Class XMLCipher


  • public class XMLCipher
    extends java.lang.Object
    XMLCipher encrypts and decrypts the contents of Documents, Elements and Element contents. It was designed to resemble javax.crypto.Cipher in order to facilitate understanding of its functioning.
    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      private class  XMLCipher.Factory  
    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      private XMLCipher​(java.lang.String transformation, java.lang.String provider, java.lang.String canonAlg, java.lang.String digestMethod)
      Creates a new XMLCipher.
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private java.security.spec.AlgorithmParameterSpec constructBlockCipherParameters​(java.lang.String algorithm, byte[] iv)
      Build an AlgorithmParameterSpec instance used to initialize a Cipher instance for block cipher encryption and decryption.
      private javax.crypto.Cipher constructCipher​(java.lang.String algorithm, java.lang.String digestAlgorithm)
      Construct a Cipher object
      private javax.crypto.Cipher constructCipher​(java.lang.String algorithm, java.lang.String digestAlgorithm, java.lang.Exception nsae)  
      private javax.crypto.spec.OAEPParameterSpec constructOAEPParameters​(java.lang.String encryptionAlgorithm, java.lang.String digestAlgorithm, java.lang.String mgfAlgorithm, byte[] oaepParams)
      Construct an OAEPParameterSpec object from the given parameters
      AgreementMethod createAgreementMethod​(java.lang.String algorithm)
      Create an AgreementMethod object
      CipherData createCipherData​(int type)
      Create a CipherData object
      CipherReference createCipherReference​(java.lang.String uri)
      Create a CipherReference object
      CipherValue createCipherValue​(java.lang.String value)
      Create a CipherValue element
      EncryptedData createEncryptedData​(int type, java.lang.String value)
      Creates an EncryptedData Element.
      EncryptedKey createEncryptedKey​(int type, java.lang.String value)
      Creates an EncryptedKey Element.
      EncryptionMethod createEncryptionMethod​(java.lang.String algorithm)
      Create an EncryptionMethod object
      EncryptionProperties createEncryptionProperties()
      Create an EncryptionProperties element
      EncryptionProperty createEncryptionProperty()
      Create a new EncryptionProperty element
      ReferenceList createReferenceList​(int type)
      Create a new ReferenceList object
      Transforms createTransforms()
      Create a new Transforms object
      Transforms createTransforms​(org.w3c.dom.Document doc)
      Create a new Transforms object Because the handling of Transforms is currently done in the signature code, the creation of a Transforms object requires a context document.
      private org.w3c.dom.Document decryptElement​(org.w3c.dom.Element element)
      Decrypts EncryptedData in a single-part operation.
      private org.w3c.dom.Document decryptElementContent​(org.w3c.dom.Element element)  
      java.security.Key decryptKey​(EncryptedKey encryptedKey)
      Decrypt a key from a passed in EncryptedKey structure.
      java.security.Key decryptKey​(EncryptedKey encryptedKey, java.lang.String algorithm)
      Decrypt a key from a passed in EncryptedKey structure
      byte[] decryptToByteArray​(org.w3c.dom.Element element)
      Decrypt an EncryptedData element to a byte array.
      org.w3c.dom.Document doFinal​(org.w3c.dom.Document context, org.w3c.dom.Document source)
      Process a DOM Document node.
      org.w3c.dom.Document doFinal​(org.w3c.dom.Document context, org.w3c.dom.Element element)
      Process a DOM Element node.
      org.w3c.dom.Document doFinal​(org.w3c.dom.Document context, org.w3c.dom.Element element, boolean content)
      Process the contents of a DOM Element node.
      EncryptedData encryptData​(org.w3c.dom.Document context, java.lang.String type, java.io.InputStream serializedData)
      Returns an EncryptedData interface.
      EncryptedData encryptData​(org.w3c.dom.Document context, org.w3c.dom.Element element)
      Returns an EncryptedData interface.
      EncryptedData encryptData​(org.w3c.dom.Document context, org.w3c.dom.Element element, boolean contentMode)
      Returns an EncryptedData interface.
      private EncryptedData encryptData​(org.w3c.dom.Document context, org.w3c.dom.Element element, java.lang.String type, java.io.InputStream serializedData)  
      private org.w3c.dom.Document encryptElement​(org.w3c.dom.Element element)
      Encrypts an Element and replaces it with its encrypted counterpart in the context Document, that is, the Document specified when one calls getInstance.
      private org.w3c.dom.Document encryptElementContent​(org.w3c.dom.Element element)
      Encrypts a NodeList (the contents of an Element) and replaces its parent Element's content with this the resulting EncryptedType within the context Document, that is, the Document specified when one calls getInstance.
      EncryptedKey encryptKey​(org.w3c.dom.Document doc, java.security.Key key)
