XMLCipher object is operating in
-
algorithm
private java.lang.String algorithm
URI of algorithm that is being used for cryptographic operation
-
requestedJCEProvider
private java.lang.String requestedJCEProvider
Cryptographic provider requested by caller
-
canon
private Canonicalizer canon
Holds c14n to serialize, if initialized then _always_ use this c14n to serialize
-
contextDocument
private org.w3c.dom.Document contextDocument
Used for creation of DOM nodes in WRAP and ENCRYPT modes
-
factory
private XMLCipher.Factory factory
Instance of factory used to create XML Encryption objects
-
serializer
private Serializer serializer
Serializer class for going to/from UTF-8
-
key
private java.security.Key key
Local copy of user's key
-
kek
private java.security.Key kek
Local copy of the kek (used to decrypt EncryptedKeys during a DECRYPT_MODE operation
-
ek
private EncryptedKey ek
-
ed
private EncryptedData ed
-
secureValidation
private boolean secureValidation
-
digestAlg
private java.lang.String digestAlg
-
internalKeyResolvers
private java.util.List<KeyResolverSpi> internalKeyResolvers
List of internal KeyResolvers for DECRYPT and UNWRAP modes.
-
-
Constructor Detail
-
XMLCipher
private XMLCipher(java.lang.String transformation, java.lang.String provider, java.lang.String canonAlg, java.lang.String digestMethod) throws XMLEncryptionException
Creates a newXMLCipher
.- Parameters:
transformation
- the name of the transformation, e.g.,XMLCipher.TRIPLEDES
. If null the XMLCipher can only be used for decrypt or unwrap operations where the encryption method is defined in theEncryptionMethod
element.provider
- the JCE provider that supplies the transformation, if null use the default provider.canonAlg
- the name of the c14n algorithm, ifnull
use standard serializerdigestMethod
- An optional digestMethod to use.- Throws:
XMLEncryptionException
-
-
Method Detail
-
setSerializer
public void setSerializer(Serializer serializer)
Set the Serializer algorithm to use
-
getSerializer
public Serializer getSerializer()
Get the Serializer algorithm to use
-
isValidEncryptionAlgorithm
private static boolean isValidEncryptionAlgorithm(java.lang.String algorithm)
Checks to ensure that the supplied algorithm is valid.- Parameters:
algorithm
- the algorithm to check.- Returns:
- true if the algorithm is valid, otherwise false.
- Since:
- 1.0.
-
validateTransformation
private static void validateTransformation(java.lang.String transformation)
Validate the transformation argument of getInstance or getProviderInstance- Parameters:
transformation
- the name of the transformation, e.g.,XMLCipher.TRIPLEDES
which is shorthand for "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
-
getInstance
public static XMLCipher getInstance(java.lang.String transformation) throws XMLEncryptionException
Returns anXMLCipher
that implements the specified transformation and operates on the specified context document.If the default provider package supplies an implementation of the requested transformation, an instance of Cipher containing that implementation is returned. If the transformation is not available in the default provider package, other provider packages are searched.
NOTE1: The transformation name does not follow the same pattern as that outlined in the Java Cryptography Extension Reference Guide but rather that specified by the XML Encryption Syntax and Processing document. The rational behind this is to make it easier for a novice at writing Java Encryption software to use the library.
