You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2003/10/19 12:58:59 UTC
cvs commit: xml-security/c/src/xenc/impl XENCAlgorithmHandlerDefault.cpp XENCAlgorithmHandlerDefault.hpp XENCCipherDataImpl.cpp XENCCipherImpl.cpp XENCCipherImpl.hpp
blautenb 2003/10/19 03:58:59
Modified: c/src/xenc XENCCipher.hpp
c/src/xenc/impl XENCAlgorithmHandlerDefault.cpp
XENCAlgorithmHandlerDefault.hpp
XENCCipherDataImpl.cpp XENCCipherImpl.cpp
XENCCipherImpl.hpp
Log:
Support for RSA encryption + InputStream format output of decryption
Revision Changes Path
1.8 +41 -1 xml-security/c/src/xenc/XENCCipher.hpp
Index: XENCCipher.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xenc/XENCCipher.hpp,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- XENCCipher.hpp 6 Oct 2003 12:16:37 -0000 1.7
+++ XENCCipher.hpp 19 Oct 2003 10:58:59 -0000 1.8
@@ -84,6 +84,7 @@
class XENCEncryptedData;
class XENCEncryptedKey;
class XSECKeyInfoResolver;
+class XSECBinTXFMInputStream;
/**
* @defgroup xenc XML Encryption Implementation
@@ -150,6 +151,27 @@
) = 0;
/**
+ * \brief Decrypt the nominated element and put the output to an InputStream.
+ *
+ * Decrypts the passed in element, which must be the root
+ * node of a \<EncryptedData\> method.
+ *
+ * This call does not change the source DOM in any way. It simply
+ * processes the encrypted data and provides an InputStream that the
+ * caller can read from to read the plain text data.
+ *
+ * @param element Root of EncryptedData DOM structyre to decrypt
+ * @returns A BinInputStream object that the application can use to
+ * read the decrypted data.
+ * @throws XSECException if the decryption fails, or if this is
+ * not a valid EncryptedData DOM structure.
+ */
+
+ virtual XSECBinTXFMInputStream * decryptToBinInputStream(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element
+ ) = 0;
+
+ /**
* \brief Decrypt a key
*
* Reads in the passed in KeyInfo structure for an EncryptedKey and
@@ -162,6 +184,24 @@
virtual int decryptKey(
XENCEncryptedKey * encryptedKey,
+ XMLByte * rawKey,
+ int maxKeySize
+ ) = 0;
+
+ /**
+ * \brief Decrypt a key directly from DOM
+ *
+ * Loads an EncryptedKey from DOM and then decrypts the key.
+ * If a NULL buffer is passed in, will simply load the key and return
+ *
+ * @param keyNode Node to load from
+ * @param rawKey Buffer to decrypt to
+ * @param maxKeySize Length of rawKey buffer
+ * @returns The number of bytes decrypted
+ */
+
+ virtual int decryptKey(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * keyNode,
XMLByte * rawKey,
int maxKeySize
) = 0;
1.4 +279 -1 xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.cpp
Index: XENCAlgorithmHandlerDefault.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.cpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- XENCAlgorithmHandlerDefault.cpp 13 Oct 2003 11:08:39 -0000 1.3
+++ XENCAlgorithmHandlerDefault.cpp 19 Oct 2003 10:58:59 -0000 1.4
@@ -129,8 +129,58 @@
"XENCAlgorithmHandlerDefault - 3DES Algorithm, but not a 3DES key");
}
+
+ return;
+ }
+
+ if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_CBC)) {
+
+ // 3 Key 3DES in CBC mode.
+ if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
+ dynamic_cast<XSECCryptoSymmetricKey *>(key)->getSymmetricKeyType() !=
+ XSECCryptoSymmetricKey::KEY_AES_CBC_128) {
+
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault - AES128 Algorithm, but not a AES128 key");
+
+ }
+
+ return;
}
+ if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_CBC)) {
+
+ // 3 Key 3DES in CBC mode.
+ if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
+ dynamic_cast<XSECCryptoSymmetricKey *>(key)->getSymmetricKeyType() !=
+ XSECCryptoSymmetricKey::KEY_AES_CBC_192) {
+
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault - AES192 Algorithm, but not a AES192 key");
+
+ }
+
+ return;
+ }
+
+ if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_CBC)) {
+
+ // 3 Key 3DES in CBC mode.