      Encrypts a key to an EncryptedKey structure
      EncryptedKey encryptKey​(org.w3c.dom.Document doc, java.security.Key key, java.lang.String mgfAlgorithm, byte[] oaepParams)
      Encrypts a key to an EncryptedKey structure
      EncryptedKey encryptKey​(org.w3c.dom.Document doc, java.security.Key key, java.lang.String mgfAlgorithm, byte[] oaepParams, java.security.SecureRandom random)
      Encrypts a key to an EncryptedKey structure
      EncryptedData getEncryptedData()
      Get the EncryptedData being built
      EncryptedKey getEncryptedKey()
      Get the EncryptedData being build Returns the EncryptedData being built during an ENCRYPT operation.
      static XMLCipher getInstance()
      Returns an XMLCipher that implements no specific transformation, and can therefore only be used for decrypt or unwrap operations where the encryption method is defined in the EncryptionMethod element.
      static XMLCipher getInstance​(java.lang.String transformation)
      Returns an XMLCipher that implements the specified transformation and operates on the specified context document.
      static XMLCipher getInstance​(java.lang.String transformation, java.lang.String canon)
      Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.
      static XMLCipher getInstance​(java.lang.String transformation, java.lang.String canon, java.lang.String digestMethod)
      Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.
      static XMLCipher getProviderInstance​(java.lang.String provider)
      Returns an XMLCipher that implements no specific transformation, and can therefore only be used for decrypt or unwrap operations where the encryption method is defined in the EncryptionMethod element.
      static XMLCipher getProviderInstance​(java.lang.String transformation, java.lang.String provider)
      Returns an XMLCipher that implements the specified transformation and operates on the specified context document.
      static XMLCipher getProviderInstance​(java.lang.String transformation, java.lang.String provider, java.lang.String canon)
      Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.
      static XMLCipher getProviderInstance​(java.lang.String transformation, java.lang.String provider, java.lang.String canon, java.lang.String digestMethod)
      Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.
      Serializer getSerializer()
      Get the Serializer algorithm to use
      private static boolean haveFunctionalIdentityTransformer()  
      void init​(int opmode, java.security.Key key)
      Initializes this cipher with a key.
      private static boolean isValidEncryptionAlgorithm​(java.lang.String algorithm)
      Checks to ensure that the supplied algorithm is valid.
      EncryptedData loadEncryptedData​(org.w3c.dom.Document context, org.w3c.dom.Element element)
      Returns an EncryptedData interface.
      EncryptedKey loadEncryptedKey​(org.w3c.dom.Document context, org.w3c.dom.Element element)
      Returns an EncryptedKey interface.
      EncryptedKey loadEncryptedKey​(org.w3c.dom.Element element)
      Returns an EncryptedKey interface.
      org.w3c.dom.Element martial​(EncryptedData encryptedData)
      Martial an EncryptedData Takes an EncryptedData object and returns a DOM Element that represents the appropriate EncryptedData
      org.w3c.dom.Element martial​(EncryptedKey encryptedKey)
      Martial an EncryptedKey Takes an EncryptedKey object and returns a DOM Element that represents the appropriate EncryptedKey
      org.w3c.dom.Element martial​(ReferenceList referenceList)
      Martial a ReferenceList Takes a ReferenceList object and returns a DOM Element that represents the appropriate ReferenceList
      org.w3c.dom.Element martial​(org.w3c.dom.Document context, EncryptedData encryptedData)
      Martial an EncryptedData Takes an EncryptedData object and returns a DOM Element that represents the appropriate EncryptedData
      org.w3c.dom.Element martial​(org.w3c.dom.Document context, EncryptedKey encryptedKey)
      Martial an EncryptedKey Takes an EncryptedKey object and returns a DOM Element that represents the appropriate EncryptedKey
      org.w3c.dom.Element martial​(org.w3c.dom.Document context, ReferenceList referenceList)
      Martial a ReferenceList Takes a ReferenceList object and returns a DOM Element that represents the appropriate ReferenceList
      void registerInternalKeyResolver​(KeyResolverSpi keyResolver)
      This method is used to add a custom KeyResolverSpi to an XMLCipher.
      private static void removeContent​(org.w3c.dom.Node node)
      Removes the contents of a Node.
      void setKEK​(java.security.Key kek)
      Set a Key Encryption Key.
      void setSecureValidation​(boolean secureValidation)
      Set whether secure validation is enabled or not.
      void setSerializer​(Serializer serializer)
      Set the Serializer algorithm to use
      private static void validateTransformation​(java.lang.String transformation)
      Validate the transformation argument of getInstance or getProviderInstance
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • LOG