NOTE2:
getInstance()
does not follow the same pattern regarding exceptional conditions as that used injavax.crypto.Cipher
. Instead, it only throws anXMLEncryptionException
which wraps an underlying exception. The stack trace from the exception should be self explanatory.- Parameters:
transformation
- the name of the transformation, e.g.,XMLCipher.TRIPLEDES
which is shorthand for "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"- Returns:
- the XMLCipher
- Throws:
XMLEncryptionException
- See Also:
Cipher.getInstance(java.lang.String)
-
getInstance
public static XMLCipher getInstance(java.lang.String transformation, java.lang.String canon) throws XMLEncryptionException
Returns anXMLCipher
that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.- Parameters:
transformation
- the name of the transformationcanon
- the name of the c14n algorithm, ifnull
use standard serializer- Returns:
- the XMLCipher
- Throws:
XMLEncryptionException
-
getInstance
public static XMLCipher getInstance(java.lang.String transformation, java.lang.String canon, java.lang.String digestMethod) throws XMLEncryptionException
Returns anXMLCipher
that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.- Parameters:
transformation
- the name of the transformationcanon
- the name of the c14n algorithm, ifnull
use standard serializerdigestMethod
- An optional digestMethod to use- Returns:
- the XMLCipher
- Throws:
XMLEncryptionException
-
getProviderInstance
public static XMLCipher getProviderInstance(java.lang.String transformation, java.lang.String provider) throws XMLEncryptionException
Returns anXMLCipher
that implements the specified transformation and operates on the specified context document.- Parameters:
transformation
- the name of the transformationprovider
- the JCE provider that supplies the transformation- Returns:
- the XMLCipher
- Throws:
XMLEncryptionException
-
getProviderInstance
public static XMLCipher getProviderInstance(java.lang.String transformation, java.lang.String provider, java.lang.String canon) throws XMLEncryptionException
Returns anXMLCipher
that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.- Parameters:
transformation
- the name of the transformationprovider
- the JCE provider that supplies the transformationcanon
- the name of the c14n algorithm, ifnull
use standard serializer- Returns:
- the XMLCipher
- Throws:
XMLEncryptionException
-
getProviderInstance
public static XMLCipher getProviderInstance(java.lang.String transformation, java.lang.String provider, java.lang.String canon, java.lang.String digestMethod) throws XMLEncryptionException
Returns anXMLCipher
that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.- Parameters:
transformation
- the name of the transformationprovider
- the JCE provider that supplies the transformationcanon
- the name of the c14n algorithm, ifnull
use standard serializerdigestMethod
- An optional digestMethod to use- Returns:
- the XMLCipher
- Throws:
XMLEncryptionException
-
getInstance
public static XMLCipher getInstance() throws XMLEncryptionException
Returns anXMLCipher
that implements no specific transformation, and can therefore only be used for decrypt or unwrap operations where the encryption method is defined in theEncryptionMethod
element.- Returns:
- The XMLCipher
- Throws:
XMLEncryptionException
-
getProviderInstance
public static XMLCipher getProviderInstance(java.lang.String provider) throws XMLEncryptionException
Returns anXMLCipher
that implements no specific transformation, and can therefore only be used for decrypt or unwrap operations where the encryption method is defined in theEncryptionMethod
element. Allows the caller to specify a provider that will be used for cryptographic operations.- Parameters:
provider
- the JCE provider that supplies the transformation- Returns:
- the XMLCipher
- Throws:
XMLEncryptionException
-
init
public void init(int opmode, java.security.Key key) throws XMLEncryptionException
Initializes this cipher with a key.The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode. For WRAP and ENCRYPT modes, this also initialises the internal EncryptedKey or EncryptedData (with a CipherValue) structure that will be used during the ensuing operations. This can be obtained (in order to modify KeyInfo elements etc. prior to finalising the encryption) by calling
getEncryptedData()
orgetEncryptedKey()
.- Parameters:
opmode
- the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)key
-- Throws:
XMLEncryptionException
- See Also:
Cipher.init(int, java.security.Key)
-
setSecureValidation
public void setSecureValidation(boolean secureValidation)
Set whether secure validation is enabled or not. The default is false.
-
registerInternalKeyResolver
public void registerInternalKeyResolver(KeyResolverSpi keyResolver)
This method is used to add a customKeyResolverSpi
to an XMLCipher. These KeyResolvers are used in KeyInfo objects in DECRYPT and UNWRAP modes.- Parameters:
keyResolver
-
-
getEncryptedData
public EncryptedData getEncryptedData()
Get the EncryptedData being builtReturns the EncryptedData being built during an ENCRYPT operation. This can then be used by applications to add KeyInfo elements and set other parameters.
- Returns:
- The EncryptedData being built
-
getEncryptedKey
public EncryptedKey getEncryptedKey()
Get the EncryptedData being build Returns the EncryptedData being built during an ENCRYPT operation. This can then be used by applications to add KeyInfo elements and set other parameters.- Returns:
- The EncryptedData being built
-
setKEK
public void setKEK(java.security.Key kek)
Set a Key Encryption Key.The Key Encryption Key (KEK) is used for encrypting/decrypting EncryptedKey elements. By setting this separately, the XMLCipher class can know whether a key applies to the data part or wrapped key part of an encrypted object.
