You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by Julien TAUPIN <ju...@ilex.fr> on 2005/09/07 15:27:29 UTC

RetrievalMethod in XMLDecrytion

Hi All
 
I work with java xmlsecurity 2.1.
 
I would like to know to get the EncryptedKey designed by in URI in a in
RetrievalMethod element.
The RetrievalMethod element is a child of a KeyInfo element, itself a child
of an EncryptedData element.
 
The RetrievalMethodResolver allows only to acces to a public key or a
certificate.
 
How can I get the EncryptedKey object.
 
This is an example of xml document containing this type of element :
 
<apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1
<http://www.apache.org/ns/#app1> " xmlns:foo="http://example.org/#foo
<http://example.org/#foo> " attr1="test1" attr2="test2" foo:attr1="foo's
test">Some simple text
<apache:child1 att1="test1"><xenc:EncryptedData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc
<http://www.w3.org/2001/04/xmlenc> #"
Type="http://www.w3.org/2001/04/xmlenc#Content"
<http://www.w3.org/2001/04/xmlenc#Content> ><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
<http://www.w3.org/2001/04/xmlenc#aes128-cbc> ></xenc:EncryptionMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig
<http://www.w3.org/2000/09/xmldsig> #">
<ds:RetrievalMethod URI='#Recipient1'
Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"/
<http://www.w3.org/2001/04/xmlenc#EncryptedKey> >
</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>xiubjAmvwjZO0iAddEq4lhOCU2vk
lbNchHjpyd/I+GA=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></
apache:child1><apache:child2 att1="test1" foo:attr1="foo's test">Child2 :
data1
Child2 : data2
</apache:child2><apache:child3>3.testtoto
<apache:child31>31
</apache:child31><apache:child32>32
<apache:child321 id="IDtest">321
</apache:child321></apache:child32></apache:child3>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc
<http://www.w3.org/2001/04/xmlenc> #" Id="Recipient1"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
<http://www.w3.org/2001/04/xmlenc#rsa-1_5> ></xenc:EncryptionMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig
<http://www.w3.org/2000/09/xmldsig> #">
<ds:X509Data>
<ds:X509Certificate>
MIIDSDCCArGgAwIBAgIIGodjBVfpSx8wDQYJKoZIhvcNAQEFBQAwLzERMA8GA1UEAxMIQUMtZW1h
aWwxDTALBgNVBAoTBGlsZXgxCzAJBgNVBAYTAmZyMB4XDTA1MDEyNzEzMTgyMVoXDTA3MDEyNzEz
MjgyMVowajEjMCEGCSqGSIb3DQEJARYUYXBwbGF0b29AaWxleC1zaS5jb20xETAPBgNVBAMTCGFw
cGxhdG9vMREwDwYDVQQqEwhhcHBsYXRvbzEQMA4GA1UEBBMHUmVjZXR0ZTELMAkGA1UEBhMCRlIw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMS2Ki0wv46ZaTp37On5oq6xzs0Cx4fZsKMyZ6cc
zyxCoAeCY/N/zdPl0Gh0O9yjRXIGknzHgLlr0M2XHZfSDPuRl+2K3Uh6TjCWbNi83zuRsl94U+A+
bJI2PysB0MVLPEqyX0bgfOaEMtSrqgmfZgjoRwR4oF1ahiM+OHDFuaHLAgMBAAGjggEwMIIBLDAM
BgNVHRMEBTADAQEAMA8GA1UdDwEB/wQFAwMH8AAwEwYDVR0lBAwwCgYIKwYBBQUHAwQwHQYDVR0O
BBYEFAnO7NCiFxjdzY3OUly1A10oAq0lMB8GA1UdIwQYMBaAFCAndWWgFYPA1nORAZ8nkitEEeMv
MDoGA1UdEQQzMDGBFGFwcGxhdG9vQGlsZXgtc2kuY29toBkGCisGAQQBgjcUAgOgCwwJYXBwbGF0
b29AMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly93d3cuaWxleC5mci9vY3NwL2NybGRwP2NuPUlw
a2l6eUVtYWlsMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL3d3dy5pbGV4LmZy
L29jc3Avb2NzcHNydjANBgkqhkiG9w0BAQUFAAOBgQAibTBDEuEvihNSwSuI5Gncm2OJUBPFVdCg
N0ESuHnLkrglLG8+JNUaUZFZtDBMY8YzgCDPwEjya27ofRuJg69Op1KBvH77y3xVOAe3tikby0Xs
0/U5FPp1Jo0xlczyLZz1C5UBraJRFr6JEsyImE9+r9GGp4va7FptAtuSdvqW1Q==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>PhoahxIVk7XktcsO9/jVFzARACBh
gTTck8rH3mHoGItxE8RmNqkjo6xxDNIql0tGZUrzPRcvyTcD
GnFHaqT1GUpkfD+jxV+kkvouuzT7tocujWVPiX3z40MBbUAhVXAyjuOGM91EY0PRRkuRDzsNWs9C
6qjhotc9yyf2Hp1r6d0=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey
></apache:RootElement>
Julien TAUPIN,

ILEX Systèmes Informatiques,

51, Bd Voltaire 92 600 ASNIERES (FRANCE),

Tél : (33-1) 46 88 03 40, Fax (33-1) 46 88 03 41,

Internet : site
<file:///C:/Documents%20and%20Settings/jtau.ILEX/Application%20Data/Microsof
t/Signatures/www.ilex-si.com> www.ilex-si.com, email
<ma...@ilex-si.com> mailto:julien.taupin@ilex-si.com

Re: RetrievalMethod in XMLDecrytion

Posted by Sean Mullan <Se...@Sun.COM>.