        private static final org.slf4j.Logger LOG
      • TRIPLEDES

        public static final java.lang.String TRIPLEDES
        Triple DES EDE (192 bit key) in CBC mode
        See Also:
        Constant Field Values
      • AES_128_GCM

        public static final java.lang.String AES_128_GCM
        AES 128 GCM Cipher
        See Also:
        Constant Field Values
      • AES_192_GCM

        public static final java.lang.String AES_192_GCM
        AES 192 GCM Cipher
        See Also:
        Constant Field Values
      • AES_256_GCM

        public static final java.lang.String AES_256_GCM
        AES 256 GCM Cipher
        See Also:
        Constant Field Values
      • SEED_128

        public static final java.lang.String SEED_128
        SEED 128 Cipher
        See Also:
        Constant Field Values
      • CAMELLIA_128

        public static final java.lang.String CAMELLIA_128
        CAMELLIA 128 Cipher
        See Also:
        Constant Field Values
      • CAMELLIA_192

        public static final java.lang.String CAMELLIA_192
        CAMELLIA 192 Cipher
        See Also:
        Constant Field Values
      • CAMELLIA_256

        public static final java.lang.String CAMELLIA_256
        CAMELLIA 256 Cipher
        See Also:
        Constant Field Values
      • RSA_v1dot5

        public static final java.lang.String RSA_v1dot5
        RSA 1.5 Cipher
        See Also:
        Constant Field Values
      • RSA_OAEP

        public static final java.lang.String RSA_OAEP
        RSA OAEP Cipher
        See Also:
        Constant Field Values
      • RSA_OAEP_11

        public static final java.lang.String RSA_OAEP_11
        RSA OAEP Cipher
        See Also:
        Constant Field Values
      • DIFFIE_HELLMAN

        public static final java.lang.String DIFFIE_HELLMAN
        DIFFIE_HELLMAN Cipher
        See Also:
        Constant Field Values
      • TRIPLEDES_KeyWrap

        public static final java.lang.String TRIPLEDES_KeyWrap
        Triple DES EDE (192 bit key) in CBC mode KEYWRAP
        See Also:
        Constant Field Values
      • AES_128_KeyWrap

        public static final java.lang.String AES_128_KeyWrap
        AES 128 Cipher KeyWrap
        See Also:
        Constant Field Values
      • AES_256_KeyWrap

        public static final java.lang.String AES_256_KeyWrap
        AES 256 Cipher KeyWrap
        See Also:
        Constant Field Values
      • AES_192_KeyWrap

        public static final java.lang.String AES_192_KeyWrap
        AES 192 Cipher KeyWrap
        See Also:
        Constant Field Values
      • CAMELLIA_128_KeyWrap

        public static final java.lang.String CAMELLIA_128_KeyWrap
        CAMELLIA 128 Cipher KeyWrap
        See Also:
        Constant Field Values
      • CAMELLIA_192_KeyWrap

        public static final java.lang.String CAMELLIA_192_KeyWrap
        CAMELLIA 192 Cipher KeyWrap
        See Also:
        Constant Field Values
      • CAMELLIA_256_KeyWrap

        public static final java.lang.String CAMELLIA_256_KeyWrap
        CAMELLIA 256 Cipher KeyWrap
        See Also:
        Constant Field Values
      • SEED_128_KeyWrap

        public static final java.lang.String SEED_128_KeyWrap
        SEED 128 Cipher KeyWrap
        See Also:
        Constant Field Values
      • RIPEMD_160

        public static final java.lang.String RIPEMD_160
        RIPEMD Cipher
        See Also:
        Constant Field Values
      • XML_DSIG

        public static final java.lang.String XML_DSIG
        XML Signature NS
        See Also:
        Constant Field Values
      • N14C_XML_WITH_COMMENTS

        public static final java.lang.String N14C_XML_WITH_COMMENTS
        N14C_XML with comments
        See Also:
        Constant Field Values
      • EXCL_XML_N14C

        public static final java.lang.String EXCL_XML_N14C
        N14C_XML exclusive
        See Also:
        Constant Field Values
      • EXCL_XML_N14C_WITH_COMMENTS

        public static final java.lang.String EXCL_XML_N14C_WITH_COMMENTS
        N14C_XML exclusive with comments
        See Also:
        Constant Field Values
      • PHYSICAL_XML_N14C

        public static final java.lang.String PHYSICAL_XML_N14C
        N14C_PHYSICAL preserve the physical representation
        See Also:
        Constant Field Values
      • BASE64_ENCODING

        public static final java.lang.String BASE64_ENCODING
        Base64 encoding
        See Also:
        Constant Field Values
      • HAVE_FUNCTIONAL_IDENTITY_TRANSFORMER

        private static final boolean HAVE_FUNCTIONAL_IDENTITY_TRANSFORMER
      • contextCipher

        private javax.crypto.Cipher contextCipher
        Cipher created during initialisation that is used for encryption
      • cipherMode

        private int cipherMode
        Mode that the XMLCipher object is operating in
      • algorithm

        private java.lang.String algorithm
        URI of algorithm that is being used for cryptographic operation
      • requestedJCEProvider

        private java.lang.String requestedJCEProvider
        Cryptographic provider requested by caller
      • canon

        private Canonicalizer canon
        Holds c14n to serialize, if initialized then _always_ use this c14n to serialize
      • contextDocument

        private org.w3c.dom.Document contextDocument
        Used for creation of DOM nodes in WRAP and ENCRYPT modes
      • factory

        private XMLCipher.Factory factory
        Instance of factory used to create XML Encryption objects
      • serializer

        private Serializer serializer
        Serializer class for going to/from UTF-8
      • key

        private java.security.Key key
        Local copy of user's key
      • kek

        private java.security.Key kek
        Local copy of the kek (used to decrypt EncryptedKeys during a DECRYPT_MODE operation
      • secureValidation

        private boolean secureValidation
      • digestAlg

        private java.lang.String digestAlg
      • internalKeyResolvers

        private java.util.List<KeyResolverSpi> internalKeyResolvers
        List of internal KeyResolvers for DECRYPT and UNWRAP modes.
    • Constructor Detail