+ if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
+ dynamic_cast<XSECCryptoSymmetricKey *>(key)->getSymmetricKeyType() !=
+ XSECCryptoSymmetricKey::KEY_AES_CBC_256) {
+
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault - AES256 Algorithm, but not a AES256 key");
+
+ }
+
+ return;
+ }
+
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault - URI not recognised for Symmetric Key encryption check");
+
}
unsigned int XENCAlgorithmHandlerDefault::unwrapKeyAES(
@@ -358,6 +408,32 @@
#endif
// --------------------------------------------------------------------------------
+// InputStream decryption
+// --------------------------------------------------------------------------------
+
+bool XENCAlgorithmHandlerDefault::appendDecryptCipherTXFM(
+ TXFMChain * cipherText,
+ XENCEncryptionMethod * encryptionMethod,
+ XSECCryptoKey * key,
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * doc
+ ) {
+
+ // We only support this for bulk Symmetric key algorithms
+
+ mapURIToKey(encryptionMethod->getAlgorithm(), key);
+
+ // Add the decryption TXFM
+
+ TXFMCipher * tcipher;
+ XSECnew(tcipher, TXFMCipher(doc, key, false));
+
+ cipherText->appendTxfm(tcipher);
+
+ return true;
+}
+
+
+// --------------------------------------------------------------------------------
// SafeBuffer decryption
// --------------------------------------------------------------------------------
@@ -387,14 +463,90 @@
}
+ if (strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIKW_AES192)) {
+
+ if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
+ dynamic_cast<XSECCryptoSymmetricKey *>(key)->getSymmetricKeyType() !=
+ XSECCryptoSymmetricKey::KEY_AES_ECB_192) {
+
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault - 192bit AES Algorithm, but not a AES (ECB) 192 bit key");
+
+ }
+
+ isAESKeyWrap = true;
+
+ }
+
+ if (strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIKW_AES256)) {
+
+ if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
+ dynamic_cast<XSECCryptoSymmetricKey *>(key)->getSymmetricKeyType() !=
+ XSECCryptoSymmetricKey::KEY_AES_ECB_256) {
+
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault - 256bit AES Algorithm, but not a AES (ECB) 256 bit key");
+
+ }
+
+ isAESKeyWrap = true;
+
+ }
+
if (isAESKeyWrap == true) {
return unwrapKeyAES(cipherText, key, result);
}
+ // Is this an RSA key?
+ if (strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIRSA_1_5)) {
+
+ if (key->getKeyType() != XSECCryptoKey::KEY_RSA_PRIVATE &&
+ key->getKeyType() != XSECCryptoKey::KEY_RSA_PAIR) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault - RSA Decrypt URI but not an RSA key");
+ }
+
+ XSECCryptoKeyRSA * rsa = dynamic_cast<XSECCryptoKeyRSA *>(key);
+ // Allocate an output buffer
+ unsigned char * decBuf;
+ XSECnew(decBuf, unsigned char[rsa->getLength()]);
+ ArrayJanitor<unsigned char> j_decBuf(decBuf);
+ // Input
+ TXFMBase * b = cipherText->getLastTxfm();
+ safeBuffer cipherSB;
+ XMLByte buf[1024];
+ unsigned int offset = 0;
+
+ int bytesRead = b->readBytes(buf, 1024);
+ while (bytesRead > 0) {
+ cipherSB.sbMemcpyIn(offset, buf, bytesRead);
+ offset += bytesRead;
+ bytesRead = b->readBytes(buf, 1024);
+ }
+
+
+ // Do decrypt
+ unsigned int decryptLen = rsa->privateDecrypt(cipherSB.rawBuffer(),
+ decBuf,
+ offset,
+ rsa->getLength(),
+ XSECCryptoKeyRSA::PAD_PKCS_1_5,
+ HASH_NONE,
+ NULL,
+ 0);
+
+ // Copy to output
+ result.sbMemcpyIn(decBuf, decryptLen);
+
+ memset(decBuf, 0, decryptLen);
+
+ return decryptLen;
+
+ }
// The default case is to just do a standard, padded block decrypt.
// So the only thing we have to do is ensure key type matches URI.
@@ -459,12 +611,102 @@
}
+ if (strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIKW_AES192)) {
+
+ if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
+ dynamic_cast<XSECCryptoSymmetricKey *>(key)->getSymmetricKeyType() !=
+ XSECCryptoSymmetricKey::KEY_AES_ECB_192) {
+
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault - 192bit AES Algorithm, but not a AES (ECB) 192 bit key");
+
+ }
+
+ isAESKeyWrap = true;
+
+ }
+
+ if (strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIKW_AES256)) {
+
+ if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
+ dynamic_cast<XSECCryptoSymmetricKey *>(key)->getSymmetricKeyType() !=
+ XSECCryptoSymmetricKey::KEY_AES_ECB_256) {
+
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault - 256bit AES Algorithm, but not a AES (ECB) 256 bit key");
+
+ }
+
+ isAESKeyWrap = true;
+
+ }
+
if (isAESKeyWrap == true) {
return wrapKeyAES(plainText, key, result);
}
+ // Is this an RSA key?
