xmlcipher.java

来自「JAVA 所有包」· Java 代码 · 共 1,715 行 · 第 1/5 页

    


	/**
	 * Returns an <code>XMLCipher</code> that implements the specified
	 * transformation, operates on the specified context document and serializes
	 * the document with the specified canonicalization algorithm before it
	 * encrypts the document.
	 * <p>
	 * 
	 * @param transformation	the name of the transformation, e.g.,
	 *   						<code>XMLCipher.TRIPLEDES</code> which is 
	 * 							shorthand for
	 *   				&quot;http://www.w3.org/2001/04/xmlenc#tripledes-cbc&quot;
	 * @param canon				the name of the c14n algorithm, if
	 * 							<code>null</code> use standard serializer 
	 * @return
	 * @throws XMLEncryptionException
	 */

	public static XMLCipher getInstance(String transformation, String canon)
		throws XMLEncryptionException {
		XMLCipher instance = XMLCipher.getInstance(transformation);

		if (canon != null) {
			try {
				instance._canon = Canonicalizer.getInstance(canon);
			} catch (InvalidCanonicalizerException ice) {
				throw new XMLEncryptionException("empty", ice);
			}
		}

		return instance;
	}


    /**
     * Returns an <code>XMLCipher</code> that implements the specified
     * transformation and operates on the specified context document.
     *
     * @param transformation the name of the transformation, e.g.,
     *   <code>XMLCipher.TRIPLEDES</code> which is shorthand for
     *   &quot;http://www.w3.org/2001/04/xmlenc#tripledes-cbc&quot;
     * @param provider the JCE provider that supplies the transformation
     * @return the XMLCipher
     * @throws XMLEncryptionException
     */

    public static XMLCipher getProviderInstance(String transformation, String provider)
            throws XMLEncryptionException {
        // sanity checks
        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Getting XMLCipher...");
        if (null == transformation)
            logger.log(java.util.logging.Level.SEVERE, "Transformation unexpectedly null...");
        if(null == provider)
            logger.log(java.util.logging.Level.SEVERE, "Provider unexpectedly null..");
        if("" == provider)
            logger.log(java.util.logging.Level.SEVERE, "Provider's value unexpectedly not specified...");
        if(!isValidEncryptionAlgorithm(transformation))
            logger.log(java.util.logging.Level.WARNING, "Algorithm non-standard, expected one of " + ENC_ALGORITHMS);

		XMLCipher instance = new XMLCipher();

        instance._algorithm = transformation;
		instance._requestedJCEProvider = provider;
		instance._key = null;
		instance._kek = null;

		/* Create a canonicaliser - used when serialising DOM to octets
		 * prior to encryption (and for the reverse) */

		try {
			instance._canon = Canonicalizer.getInstance
				(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
		} catch (InvalidCanonicalizerException ice) {
			throw new XMLEncryptionException("empty", ice);
		}

        try {
			String jceAlgorithm =
				JCEMapper.translateURItoJCEID(transformation);

            instance._contextCipher = Cipher.getInstance(jceAlgorithm, provider);

            if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "cipher._algorithm = " +
                instance._contextCipher.getAlgorithm());
            if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "provider.name = " + provider);
        } catch (NoSuchAlgorithmException nsae) {
            throw new XMLEncryptionException("empty", nsae);
        } catch (NoSuchProviderException nspre) {
            throw new XMLEncryptionException("empty", nspre);
        } catch (NoSuchPaddingException nspe) {
            throw new XMLEncryptionException("empty", nspe);
        }

        return (instance);
    }
	
	/**
	 * Returns an <code>XMLCipher</code> that implements the specified
     * transformation, operates on the specified context document and serializes
     * the document with the specified canonicalization algorithm before it
     * encrypts the document.
     * <p>
	 * 
	 * @param transformation	the name of the transformation, e.g.,
     *   						<code>XMLCipher.TRIPLEDES</code> which is 
     * 							shorthand for
     *   				&quot;http://www.w3.org/2001/04/xmlenc#tripledes-cbc&quot;
	 * @param provider  		the JCE provider that supplies the transformation
	 * @param canon				the name of the c14n algorithm, if
	 * 							<code>null</code> use standard serializer 
	 * @return
	 * @throws XMLEncryptionException
	 */
	public static XMLCipher getProviderInstance(
		String transformation,
		String provider,
		String canon)
		throws XMLEncryptionException {

		XMLCipher instance = XMLCipher.getProviderInstance(transformation, provider);
		if (canon != null) {
			try {
				instance._canon = Canonicalizer.getInstance(canon);
			} catch (InvalidCanonicalizerException ice) {
				throw new XMLEncryptionException("empty", ice);
			}
		}
		return instance;
	}

    /**
     * Returns an <code>XMLCipher</code> that implements no specific
	 * transformation, and can therefore only be used for decrypt or
	 * unwrap operations where the encryption method is defined in the 
	 * <code>EncryptionMethod</code> element.
	 *
     * @return The XMLCipher
     * @throws XMLEncryptionException
     */

    public static XMLCipher getInstance()
            throws XMLEncryptionException {
        // sanity checks
        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Getting XMLCipher for no transformation...");