- Parameters:
kek
- The key to use for de/encrypting key data
-
martial
public org.w3c.dom.Element martial(EncryptedData encryptedData)
Martial an EncryptedData Takes an EncryptedData object and returns a DOM Element that represents the appropriateEncryptedData
Note: This should only be used in cases where the context document has been passed in via a call to doFinal.
- Parameters:
encryptedData
- EncryptedData object to martial- Returns:
- the DOM
Element
representing the passed in object
-
martial
public org.w3c.dom.Element martial(org.w3c.dom.Document context, EncryptedData encryptedData)
Martial an EncryptedData Takes an EncryptedData object and returns a DOM Element that represents the appropriateEncryptedData
- Parameters:
context
- The document that will own the returned nodesencryptedData
- EncryptedData object to martial- Returns:
- the DOM
Element
representing the passed in object
-
martial
public org.w3c.dom.Element martial(EncryptedKey encryptedKey)
Martial an EncryptedKey Takes an EncryptedKey object and returns a DOM Element that represents the appropriateEncryptedKey
Note: This should only be used in cases where the context document has been passed in via a call to doFinal.
- Parameters:
encryptedKey
- EncryptedKey object to martial- Returns:
- the DOM
Element
representing the passed in object
-
martial
public org.w3c.dom.Element martial(org.w3c.dom.Document context, EncryptedKey encryptedKey)
Martial an EncryptedKey Takes an EncryptedKey object and returns a DOM Element that represents the appropriateEncryptedKey
- Parameters:
context
- The document that will own the created nodesencryptedKey
- EncryptedKey object to martial- Returns:
- the DOM
Element
representing the passed in object
-
martial
public org.w3c.dom.Element martial(ReferenceList referenceList)
Martial a ReferenceList Takes a ReferenceList object and returns a DOM Element that represents the appropriateReferenceList
Note: This should only be used in cases where the context document has been passed in via a call to doFinal.
- Parameters:
referenceList
- ReferenceList object to martial- Returns:
- the DOM
Element
representing the passed in object
-
martial
public org.w3c.dom.Element martial(org.w3c.dom.Document context, ReferenceList referenceList)
Martial a ReferenceList Takes a ReferenceList object and returns a DOM Element that represents the appropriateReferenceList
- Parameters:
context
- The document that will own the created nodesreferenceList
- ReferenceList object to martial- Returns:
- the DOM
Element
representing the passed in object
-
encryptElement
private org.w3c.dom.Document encryptElement(org.w3c.dom.Element element) throws java.lang.Exception
Encrypts anElement
and replaces it with its encrypted counterpart in the contextDocument
, that is, theDocument
specified when one callsgetInstance
.- Parameters:
element
- theElement
to encrypt.- Returns:
- the context
Document
with the encryptedElement
having replaced the sourceElement
. - Throws:
java.lang.Exception
-
encryptElementContent
private org.w3c.dom.Document encryptElementContent(org.w3c.dom.Element element) throws java.lang.Exception
Encrypts aNodeList
(the contents of anElement
) and replaces its parentElement
's content with this the resultingEncryptedType
within the contextDocument
, that is, theDocument
specified when one callsgetInstance
.- Parameters:
element
- theNodeList
to encrypt.- Returns:
- the context
Document
with the encryptedNodeList
having replaced the content of the sourceElement
. - Throws:
java.lang.Exception
-
doFinal
public org.w3c.dom.Document doFinal(org.w3c.dom.Document context, org.w3c.dom.Document source) throws java.lang.Exception
Process a DOMDocument
node. The processing depends on the initialization parameters ofinit()
.- Parameters:
context
- the contextDocument
.source
- theDocument
to be encrypted or decrypted.- Returns:
- the processed
Document
. - Throws:
java.lang.Exception
- to indicate any exceptional conditions.