+ if (strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIRSA_1_5)) {
+
+ if (key->getKeyType() != XSECCryptoKey::KEY_RSA_PUBLIC &&
+ key->getKeyType() != XSECCryptoKey::KEY_RSA_PAIR) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault - RSA Encrypt URI but not an RSA public key");
+ }
+
+ XSECCryptoKeyRSA * rsa = dynamic_cast<XSECCryptoKeyRSA *>(key);
+
+ // Allocate an output buffer
+ unsigned char * encBuf;
+ XSECnew(encBuf, unsigned char[rsa->getLength()]);
+ ArrayJanitor<unsigned char> j_encBuf(encBuf);
+
+ // Input
+ TXFMBase * b = plainText->getLastTxfm();
+ safeBuffer plainSB;
+ plainSB.isSensitive();
+
+ XMLByte buf[1024];
+ unsigned int offset = 0;
+
+ int bytesRead = b->readBytes(buf, 1024);
+ while (bytesRead > 0) {
+ plainSB.sbMemcpyIn(offset, buf, bytesRead);
+ offset += bytesRead;
+ bytesRead = b->readBytes(buf, 1024);
+ }
+
+
+ // Do decrypt
+ unsigned int encryptLen = rsa->publicEncrypt(plainSB.rawBuffer(),
+ encBuf,
+ offset,
+ rsa->getLength(),
+ XSECCryptoKeyRSA::PAD_PKCS_1_5,
+ HASH_NONE,
+ NULL,
+ 0);
+
+ // Now need to base64 encode
+ XSECCryptoBase64 * b64 =
+ XSECPlatformUtils::g_cryptoProvider->base64();
+ Janitor<XSECCryptoBase64> j_b64(b64);
+
+ b64->encodeInit();
+ encryptLen = b64->encode(encBuf, encryptLen, buf, 1024);
+ result.sbMemcpyIn(buf, encryptLen);
+ unsigned int finalLen = b64->encodeFinish(buf, 1024);
+ result.sbMemcpyIn(encryptLen, buf, finalLen);
+ result[encryptLen + finalLen] = '\0';
+
+ // This is a string, so set the buffer correctly
+ result.setBufferType(safeBuffer::BUFFER_CHAR);
+
+ return true;
+
+ }
// Check the URI and key match
@@ -503,6 +745,42 @@
// 3 Key 3DES in CBC mode.
XSECCryptoSymmetricKey * sk =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_CBC_192);
+
+ sk->setKey(keyBuffer, keyLen);
+
+ return sk;
+
+ }
+
+ if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_CBC)) {
+
+ // AES 128bit key in CBC mode.
+ XSECCryptoSymmetricKey * sk =
+ XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_CBC_128);
+
+ sk->setKey(keyBuffer, keyLen);
+
+ return sk;
+
+ }
+
+ if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_CBC)) {
+
+ // AES 192bit key in CBC mode.
+ XSECCryptoSymmetricKey * sk =
+ XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_CBC_192);
+
+ sk->setKey(keyBuffer, keyLen);
+
+ return sk;
+
+ }
+
+ if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_CBC)) {
+
+ // AES 192bit key in CBC mode.