I am not familiar with the RetrievalMethodResolver class - however if 
you wait until the next release of XMLSec (1.4), the JSR 105 API will be 
included and it allows you to create your own URIDereferencer 
implementation for resolving RetrievalMethod URIs (of any type).

--Sean

Julien TAUPIN wrote:
> Hi All
>  
> I work with java xmlsecurity 2.1.
>  
> I would like to know to get the EncryptedKey designed by in URI in a 
> in RetrievalMethod element.
> The RetrievalMethod element is a child of a KeyInfo element, itself a 
> child of an EncryptedData element.
>  
> The RetrievalMethodResolver allows only to acces to a public key or a 
> certificate.
>  
> How can I get the EncryptedKey object.
>  
> This is an example of xml document containing this type of element :
>  
> <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1" 
> xmlns:foo="http://example.org/#foo" attr1="test1" attr2="test2" 
> foo:attr1="foo's test">Some simple text
> <apache:child1 att1="test1"><xenc:EncryptedData 
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" 
> Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod 
> <http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod> 
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"></xenc:EncryptionMethod 
> <http://www.w3.org/2001/04/xmlenc#aes128-cbc"></xenc:EncryptionMethod>>
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:RetrievalMethod URI='#Recipient1' 
> Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"/>
> </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>xiubjAmvwjZO0iAddEq4lhOCU2vklbNchHjpyd/I+GA=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></apache:child1><apache:child2 
> att1="test1" foo:attr1="foo's test">Child2 : data1
> Child2 : data2
> </apache:child2><apache:child3>3.testtoto
> <apache:child31>31
> </apache:child31><apache:child32>32
> <apache:child321 id="IDtest">321
> </apache:child321></apache:child32></apache:child3>
> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" 
> Id="Recipient1"><xenc:EncryptionMethod 
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"></xenc:EncryptionMethod 
> <http://www.w3.org/2001/04/xmlenc#rsa-1_5"></xenc:EncryptionMethod>>
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:X509Data>
> <ds:X509Certificate>
> MIIDSDCCArGgAwIBAgIIGodjBVfpSx8wDQYJKoZIhvcNAQEFBQAwLzERMA8GA1UEAxMIQUMtZW1h
> aWwxDTALBgNVBAoTBGlsZXgxCzAJBgNVBAYTAmZyMB4XDTA1MDEyNzEzMTgyMVoXDTA3MDEyNzEz
> MjgyMVowajEjMCEGCSqGSIb3DQEJARYUYXBwbGF0b29AaWxleC1zaS5jb20xETAPBgNVBAMTCGFw
> cGxhdG9vMREwDwYDVQQqEwhhcHBsYXRvbzEQMA4GA1UEBBMHUmVjZXR0ZTELMAkGA1UEBhMCRlIw
> gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMS2Ki0wv46ZaTp37On5oq6xzs0Cx4fZsKMyZ6cc
> zyxCoAeCY/N/zdPl0Gh0O9yjRXIGknzHgLlr0M2XHZfSDPuRl+2K3Uh6TjCWbNi83zuRsl94U+A+
> bJI2PysB0MVLPEqyX0bgfOaEMtSrqgmfZgjoRwR4oF1ahiM+OHDFuaHLAgMBAAGjggEwMIIBLDAM
> BgNVHRMEBTADAQEAMA8GA1UdDwEB/wQFAwMH8AAwEwYDVR0lBAwwCgYIKwYBBQUHAwQwHQYDVR0O
> BBYEFAnO7NCiFxjdzY3OUly1A10oAq0lMB8GA1UdIwQYMBaAFCAndWWgFYPA1nORAZ8nkitEEeMv
> MDoGA1UdEQQzMDGBFGFwcGxhdG9vQGlsZXgtc2kuY29toBkGCisGAQQBgjcUAgOgCwwJYXBwbGF0
> b29AMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly93d3cuaWxleC5mci9vY3NwL2NybGRwP2NuPUlw
> a2l6eUVtYWlsMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL3d3dy5pbGV4LmZy
> L29jc3Avb2NzcHNydjANBgkqhkiG9w0BAQUFAAOBgQAibTBDEuEvihNSwSuI5Gncm2OJUBPFVdCg
> N0ESuHnLkrglLG8+JNUaUZFZtDBMY8YzgCDPwEjya27ofRuJg69Op1KBvH77y3xVOAe3tikby0Xs
> 0/U5FPp1Jo0xlczyLZz1C5UBraJRFr6JEsyImE9+r9GGp4va7FptAtuSdvqW1Q==
> </ds:X509Certificate>
> </ds:X509Data>
> </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>PhoahxIVk7XktcsO9/jVFzARACBhgTTck8rH3mHoGItxE8RmNqkjo6xxDNIql0tGZUrzPRcvyTcD
> GnFHaqT1GUpkfD+jxV+kkvouuzT7tocujWVPiX3z40MBbUAhVXAyjuOGM91EY0PRRkuRDzsNWs9C
> 6qjhotc9yyf2Hp1r6d0=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></apache:RootElement>
> 
> Julien TAUPIN,
> 
> ILEX Systèmes Informatiques,
> 
> 51, Bd Voltaire 92 600 ASNIERES (FRANCE),
> 
> Tél : (33-1) 46 88 03 40, Fax (33-1) 46 88 03 41,
> 
> Internet : site _www.ilex-si.com_ 
> <file:///C:/Documents%20and%20Settings/jtau.ILEX/Application%20Data/Microsoft/Signatures/www.ilex-si.com>, 
> email _mailto:julien.taupin@ilex-si.com_
> 
>