phax commented on code in PR #234: URL: https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383659525
########## src/main/java/org/apache/xml/security/keys/content/AgreementMethodImpl.java: ########## @@ -0,0 +1,324 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.xml.security.keys.content; + +import org.apache.xml.security.encryption.AgreementMethod; +import org.apache.xml.security.encryption.KeyDerivationMethod; +import org.apache.xml.security.encryption.XMLEncryptionException; +import org.apache.xml.security.encryption.params.ConcatKeyDerivationParameter; +import org.apache.xml.security.encryption.params.KeyAgreementParameterSpec; +import org.apache.xml.security.exceptions.XMLSecurityException; +import org.apache.xml.security.keys.OriginatorKeyInfo; +import org.apache.xml.security.keys.RecipientKeyInfo; +import org.apache.xml.security.keys.derivedKey.ConcatKDFParamsImpl; +import org.apache.xml.security.keys.derivedKey.KeyDerivationMethodImpl; +import org.apache.xml.security.utils.*; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import java.lang.System.Logger; +import java.lang.System.Logger.Level; +import java.net.URI; +import java.net.URISyntaxException; +import java.security.PublicKey; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; + + +/** + * The implementation of the AgreementMethod interface. The element contains a information about + * the key agreement algorithm for deriving the encryption key. + * + */ +public class AgreementMethodImpl extends EncryptionElementProxy implements KeyInfoContent, AgreementMethod { + protected static final Logger LOG = System.getLogger(AgreementMethodImpl.class.getName()); + + private byte[] kaNonce; + private List<Element> agreementMethodInformation; + private KeyDerivationMethod keyDerivationMethod; + private OriginatorKeyInfo originatorKeyInfo; + private RecipientKeyInfo recipientKeyInfo; + private String algorithmURI; + + /** + * Constructor AgreementMethodImpl for generating AgreementMethod from scratch based on {@link KeyAgreementParameterSpec}. + * The constructor generates {@link KeyDerivationMethod} if given and {@link OriginatorKeyInfo} based on originator + * public key for ECDH-ES key agreement. It generates a placeholder element for RecipientKeyInfo. The recipient key info value + * must be set later. + * + * @param doc the {@link Document} in which <code>AgreementMethod</code> will be placed + * @param keyAgreementParameter the {@link KeyAgreementParameterSpec} from which <code>AgreementMethod</code> will be generated + * @throws XMLEncryptionException + */ + public AgreementMethodImpl(Document doc, KeyAgreementParameterSpec keyAgreementParameter) throws XMLEncryptionException { + this(doc, keyAgreementParameter.getKeyAgreementAlgorithm()); + + if (keyAgreementParameter.getKeyDerivationParameter() != null) { + KeyDerivationMethod keyDerivationMethod = createKeyDerivationMethod(keyAgreementParameter); + setKeyDerivationMethod(keyDerivationMethod); + } + // if ephemeral static key agreement then add originator public key automatically + if (EncryptionConstants.ALGO_ID_KEYAGREEMENT_ECDH_ES.equals(keyAgreementParameter.getKeyAgreementAlgorithm())) { + setOriginatorPublicKey(keyAgreementParameter.getOriginatorPublicKey()); + } + // set recipient key info holder + RecipientKeyInfo recipientKeyInfo = new RecipientKeyInfo(getDocument()); + setRecipientKeyInfo(recipientKeyInfo); + } + + /** + * Constructor AgreementMethodImpl for generating AgreementMethod from scratch based on algorithm URI. The constructor + * builds a placeholder element for {@link KeyDerivationMethod}, {@link OriginatorKeyInfo} and {@link RecipientKeyInfo}. The values for these elements + * must be set later. + * + * @param algorithm the algorithm URI for the key agreement algorithm + */ + public AgreementMethodImpl(Document doc, String algorithm) { + super(doc); + + agreementMethodInformation = new LinkedList<>(); + URI tmpAlgorithm; + try { + tmpAlgorithm = new URI(algorithm); + } catch (URISyntaxException ex) { + throw new IllegalArgumentException("Algorithm [" + algorithm + "] is not URI ", ex); + } + algorithmURI = tmpAlgorithm.toString(); + + setLocalAttribute(Constants._ATT_ALGORITHM, algorithmURI); + } + + /** + * Constructor AgreementMethodImpl based on XML {@link Element}. + * + * @param element the XML {@link Element} containing AgreementMethod information + * @throws XMLSecurityException + */ + public AgreementMethodImpl(Element element) throws XMLSecurityException { + super(element, EncryptionConstants.EncryptionSpecNS); + } + + /** + * {@inheritDoc} + */ + @Override + public byte[] getKANonce() { + return kaNonce; + } + + /** + * {@inheritDoc} + */ + @Override + public void setKANonce(byte[] kanonce) { + kaNonce = kanonce; + } + + /** + * {@inheritDoc} + */ + @Override + public Iterator<Element> getAgreementMethodInformation() { + return agreementMethodInformation.iterator(); + } + + /** + * {@inheritDoc} + */ + @Override + public void addAgreementMethodInformation(Element info) { + agreementMethodInformation.add(info); + } + + /** + * {@inheritDoc} + */ + @Override + public void removeAgreementMethodInformation(Element info) { + agreementMethodInformation.remove(info); + } + + /** + * {@inheritDoc} + */ + @Override + public KeyDerivationMethod getKeyDerivationMethod() throws XMLSecurityException { + + if (keyDerivationMethod != null) { + return keyDerivationMethod; + } + + Element keyDerivationMethodElement = + XMLUtils.selectXenc11Node(getElement().getFirstChild(), EncryptionConstants._TAG_KEYDERIVATIONMETHOD, 0); + + if (keyDerivationMethodElement == null) { + return null; + } + keyDerivationMethod = new KeyDerivationMethodImpl(keyDerivationMethodElement, baseURI); + + + return keyDerivationMethod; + } + + /** + * {@inheritDoc} + */ + @Override + public void setKeyDerivationMethod(KeyDerivationMethod keyDerivationMethod) { + this.keyDerivationMethod = keyDerivationMethod; + if (keyDerivationMethod instanceof ElementProxy) { + appendSelf((ElementProxy) keyDerivationMethod); + addReturnToSelf(); + } else { + LOG.log(Level.WARNING, "KeyDerivationMethod is set but is not an instance of ElementProxy. The DOM node is lost upon serialization."); Review Comment: Maybe the effective class of `keyDerivationMethod` could be part of the log message to help spot errors more easily? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@santuario.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