      • XMLCipher

        private XMLCipher​(java.lang.String transformation,
                          java.lang.String provider,
                          java.lang.String canonAlg,
                          java.lang.String digestMethod)
                   throws XMLEncryptionException
        Creates a new XMLCipher.
        Parameters:
        transformation - the name of the transformation, e.g., XMLCipher.TRIPLEDES. If null the XMLCipher can only be used for decrypt or unwrap operations where the encryption method is defined in the EncryptionMethod element.
        provider - the JCE provider that supplies the transformation, if null use the default provider.
        canonAlg - the name of the c14n algorithm, if null use standard serializer
        digestMethod - An optional digestMethod to use.
        Throws:
        XMLEncryptionException
    • Method Detail

      • setSerializer

        public void setSerializer​(Serializer serializer)
        Set the Serializer algorithm to use
      • getSerializer

        public Serializer getSerializer()
        Get the Serializer algorithm to use
      • isValidEncryptionAlgorithm

        private static boolean isValidEncryptionAlgorithm​(java.lang.String algorithm)
        Checks to ensure that the supplied algorithm is valid.
        Parameters:
        algorithm - the algorithm to check.
        Returns:
        true if the algorithm is valid, otherwise false.
        Since:
        1.0.
      • validateTransformation

        private static void validateTransformation​(java.lang.String transformation)
        Validate the transformation argument of getInstance or getProviderInstance
        Parameters:
        transformation - the name of the transformation, e.g., XMLCipher.TRIPLEDES which is shorthand for "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
      • getInstance

        public static XMLCipher getInstance​(java.lang.String transformation)
                                     throws XMLEncryptionException
        Returns an XMLCipher that implements the specified transformation and operates on the specified context document.

        If the default provider package supplies an implementation of the requested transformation, an instance of Cipher containing that implementation is returned. If the transformation is not available in the default provider package, other provider packages are searched.

        NOTE1: The transformation name does not follow the same pattern as that outlined in the Java Cryptography Extension Reference Guide but rather that specified by the XML Encryption Syntax and Processing document. The rational behind this is to make it easier for a novice at writing Java Encryption software to use the library.

        NOTE2: getInstance() does not follow the same pattern regarding exceptional conditions as that used in javax.crypto.Cipher. Instead, it only throws an XMLEncryptionException which wraps an underlying exception. The stack trace from the exception should be self explanatory.

        Parameters:
        transformation - the name of the transformation, e.g., XMLCipher.TRIPLEDES which is shorthand for "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
        Returns:
        the XMLCipher
        Throws:
        XMLEncryptionException
        See Also:
        Cipher.getInstance(java.lang.String)
      • getInstance

        public static XMLCipher getInstance​(java.lang.String transformation,
                                            java.lang.String canon)
                                     throws XMLEncryptionException
        Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.

        Parameters:
        transformation - the name of the transformation
        canon - the name of the c14n algorithm, if null use standard serializer
        Returns:
        the XMLCipher
        Throws:
        XMLEncryptionException
      • getInstance

        public static XMLCipher getInstance​(java.lang.String transformation,
                                            java.lang.String canon,
                                            java.lang.String digestMethod)
                                     throws XMLEncryptionException
        Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.

        Parameters:
        transformation - the name of the transformation
        canon - the name of the c14n algorithm, if null use standard serializer
        digestMethod - An optional digestMethod to use
        Returns:
        the XMLCipher
        Throws:
        XMLEncryptionException
      • getProviderInstance

        public static XMLCipher getProviderInstance​(java.lang.String transformation,
                                                    java.lang.String provider)
                                             throws XMLEncryptionException
        Returns an XMLCipher that implements the specified transformation and operates on the specified context document.
        Parameters:
        transformation - the name of the transformation
        provider - the JCE provider that supplies the transformation
        Returns:
        the XMLCipher
        Throws:
        XMLEncryptionException
      • getProviderInstance

        public static XMLCipher getProviderInstance​(java.lang.String transformation,
                                                    java.lang.String provider,
                                                    java.lang.String canon)
                                             throws XMLEncryptionException
        Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.

