blautenb 2003/11/17 02:35:47
Added: src/org/apache/xml/security/keys/keyresolver/implementations
EncryptedKeyResolver.java
Log:
Implementation of KeyResolver for EncryptedKey elements
Revision Changes Path
1.1
xml-security/src/org/apache/xml/security/keys/keyresolver/implementations/EncryptedKeyResolver.java
Index: EncryptedKeyResolver.java
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "<WebSig>" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 2001, Institute for
* Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>.
* The development of this software was partly funded by the European
* Commission in the <WebSig> project in the ISIS Programme.
* For more information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.xml.security.keys.keyresolver.implementations;
import java.security.Key;
import javax.crypto.SecretKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import javax.xml.transform.TransformerException;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.EncryptedKey;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.keyresolver.KeyResolverException;
import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
import org.apache.xml.security.keys.storage.StorageResolver;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.EncryptionConstants;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Element;
/**
* The <code>EncryptedKeyResolver</code> is not a generic resolver. It can
* only be for specific instantiations, as the key being unwrapped will
* always be of a particular type and will always have been wrapped by
* another key which needs to be recursively resolved.
*
* The <code>EncryptedKeyResolver</code> can therefore only be instantiated
* with an algorithm. It can also be instantiated with a key (the KEK) or
* will search the static KeyResolvers to find the appropriate key.
*
* @author Berin Lautenbach
*/
public class EncryptedKeyResolver extends KeyResolverSpi {
/** [EMAIL PROTECTED] org.apache.commons.logging} logging facility */
static org.apache.commons.logging.Log log =
org.apache.commons.logging.LogFactory.getLog(
RSAKeyValueResolver.class.getName());
Key _key;
Key _kek;
String _algorithm;
/**
* Constructor for use when a KEK needs to be derived from a KeyInfo
* list
*/
public EncryptedKeyResolver(String algorithm) {
_key = null;
_kek = null;
}
/**
* Constructor used for when a KEK has been set
*/
public EncryptedKeyResolver(String algorithm, Key kek) {
_key = null;
_algorithm = algorithm;
_kek = kek;
}
/**
* Method engineCanResolve
*
* @param element
* @param BaseURI
* @param storage
*
*/
public boolean engineCanResolve(Element element, String BaseURI,
StorageResolver storage) {
log.debug("EncryptedKeyResolver - Can I resolve " +
element.getTagName());
if (element == null) {
return false;
}
boolean isEncryptedKey = XMLUtils.elementIsInEncryptionSpace(element,
EncryptionConstants._TAG_ENCRYPTEDKEY);
if (isEncryptedKey) {
log.debug("Passed an Encrypted Key");
try {
XMLCipher cipher = XMLCipher.getInstance();
cipher.init(XMLCipher.UNWRAP_MODE, _kek);
EncryptedKey ek = cipher.loadEncryptedKey(element);
_key = cipher.decryptKey(ek, _algorithm);
}
catch (Exception e) {}
}
return (_key != null);
}
/**
* Method engineResolvePublicKey
*
* @param element
* @param BaseURI
* @param storage
* @return null if no [EMAIL PROTECTED] PublicKey} could be obtained
* @throws KeyResolverException
*/
public PublicKey engineResolvePublicKey(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
return null;
}
/**
* Method engineResolveX509Certificate
*
* @param element
* @param BaseURI
* @param storage
*
* @throws KeyResolverException
*/
public X509Certificate engineResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
return null;
}
/**
* Method engineResolveSecretKey
*
* @param element
* @param BaseURI
* @param storage
*
* @throws KeyResolverException
*/
public javax.crypto.SecretKey engineResolveSecretKey(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
return (SecretKey) _key;
}
}