+ XSECCryptoSymmetricKey * sk =
+ XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_CBC_256);
sk->setKey(keyBuffer, keyLen);
1.3 +8 -1 xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.hpp
Index: XENCAlgorithmHandlerDefault.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.hpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- XENCAlgorithmHandlerDefault.hpp 3 Oct 2003 09:50:05 -0000 1.2
+++ XENCAlgorithmHandlerDefault.hpp 19 Oct 2003 10:58:59 -0000 1.3
@@ -97,6 +97,13 @@
safeBuffer & result
);
+ virtual bool appendDecryptCipherTXFM(
+ TXFMChain * cipherText,
+ XENCEncryptionMethod * encryptionMethod,
+ XSECCryptoKey * key,
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * doc
+ );
+
virtual bool encryptToSafeBuffer(
TXFMChain * plainText,
XENCEncryptionMethod * encryptionMethod,
1.6 +3 -2 xml-security/c/src/xenc/impl/XENCCipherDataImpl.cpp
Index: XENCCipherDataImpl.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xenc/impl/XENCCipherDataImpl.cpp,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- XENCCipherDataImpl.cpp 6 Oct 2003 12:16:37 -0000 1.5
+++ XENCCipherDataImpl.cpp 19 Oct 2003 10:58:59 -0000 1.6
@@ -239,7 +239,8 @@
// Set the type
if (type == VALUE_TYPE) {
- // Should set the type attribute
+ // Should also set in the DOM
+ m_cipherDataType = VALUE_TYPE;
// Create the Cipher Value
XSECnew(mp_cipherValue, XENCCipherValueImpl(mp_env));
1.9 +180 -1 xml-security/c/src/xenc/impl/XENCCipherImpl.cpp
Index: XENCCipherImpl.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xenc/impl/XENCCipherImpl.cpp,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- XENCCipherImpl.cpp 13 Oct 2003 11:08:39 -0000 1.8
+++ XENCCipherImpl.cpp 19 Oct 2003 10:58:59 -0000 1.9
@@ -82,6 +82,7 @@
#include <xsec/framework/XSECAlgorithmMapper.hpp>
#include <xsec/framework/XSECAlgorithmHandler.hpp>
#include <xsec/utils/XSECPlatformUtils.hpp>
+#include <xsec/utils/XSECBinTXFMInputStream.hpp>
#include "XENCCipherImpl.hpp"
#include "XENCEncryptedDataImpl.hpp"
@@ -183,7 +184,13 @@
// Register default encryption algorithm handlers
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURI3DES_CBC, def);
+ XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIAES128_CBC, def);
+ XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIAES192_CBC, def);
+ XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIAES256_CBC, def);
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIKW_AES128, def);
+ XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIKW_AES192, def);
+ XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIKW_AES256, def);
+ XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIRSA_1_5, def);
}
@@ -381,6 +388,56 @@
// Decrypt an Element and replace in original document
// --------------------------------------------------------------------------------
+XSECCryptoKey * XENCCipherImpl::decryptKeyFromKeyInfoList(DSIGKeyInfoList * kil) {
+
+ XSECCryptoKey * ret = NULL;
+ XSECAlgorithmHandler *handler;
+
+ int kLen = kil->getSize();
+
+ for (int i = 0; ret == NULL && i < kLen ; ++ i) {
+
+ if (kil->item(i)->getKeyInfoType() == DSIGKeyInfo::KEYINFO_ENCRYPTEDKEY) {
+
+ XENCEncryptedKey * ek = dynamic_cast<XENCEncryptedKey*>(kil->item(i));
+ volatile XMLByte buffer[1024];
+ try {
+ // Have to cast off volatile
+ int keySize = decryptKey(ek, (XMLByte *) buffer, 1024);
+
+ if (keySize > 0) {
+ // Try to map the key
+
+ XENCEncryptionMethod * encryptionMethod =
+ mp_encryptedData->getEncryptionMethod();
+
+ if (encryptionMethod != NULL) {
+
+ handler =
+ XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(
+ mp_encryptedData->getEncryptionMethod()->getAlgorithm());
+
+ if (handler != NULL)
+ ret = handler->createKeyForURI(
+ mp_encryptedData->getEncryptionMethod()->getAlgorithm(),
+ (XMLByte *) buffer,
+ keySize);
+ }
+ }
+ } catch (...) {
+ memset((void *) buffer, 0, 1024);
+ throw;
+ }
+
+ // Clear out the key buffer
+ memset((void *) buffer, 0, 1024);
+ }
+ }
+
+ return ret;
+}
+
+
DOMDocument * XENCCipherImpl::decryptElement(DOMElement * element) {
XSECAlgorithmHandler *handler;
@@ -403,6 +460,9 @@
if (mp_key == NULL) {
+ mp_key = decryptKeyFromKeyInfoList(mp_encryptedData->getKeyInfoList());
+
+#if 0
// See if we can decrypt a key in the KeyInfo list
DSIGKeyInfoList * kil = mp_encryptedData->getKeyInfoList();
int kLen = kil->getSize();
@@ -445,6 +505,7 @@
memset((void *) buffer, 0, 1024);
}
}
+#endif
}
if (mp_key == NULL) {
@@ -520,6 +581,101 @@
}
// --------------------------------------------------------------------------------