        Parameters:
        transformation - the name of the transformation
        provider - the JCE provider that supplies the transformation
        canon - the name of the c14n algorithm, if null use standard serializer
        Returns:
        the XMLCipher
        Throws:
        XMLEncryptionException
      • getProviderInstance

        public static XMLCipher getProviderInstance​(java.lang.String transformation,
                                                    java.lang.String provider,
                                                    java.lang.String canon,
                                                    java.lang.String digestMethod)
                                             throws XMLEncryptionException
        Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.

        Parameters:
        transformation - the name of the transformation
        provider - the JCE provider that supplies the transformation
        canon - the name of the c14n algorithm, if null use standard serializer
        digestMethod - An optional digestMethod to use
        Returns:
        the XMLCipher
        Throws:
        XMLEncryptionException
      • getInstance

        public static XMLCipher getInstance()
                                     throws XMLEncryptionException
        Returns an XMLCipher that implements no specific transformation, and can therefore only be used for decrypt or unwrap operations where the encryption method is defined in the EncryptionMethod element.
        Returns:
        The XMLCipher
        Throws:
        XMLEncryptionException
      • getProviderInstance

        public static XMLCipher getProviderInstance​(java.lang.String provider)
                                             throws XMLEncryptionException
        Returns an XMLCipher that implements no specific transformation, and can therefore only be used for decrypt or unwrap operations where the encryption method is defined in the EncryptionMethod element. Allows the caller to specify a provider that will be used for cryptographic operations.
        Parameters:
        provider - the JCE provider that supplies the transformation
        Returns:
        the XMLCipher
        Throws:
        XMLEncryptionException
      • init

        public void init​(int opmode,
                         java.security.Key key)
                  throws XMLEncryptionException
        Initializes this cipher with a key.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode. For WRAP and ENCRYPT modes, this also initialises the internal EncryptedKey or EncryptedData (with a CipherValue) structure that will be used during the ensuing operations. This can be obtained (in order to modify KeyInfo elements etc. prior to finalising the encryption) by calling getEncryptedData() or getEncryptedKey().

        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key -
        Throws:
        XMLEncryptionException
        See Also:
        Cipher.init(int, java.security.Key)
      • setSecureValidation

        public void setSecureValidation​(boolean secureValidation)
        Set whether secure validation is enabled or not. The default is false.
      • registerInternalKeyResolver

        public void registerInternalKeyResolver​(KeyResolverSpi keyResolver)
        This method is used to add a custom KeyResolverSpi to an XMLCipher. These KeyResolvers are used in KeyInfo objects in DECRYPT and UNWRAP modes.
        Parameters:
        keyResolver -
      • getEncryptedData

        public EncryptedData getEncryptedData()
        Get the EncryptedData being built

        Returns the EncryptedData being built during an ENCRYPT operation. This can then be used by applications to add KeyInfo elements and set other parameters.

        Returns:
        The EncryptedData being built
      • getEncryptedKey

        public EncryptedKey getEncryptedKey()
        Get the EncryptedData being build Returns the EncryptedData being built during an ENCRYPT operation. This can then be used by applications to add KeyInfo elements and set other parameters.
        Returns:
        The EncryptedData being built
      • setKEK

        public void setKEK​(java.security.Key kek)
        Set a Key Encryption Key.

        The Key Encryption Key (KEK) is used for encrypting/decrypting EncryptedKey elements. By setting this separately, the XMLCipher class can know whether a key applies to the data part or wrapped key part of an encrypted object.

        Parameters:
        kek - The key to use for de/encrypting key data
      • martial

        public org.w3c.dom.Element martial​(EncryptedData encryptedData)
        Martial an EncryptedData Takes an EncryptedData object and returns a DOM Element that represents the appropriate EncryptedData

        Note: This should only be used in cases where the context document has been passed in via a call to doFinal.

        Parameters:
        encryptedData - EncryptedData object to martial
        Returns:
        the DOM Element representing the passed in object
      • martial

        public org.w3c.dom.Element martial​(org.w3c.dom.Document context,
                                           EncryptedData encryptedData)
        Martial an EncryptedData Takes an EncryptedData object and returns a DOM Element that represents the appropriate EncryptedData
        Parameters:
        context - The document that will own the returned nodes
        encryptedData - EncryptedData object to martial
        Returns:
        the DOM Element representing the passed in object
      • martial

        public org.w3c.dom.Element martial​(EncryptedKey encryptedKey)
        Martial an EncryptedKey Takes an EncryptedKey object and returns a DOM Element that represents the appropriate EncryptedKey

        Note: This should only be used in cases where the context document has been passed in via a call to doFinal.

        Parameters:
        encryptedKey - EncryptedKey object to martial
        Returns:
        the DOM Element representing the passed in object
      • martial

        public org.w3c.dom.Element martial​(org.w3c.dom.Document context,
                                           EncryptedKey encryptedKey)
        Martial an EncryptedKey Takes an EncryptedKey object and returns a DOM Element that represents the appropriate EncryptedKey
        Parameters:
        context - The document that will own the created nodes
        encryptedKey - EncryptedKey object to martial
        Returns:
        the DOM Element representing the passed in object
      • martial

        public org.w3c.dom.Element martial​(ReferenceList referenceList)
        Martial a ReferenceList Takes a ReferenceList object and returns a DOM Element that represents the appropriate ReferenceList

        Note: This should only be used in cases where the context document has been passed in via a call to doFinal.