-
doFinal
public org.w3c.dom.Document doFinal(org.w3c.dom.Document context, org.w3c.dom.Element element) throws java.lang.Exception
Process a DOMElement
node. The processing depends on the initialization parameters ofinit()
.- Parameters:
context
- the contextDocument
.element
- theElement
to be encrypted.- Returns:
- the processed
Document
. - Throws:
java.lang.Exception
- to indicate any exceptional conditions.
-
doFinal
public org.w3c.dom.Document doFinal(org.w3c.dom.Document context, org.w3c.dom.Element element, boolean content) throws java.lang.Exception
Process the contents of a DOMElement
node. The processing depends on the initialization parameters ofinit()
.- Parameters:
context
- the contextDocument
.element
- theElement
which contents is to be encrypted.content
-- Returns:
- the processed
Document
. - Throws:
java.lang.Exception
- to indicate any exceptional conditions.
-
encryptData
public EncryptedData encryptData(org.w3c.dom.Document context, org.w3c.dom.Element element) throws java.lang.Exception
Returns anEncryptedData
interface. Use this operation if you want to have full control over the contents of theEncryptedData
structure. This does not change the source document in any way.- Parameters:
context
- the contextDocument
.element
- theElement
that will be encrypted.- Returns:
- the
EncryptedData
- Throws:
java.lang.Exception
-
encryptData
public EncryptedData encryptData(org.w3c.dom.Document context, java.lang.String type, java.io.InputStream serializedData) throws java.lang.Exception
Returns anEncryptedData
interface. Use this operation if you want to have full control over the serialization of the element or element content. This does not change the source document in any way.- Parameters:
context
- the contextDocument
.type
- a URI identifying type information about the plaintext form of the encrypted content (may benull
)serializedData
- the serialized data- Returns:
- the
EncryptedData
- Throws:
java.lang.Exception
-
encryptData
public EncryptedData encryptData(org.w3c.dom.Document context, org.w3c.dom.Element element, boolean contentMode) throws java.lang.Exception
Returns anEncryptedData
interface. Use this operation if you want to have full control over the contents of theEncryptedData
structure. This does not change the source document in any way.- Parameters:
context
- the contextDocument
.element
- theElement
that will be encrypted.contentMode
-true
to encrypt element's content only,false
otherwise- Returns:
- the
EncryptedData
- Throws:
java.lang.Exception
-
encryptData
private EncryptedData encryptData(org.w3c.dom.Document context, org.w3c.dom.Element element, java.lang.String type, java.io.InputStream serializedData) throws java.lang.Exception
- Throws:
java.lang.Exception
-
constructBlockCipherParameters
private java.security.spec.AlgorithmParameterSpec constructBlockCipherParameters(java.lang.String algorithm, byte[] iv)
Build anAlgorithmParameterSpec
instance used to initialize aCipher
instance for block cipher encryption and decryption.- Parameters:
algorithm
- the XML encryption algorithm URIiv
- the initialization vector- Returns:
- the newly constructed AlgorithmParameterSpec instance, appropriate for the specified algorithm
-
loadEncryptedData
public EncryptedData loadEncryptedData(org.w3c.dom.Document context, org.w3c.dom.Element element) throws XMLEncryptionException
Returns anEncryptedData
interface. Use this operation if you want to load anEncryptedData
structure from a DOM structure and manipulate the contents.- Parameters:
context
- the contextDocument
.element
- theElement
that will be loaded- Returns:
- the
EncryptedData
- Throws:
XMLEncryptionException
-
loadEncryptedKey
public EncryptedKey loadEncryptedKey(org.w3c.dom.Document context, org.w3c.dom.Element element) throws XMLEncryptionException
Returns anEncryptedKey
interface. Use this operation if you want to load anEncryptedKey