+// Decrypt data to an input stream
+// --------------------------------------------------------------------------------
+
+XSECBinTXFMInputStream * XENCCipherImpl::decryptToBinInputStream(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element
+ ) {
+
+
+ XSECAlgorithmHandler *handler;
+
+ // First of all load the element
+ if (mp_encryptedData != NULL)
+ delete mp_encryptedData;
+
+ XSECnew(mp_encryptedData,
+ XENCEncryptedDataImpl(mp_env, dynamic_cast<DOMNode *>(element)));
+
+ // Load
+ mp_encryptedData->load();
+
+ // Make sure we have a key before we do anything else too drastic
+ if (mp_key == NULL) {
+
+ if (mp_keyInfoResolver != NULL)
+ mp_key = mp_keyInfoResolver->resolveKey(mp_encryptedData->getKeyInfoList());
+
+ if (mp_key == NULL) {
+
+ mp_key = decryptKeyFromKeyInfoList(mp_encryptedData->getKeyInfoList());
+
+ }
+
+ if (mp_key == NULL) {
+
+ throw XSECException(XSECException::CipherError,
+ "XENCCipherImpl::decryptToBinInputStream - No key set and cannot resolve");
+ }
+ }
+
+ // Get the raw encrypted data
+ TXFMChain * c = mp_encryptedData->createCipherTXFMChain();
+ Janitor<TXFMChain> j_c(c);
+
+ // Get the Algorithm handler for the algorithm
+ XENCEncryptionMethod * encryptionMethod = mp_encryptedData->getEncryptionMethod();
+
+ if (encryptionMethod != NULL) {
+
+ handler =
+ XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(
+ mp_encryptedData->getEncryptionMethod()->getAlgorithm());
+
+ }
+
+ else {
+
+ handler =
+ XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(
+ XSECAlgorithmMapper::s_defaultEncryptionMapping);
+
+ }
+
+ safeBuffer sb("");
+
+ if (handler != NULL) {
+
+ if (handler->appendDecryptCipherTXFM(c,
+ mp_encryptedData->getEncryptionMethod(),
+ mp_key,
+ mp_env->getParentDocument()) != true) {
+ throw XSECException(XSECException::CipherError,
+ "XENCCipherImpl::decryptToBinInputStream - error appending final transform");
+ }
+
+ }
+ else {
+
+ // Very strange if we get here - any problems should throw an
+ // exception in the AlgorithmMapper.
+
+ throw XSECException(XSECException::CipherError,
+ "XENCCipherImpl::decryptElement - Error retrieving a handler for algorithm");
+
+ }
+
+ // Wrap in a Bin input stream
+ XSECBinTXFMInputStream * ret;
+ ret = new XSECBinTXFMInputStream(c); // Probs with MSVC++ mean no XSECnew
+ j_c.release(); // Now owned by "ret"
+
+ return ret;
+
+}
+
+// --------------------------------------------------------------------------------
// Decrypt a key in an XENCEncryptedKey element
// --------------------------------------------------------------------------------
@@ -588,6 +744,29 @@
return keySize;
}
+// --------------------------------------------------------------------------------
+// Decrypt a key from a DOM structure
+// --------------------------------------------------------------------------------
+
+int XENCCipherImpl::decryptKey(
+ DOMElement * keyNode,
+ XMLByte * rawKey,
+ int maxKeySize
+ ) {
+
+ XENCEncryptedKeyImpl * encryptedKey;
+ XSECnew(encryptedKey,
+ XENCEncryptedKeyImpl(mp_env, dynamic_cast<DOMNode *>(keyNode)));
+ Janitor<XENCEncryptedKeyImpl> j_encryptedKey(encryptedKey);
+
+ // Load
+ encryptedKey->load();
+
+ // Now decrypt!
+ return decryptKey(encryptedKey, rawKey, maxKeySize);
+
+}
+
// --------------------------------------------------------------------------------
// Encrypt a key
1.9 +11 -1 xml-security/c/src/xenc/impl/XENCCipherImpl.hpp
Index: XENCCipherImpl.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xenc/impl/XENCCipherImpl.hpp,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- XENCCipherImpl.hpp 6 Oct 2003 12:16:37 -0000 1.8
+++ XENCCipherImpl.hpp 19 Oct 2003 10:58:59 -0000 1.9
@@ -95,11 +95,20 @@
XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument *
decryptElement(XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element);
+ XSECBinTXFMInputStream * decryptToBinInputStream(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element
+ );
// Decrypting Keys
virtual int decryptKey(XENCEncryptedKey * encryptedKey,
XMLByte * rawKey,
int maxKeySize);
+ virtual int decryptKey(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * keyNode,
+ XMLByte * rawKey,
+ int maxKeySize
+ );
+
// Implementation for encryption Elements
XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * encryptElement(
@@ -155,6 +164,7 @@
safeBuffer &content,
XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * ctx
);
+ XSECCryptoKey * decryptKeyFromKeyInfoList(DSIGKeyInfoList * kil);
// Unimplemented constructor
XENCCipherImpl();