        Parameters:
        referenceList - ReferenceList object to martial
        Returns:
        the DOM Element representing the passed in object
      • martial

        public org.w3c.dom.Element martial​(org.w3c.dom.Document context,
                                           ReferenceList referenceList)
        Martial a ReferenceList Takes a ReferenceList object and returns a DOM Element that represents the appropriate ReferenceList
        Parameters:
        context - The document that will own the created nodes
        referenceList - ReferenceList object to martial
        Returns:
        the DOM Element representing the passed in object
      • encryptElement

        private org.w3c.dom.Document encryptElement​(org.w3c.dom.Element element)
                                             throws java.lang.Exception
        Encrypts an Element and replaces it with its encrypted counterpart in the context Document, that is, the Document specified when one calls getInstance.
        Parameters:
        element - the Element to encrypt.
        Returns:
        the context Document with the encrypted Element having replaced the source Element.
        Throws:
        java.lang.Exception
      • encryptElementContent

        private org.w3c.dom.Document encryptElementContent​(org.w3c.dom.Element element)
                                                    throws java.lang.Exception
        Encrypts a NodeList (the contents of an Element) and replaces its parent Element's content with this the resulting EncryptedType within the context Document, that is, the Document specified when one calls getInstance.
        Parameters:
        element - the NodeList to encrypt.
        Returns:
        the context Document with the encrypted NodeList having replaced the content of the source Element.
        Throws:
        java.lang.Exception
      • doFinal

        public org.w3c.dom.Document doFinal​(org.w3c.dom.Document context,
                                            org.w3c.dom.Document source)
                                     throws java.lang.Exception
        Process a DOM Document node. The processing depends on the initialization parameters of init().
        Parameters:
        context - the context Document.
        source - the Document to be encrypted or decrypted.
        Returns:
        the processed Document.
        Throws:
        java.lang.Exception - to indicate any exceptional conditions.
      • doFinal

        public org.w3c.dom.Document doFinal​(org.w3c.dom.Document context,
                                            org.w3c.dom.Element element)
                                     throws java.lang.Exception
        Process a DOM Element node. The processing depends on the initialization parameters of init().
        Parameters:
        context - the context Document.
        element - the Element to be encrypted.
        Returns:
        the processed Document.
        Throws:
        java.lang.Exception - to indicate any exceptional conditions.
      • doFinal

        public org.w3c.dom.Document doFinal​(org.w3c.dom.Document context,
                                            org.w3c.dom.Element element,
                                            boolean content)
                                     throws java.lang.Exception
        Process the contents of a DOM Element node. The processing depends on the initialization parameters of init().
        Parameters:
        context - the context Document.
        element - the Element which contents is to be encrypted.
        content -
        Returns:
        the processed Document.
        Throws:
        java.lang.Exception - to indicate any exceptional conditions.
      • encryptData

        public EncryptedData encryptData​(org.w3c.dom.Document context,
                                         org.w3c.dom.Element element)
                                  throws java.lang.Exception
        Returns an EncryptedData interface. Use this operation if you want to have full control over the contents of the EncryptedData structure. This does not change the source document in any way.
        Parameters:
        context - the context Document.
        element - the Element that will be encrypted.
        Returns:
        the EncryptedData
        Throws:
        java.lang.Exception
      • encryptData

        public EncryptedData encryptData​(org.w3c.dom.Document context,
                                         java.lang.String type,
                                         java.io.InputStream serializedData)
                                  throws java.lang.Exception
        Returns an EncryptedData interface. Use this operation if you want to have full control over the serialization of the element or element content. This does not change the source document in any way.
        Parameters:
        context - the context Document.
        type - a URI identifying type information about the plaintext form of the encrypted content (may be null)
        serializedData - the serialized data
        Returns:
        the EncryptedData
        Throws:
        java.lang.Exception
      • encryptData

        public EncryptedData encryptData​(org.w3c.dom.Document context,
                                         org.w3c.dom.Element element,
                                         boolean contentMode)
                                  throws java.lang.Exception
        Returns an EncryptedData interface. Use this operation if you want to have full control over the contents of the EncryptedData structure. This does not change the source document in any way.
        Parameters:
        context - the context Document.
        element - the Element that will be encrypted.
        contentMode - true to encrypt element's content only, false otherwise
        Returns:
        the EncryptedData
        Throws:
        java.lang.Exception
      • encryptData

        private EncryptedData encryptData​(org.w3c.dom.Document context,
                                          org.w3c.dom.Element element,
                                          java.lang.String type,
                                          java.io.InputStream serializedData)
                                   throws java.lang.Exception
        Throws:
        java.lang.Exception
      • constructBlockCipherParameters