structure from a DOM structure and manipulate the contents.- Parameters:
context
- the contextDocument
.element
- theElement
that will be loaded- Returns:
- the
EncryptedKey
- Throws:
XMLEncryptionException
-
loadEncryptedKey
public EncryptedKey loadEncryptedKey(org.w3c.dom.Element element) throws XMLEncryptionException
Returns anEncryptedKey
interface. Use this operation if you want to load anEncryptedKey
structure from a DOM structure and manipulate the contents. Assumes that the context document is the document that owns the element- Parameters:
element
- theElement
that will be loaded- Returns:
- the
EncryptedKey
- Throws:
XMLEncryptionException
-
encryptKey
public EncryptedKey encryptKey(org.w3c.dom.Document doc, java.security.Key key) throws XMLEncryptionException
Encrypts a key to an EncryptedKey structure- Parameters:
doc
- the Context document that will be used to general DOMkey
- Key to encrypt (will use previously set KEK to perform encryption- Returns:
- the
EncryptedKey
- Throws:
XMLEncryptionException
-
encryptKey
public EncryptedKey encryptKey(org.w3c.dom.Document doc, java.security.Key key, java.lang.String mgfAlgorithm, byte[] oaepParams) throws XMLEncryptionException
Encrypts a key to an EncryptedKey structure- Parameters:
doc
- the Context document that will be used to general DOMkey
- Key to encrypt (will use previously set KEK to perform encryptionmgfAlgorithm
- The xenc11 MGF Algorithm to useoaepParams
- The OAEPParams to use- Returns:
- the
EncryptedKey
- Throws:
XMLEncryptionException
-
encryptKey
public EncryptedKey encryptKey(org.w3c.dom.Document doc, java.security.Key key, java.lang.String mgfAlgorithm, byte[] oaepParams, java.security.SecureRandom random) throws XMLEncryptionException
Encrypts a key to an EncryptedKey structure- Parameters:
doc
- the Context document that will be used to general DOMkey
- Key to encrypt (will use previously set KEK to perform encryptionmgfAlgorithm
- The xenc11 MGF Algorithm to useoaepParams
- The OAEPParams to userandom
- The SecureRandom instance to use when initializing the Cipher- Returns:
- the
EncryptedKey
- Throws:
XMLEncryptionException
-
decryptKey
public java.security.Key decryptKey(EncryptedKey encryptedKey, java.lang.String algorithm) throws XMLEncryptionException
Decrypt a key from a passed in EncryptedKey structure- Parameters:
encryptedKey
- Previously loaded EncryptedKey that needs to be decrypted.algorithm
- Algorithm for the decrypted key- Returns:
- a key corresponding to the given type
- Throws:
XMLEncryptionException
-
constructOAEPParameters
private javax.crypto.spec.OAEPParameterSpec constructOAEPParameters(java.lang.String encryptionAlgorithm, java.lang.String digestAlgorithm, java.lang.String mgfAlgorithm, byte[] oaepParams)
Construct an OAEPParameterSpec object from the given parameters
-
constructCipher
private javax.crypto.Cipher constructCipher(java.lang.String algorithm, java.lang.String digestAlgorithm) throws XMLEncryptionException
Construct a Cipher object- Throws:
XMLEncryptionException
-
constructCipher
private javax.crypto.Cipher constructCipher(java.lang.String algorithm, java.lang.String digestAlgorithm, java.lang.Exception nsae) throws XMLEncryptionException
- Throws:
XMLEncryptionException
-
decryptKey
public java.security.Key decryptKey(EncryptedKey encryptedKey) throws XMLEncryptionException
Decrypt a key from a passed in EncryptedKey structure. This version is used mainly internally, when the cipher already has an EncryptedData loaded. The algorithm URI will be read from the EncryptedData- Parameters:
encryptedKey
- Previously loaded EncryptedKey that needs to be decrypted.- Returns:
- a key corresponding to the given type
- Throws:
XMLEncryptionException
-
removeContent
private static void removeContent(org.w3c.dom.Node node)
Removes the contents of aNode
.- Parameters:
node
- theNode
to clear.