        private java.security.spec.AlgorithmParameterSpec constructBlockCipherParameters​(java.lang.String algorithm,
                                                                                         byte[] iv)
        Build an AlgorithmParameterSpec instance used to initialize a Cipher instance for block cipher encryption and decryption.
        Parameters:
        algorithm - the XML encryption algorithm URI
        iv - the initialization vector
        Returns:
        the newly constructed AlgorithmParameterSpec instance, appropriate for the specified algorithm
      • loadEncryptedData

        public EncryptedData loadEncryptedData​(org.w3c.dom.Document context,
                                               org.w3c.dom.Element element)
                                        throws XMLEncryptionException
        Returns an EncryptedData interface. Use this operation if you want to load an EncryptedData structure from a DOM structure and manipulate the contents.
        Parameters:
        context - the context Document.
        element - the Element that will be loaded
        Returns:
        the EncryptedData
        Throws:
        XMLEncryptionException
      • loadEncryptedKey

        public EncryptedKey loadEncryptedKey​(org.w3c.dom.Document context,
                                             org.w3c.dom.Element element)
                                      throws XMLEncryptionException
        Returns an EncryptedKey interface. Use this operation if you want to load an EncryptedKey structure from a DOM structure and manipulate the contents.
        Parameters:
        context - the context Document.
        element - the Element that will be loaded
        Returns:
        the EncryptedKey
        Throws:
        XMLEncryptionException
      • loadEncryptedKey

        public EncryptedKey loadEncryptedKey​(org.w3c.dom.Element element)
                                      throws XMLEncryptionException
        Returns an EncryptedKey interface. Use this operation if you want to load an EncryptedKey structure from a DOM structure and manipulate the contents. Assumes that the context document is the document that owns the element
        Parameters:
        element - the Element that will be loaded
        Returns:
        the EncryptedKey
        Throws:
        XMLEncryptionException
      • encryptKey

        public EncryptedKey encryptKey​(org.w3c.dom.Document doc,
                                       java.security.Key key)
                                throws XMLEncryptionException
        Encrypts a key to an EncryptedKey structure
        Parameters:
        doc - the Context document that will be used to general DOM
        key - Key to encrypt (will use previously set KEK to perform encryption
        Returns:
        the EncryptedKey
        Throws:
        XMLEncryptionException
      • encryptKey

        public EncryptedKey encryptKey​(org.w3c.dom.Document doc,
                                       java.security.Key key,
                                       java.lang.String mgfAlgorithm,
                                       byte[] oaepParams)
                                throws XMLEncryptionException
        Encrypts a key to an EncryptedKey structure
        Parameters:
        doc - the Context document that will be used to general DOM
        key - Key to encrypt (will use previously set KEK to perform encryption
        mgfAlgorithm - The xenc11 MGF Algorithm to use
        oaepParams - The OAEPParams to use
        Returns:
        the EncryptedKey
        Throws:
        XMLEncryptionException
      • encryptKey

        public EncryptedKey encryptKey​(org.w3c.dom.Document doc,
                                       java.security.Key key,
                                       java.lang.String mgfAlgorithm,
                                       byte[] oaepParams,
                                       java.security.SecureRandom random)
                                throws XMLEncryptionException
        Encrypts a key to an EncryptedKey structure
        Parameters:
        doc - the Context document that will be used to general DOM
        key - Key to encrypt (will use previously set KEK to perform encryption
        mgfAlgorithm - The xenc11 MGF Algorithm to use
        oaepParams - The OAEPParams to use
        random - The SecureRandom instance to use when initializing the Cipher
        Returns:
        the EncryptedKey
        Throws:
        XMLEncryptionException
      • decryptKey

        public java.security.Key decryptKey​(EncryptedKey encryptedKey,
                                            java.lang.String algorithm)
                                     throws XMLEncryptionException
        Decrypt a key from a passed in EncryptedKey structure
        Parameters:
        encryptedKey - Previously loaded EncryptedKey that needs to be decrypted.
        algorithm - Algorithm for the decrypted key
        Returns:
        a key corresponding to the given type
        Throws:
        XMLEncryptionException
      • constructOAEPParameters

        private javax.crypto.spec.OAEPParameterSpec constructOAEPParameters​(java.lang.String encryptionAlgorithm,
                                                                            java.lang.String digestAlgorithm,
                                                                            java.lang.String mgfAlgorithm,
                                                                            byte[] oaepParams)
        Construct an OAEPParameterSpec object from the given parameters
      • decryptKey

        public java.security.Key decryptKey​(EncryptedKey encryptedKey)
                                     throws XMLEncryptionException
        Decrypt a key from a passed in EncryptedKey structure. This version is used mainly internally, when the cipher already has an EncryptedData loaded. The algorithm URI will be read from the EncryptedData
        Parameters:
        encryptedKey - Previously loaded EncryptedKey that needs to be decrypted.
        Returns:
        a key corresponding to the given type
        Throws:
        XMLEncryptionException
      • removeContent