-
decryptElement
private org.w3c.dom.Document decryptElement(org.w3c.dom.Element element) throws XMLEncryptionException
DecryptsEncryptedData
in a single-part operation.- Parameters:
element
- theEncryptedData
to decrypt.- Returns:
- the
Node
as a result of the decrypt operation. - Throws:
XMLEncryptionException
-
decryptElementContent
private org.w3c.dom.Document decryptElementContent(org.w3c.dom.Element element) throws XMLEncryptionException
- Parameters:
element
-- Returns:
- the
Node
as a result of the decrypt operation. - Throws:
XMLEncryptionException
-
decryptToByteArray
public byte[] decryptToByteArray(org.w3c.dom.Element element) throws XMLEncryptionException
Decrypt an EncryptedData element to a byte array. When passed in an EncryptedData node, returns the decryption as a byte array. Does not modify the source document.- Parameters:
element
-- Returns:
- the bytes resulting from the decryption
- Throws:
XMLEncryptionException
-
createEncryptedData
public EncryptedData createEncryptedData(int type, java.lang.String value) throws XMLEncryptionException
Creates anEncryptedData
Element
. The newEncryptedData and newEncryptedKey methods create fairly complete elements that are immediately useable. All the other create* methods return bare elements that still need to be built upon.An EncryptionMethod will still need to be added however
- Parameters:
type
- Either REFERENCE_TYPE or VALUE_TYPE - defines what kind of CipherData this EncryptedData will contain.value
- the Base 64 encoded, encrypted text to wrap in theEncryptedData
or the URI to set in the CipherReference (usage will depend on thetype
- Returns:
- the
EncryptedData
Element
. - Throws:
XMLEncryptionException
-
createEncryptedKey
public EncryptedKey createEncryptedKey(int type, java.lang.String value) throws XMLEncryptionException
Creates anEncryptedKey
Element
. The newEncryptedData and newEncryptedKey methods create fairly complete elements that are immediately useable. All the other create* methods return bare elements that still need to be built upon.An EncryptionMethod will still need to be added however
- Parameters:
type
- Either REFERENCE_TYPE or VALUE_TYPE - defines what kind of CipherData this EncryptedData will contain.value
- the Base 64 encoded, encrypted text to wrap in theEncryptedKey
or the URI to set in the CipherReference (usage will depend on thetype
- Returns:
- the
EncryptedKey
Element
. - Throws:
XMLEncryptionException
-
createAgreementMethod
public AgreementMethod createAgreementMethod(java.lang.String algorithm)
Create an AgreementMethod object- Parameters:
algorithm
- Algorithm of the agreement method- Returns:
- a new
AgreementMethod
-
createCipherData
public CipherData createCipherData(int type)
Create a CipherData object- Parameters:
type
- Type of this CipherData (either VALUE_TUPE or REFERENCE_TYPE)- Returns:
- a new
CipherData
-
createCipherReference
public CipherReference createCipherReference(java.lang.String uri)
Create a CipherReference object- Parameters:
uri
- The URI that the reference will refer- Returns:
- a new
CipherReference
-
createCipherValue
public CipherValue createCipherValue(java.lang.String value)
Create a CipherValue element- Parameters:
value
- The value to set the ciphertext to- Returns:
- a new
CipherValue
-
createEncryptionMethod
public EncryptionMethod createEncryptionMethod(java.lang.String algorithm)
Create an EncryptionMethod object- Parameters:
algorithm
- Algorithm for the encryption- Returns:
- a new
EncryptionMethod
-
createEncryptionProperties
public EncryptionProperties createEncryptionProperties()
Create an EncryptionProperties element- Returns:
- a new
EncryptionProperties
-
createEncryptionProperty
public EncryptionProperty createEncryptionProperty()
Create a new EncryptionProperty element- Returns:
- a new
EncryptionProperty
-
createReferenceList
public ReferenceList createReferenceList(int type)
Create a new ReferenceList object- Parameters:
type
- ReferenceList.DATA_REFERENCE or ReferenceList.KEY_REFERENCE- Returns:
- a new
ReferenceList
-
createTransforms
public Transforms createTransforms()
Create a new Transforms objectNote: A context document must have been set elsewhere (possibly via a call to doFinal). If not, use the createTransforms(Document) method.
- Returns:
- a new
Transforms
-
createTransforms
public Transforms createTransforms(org.w3c.dom.Document doc)
Create a new Transforms object Because the handling of Transforms is currently done in the signature code, the creation of a Transforms object requires a context document.- Parameters:
doc
- Document that will own the created Transforms node- Returns:
- a new
Transforms
-
haveFunctionalIdentityTransformer
private static boolean haveFunctionalIdentityTransformer()
-
-