        private static void removeContent​(org.w3c.dom.Node node)
        Removes the contents of a Node.
        Parameters:
        node - the Node to clear.
      • decryptElement

        private org.w3c.dom.Document decryptElement​(org.w3c.dom.Element element)
                                             throws XMLEncryptionException
        Decrypts EncryptedData in a single-part operation.
        Parameters:
        element - the EncryptedData to decrypt.
        Returns:
        the Node as a result of the decrypt operation.
        Throws:
        XMLEncryptionException
      • decryptElementContent

        private org.w3c.dom.Document decryptElementContent​(org.w3c.dom.Element element)
                                                    throws XMLEncryptionException
        Parameters:
        element -
        Returns:
        the Node as a result of the decrypt operation.
        Throws:
        XMLEncryptionException
      • decryptToByteArray

        public byte[] decryptToByteArray​(org.w3c.dom.Element element)
                                  throws XMLEncryptionException
        Decrypt an EncryptedData element to a byte array. When passed in an EncryptedData node, returns the decryption as a byte array. Does not modify the source document.
        Parameters:
        element -
        Returns:
        the bytes resulting from the decryption
        Throws:
        XMLEncryptionException
      • createEncryptedData

        public EncryptedData createEncryptedData​(int type,
                                                 java.lang.String value)
                                          throws XMLEncryptionException
        Creates an EncryptedData Element. The newEncryptedData and newEncryptedKey methods create fairly complete elements that are immediately useable. All the other create* methods return bare elements that still need to be built upon.

        An EncryptionMethod will still need to be added however

        Parameters:
        type - Either REFERENCE_TYPE or VALUE_TYPE - defines what kind of CipherData this EncryptedData will contain.
        value - the Base 64 encoded, encrypted text to wrap in the EncryptedData or the URI to set in the CipherReference (usage will depend on the type
        Returns:
        the EncryptedData Element.
        Throws:
        XMLEncryptionException
      • createEncryptedKey

        public EncryptedKey createEncryptedKey​(int type,
                                               java.lang.String value)
                                        throws XMLEncryptionException
        Creates an EncryptedKey Element. The newEncryptedData and newEncryptedKey methods create fairly complete elements that are immediately useable. All the other create* methods return bare elements that still need to be built upon.

        An EncryptionMethod will still need to be added however

        Parameters:
        type - Either REFERENCE_TYPE or VALUE_TYPE - defines what kind of CipherData this EncryptedData will contain.
        value - the Base 64 encoded, encrypted text to wrap in the EncryptedKey or the URI to set in the CipherReference (usage will depend on the type
        Returns:
        the EncryptedKey Element.
        Throws:
        XMLEncryptionException
      • createAgreementMethod

        public AgreementMethod createAgreementMethod​(java.lang.String algorithm)
        Create an AgreementMethod object
        Parameters:
        algorithm - Algorithm of the agreement method
        Returns:
        a new AgreementMethod
      • createCipherData

        public CipherData createCipherData​(int type)
        Create a CipherData object
        Parameters:
        type - Type of this CipherData (either VALUE_TUPE or REFERENCE_TYPE)
        Returns:
        a new CipherData
      • createCipherReference

        public CipherReference createCipherReference​(java.lang.String uri)
        Create a CipherReference object
        Parameters:
        uri - The URI that the reference will refer
        Returns:
        a new CipherReference
      • createCipherValue

        public CipherValue createCipherValue​(java.lang.String value)
        Create a CipherValue element
        Parameters:
        value - The value to set the ciphertext to
        Returns:
        a new CipherValue
      • createEncryptionMethod

        public EncryptionMethod createEncryptionMethod​(java.lang.String algorithm)
        Create an EncryptionMethod object
        Parameters:
        algorithm - Algorithm for the encryption
        Returns:
        a new EncryptionMethod
      • createEncryptionProperties

        public EncryptionProperties createEncryptionProperties()
        Create an EncryptionProperties element
        Returns:
        a new EncryptionProperties
      • createEncryptionProperty

        public EncryptionProperty createEncryptionProperty()
        Create a new EncryptionProperty element
        Returns:
        a new EncryptionProperty
      • createReferenceList

        public ReferenceList createReferenceList​(int type)
        Create a new ReferenceList object
        Parameters:
        type - ReferenceList.DATA_REFERENCE or ReferenceList.KEY_REFERENCE
        Returns:
        a new ReferenceList
      • createTransforms

        public Transforms createTransforms()
        Create a new Transforms object

        Note: A context document must have been set elsewhere (possibly via a call to doFinal). If not, use the createTransforms(Document) method.

        Returns:
        a new Transforms
      • createTransforms

        public Transforms createTransforms​(org.w3c.dom.Document doc)
        Create a new Transforms object Because the handling of Transforms is currently done in the signature code, the creation of a Transforms object requires a context document.
        Parameters:
        doc - Document that will own the created Transforms node
        Returns:
        a new Transforms
      • haveFunctionalIdentityTransformer

        private static boolean haveFunctionalIdentityTransformer()