		XMLCipher instance = new XMLCipher();

        instance._algorithm = null;
		instance._requestedJCEProvider = null;
		instance._key = null;
		instance._kek = null;
		instance._contextCipher = null;

		/* Create a canonicaliser - used when serialising DOM to octets
		 * prior to encryption (and for the reverse) */

		try {
			instance._canon = Canonicalizer.getInstance
				(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
		} catch (InvalidCanonicalizerException ice) {
			throw new XMLEncryptionException("empty", ice);
		}

        return (instance);
    }

    /**
     * Returns an <code>XMLCipher</code> that implements no specific
	 * transformation, and can therefore only be used for decrypt or
	 * unwrap operations where the encryption method is defined in the 
	 * <code>EncryptionMethod</code> element.
	 *
	 * Allows the caller to specify a provider that will be used for
	 * cryptographic operations.
     *
     * @param provider the JCE provider that supplies the cryptographic
	 * needs.
     * @return the XMLCipher
     * @throws XMLEncryptionException
     */

    public static XMLCipher getProviderInstance(String provider)
            throws XMLEncryptionException {
        // sanity checks

        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Getting XMLCipher, provider but no transformation");
        if(null == provider)
            logger.log(java.util.logging.Level.SEVERE, "Provider unexpectedly null..");
        if("" == provider)
            logger.log(java.util.logging.Level.SEVERE, "Provider's value unexpectedly not specified...");

		XMLCipher instance = new XMLCipher();

        instance._algorithm = null;
		instance._requestedJCEProvider = provider;
		instance._key = null;
		instance._kek = null;
		instance._contextCipher = null;

		try {
			instance._canon = Canonicalizer.getInstance
				(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
		} catch (InvalidCanonicalizerException ice) {
			throw new XMLEncryptionException("empty", ice);
		}

        return (instance);
    }

    /**
     * Initializes this cipher with a key.
     * <p>
     * The cipher is initialized for one of the following four operations:
     * encryption, decryption, key wrapping or key unwrapping, depending on the
     * value of opmode.
	 *
	 * For WRAP and ENCRYPT modes, this also initialises the internal 
	 * EncryptedKey or EncryptedData (with a CipherValue)
	 * structure that will be used during the ensuing operations.  This
	 * can be obtained (in order to modify KeyInfo elements etc. prior to
	 * finalising the encryption) by calling 
	 * {@link #getEncryptedData} or {@link #getEncryptedKey}.
     *
     * @param opmode the operation mode of this cipher (this is one of the
     *   following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
     * @param key
     * @see javax.crypto.Cipher#init(int, java.security.Key)
     * @throws XMLEncryptionException
     */
    public void init(int opmode, Key key) throws XMLEncryptionException {
        // sanity checks
        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Initializing XMLCipher...");

		_ek = null;
		_ed = null;

		switch (opmode) {

		case ENCRYPT_MODE :
			if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "opmode = ENCRYPT_MODE");
			_ed = createEncryptedData(CipherData.VALUE_TYPE, "NO VALUE YET");
			break;
		case DECRYPT_MODE :
			if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "opmode = DECRYPT_MODE");
			break;
		case WRAP_MODE :
			if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "opmode = WRAP_MODE");
			_ek = createEncryptedKey(CipherData.VALUE_TYPE, "NO VALUE YET");
			break;
		case UNWRAP_MODE :
			if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "opmode = UNWRAP_MODE");
			break;
		default :
			logger.log(java.util.logging.Level.SEVERE, "Mode unexpectedly invalid");
			throw new XMLEncryptionException("Invalid mode in init");
		}

        _cipherMode = opmode;
		_key = key;

    }

	/**
	 * Get the EncryptedData being build
	 *
	 * Returns the EncryptedData being built during an ENCRYPT operation.
	 * This can then be used by applications to add KeyInfo elements and
	 * set other parameters.
	 *
	 * @return The EncryptedData being built
	 */

	public EncryptedData getEncryptedData() {

		// Sanity checks
		if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Returning EncryptedData");
		return _ed;

	}

	/**
	 * Get the EncryptedData being build
	 *
	 * Returns the EncryptedData being built during an ENCRYPT operation.
	 * This can then be used by applications to add KeyInfo elements and
	 * set other parameters.
	 *
	 * @return The EncryptedData being built
	 */

	public EncryptedKey getEncryptedKey() {

		// Sanity checks
		if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Returning EncryptedKey");
		return _ek;
	}

	/**
	 * Set a Key Encryption Key.
	 * <p>
	 * The Key Encryption Key (KEK) is used for encrypting/decrypting
	 * EncryptedKey elements.  By setting this separately, the XMLCipher
	 * class can know whether a key applies to the data part or wrapped key
	 * part of an encrypted object.
	 *
	 * @param kek The key to use for de/encrypting key data
	 */

	public void setKEK(Key kek) {

		_kek = kek;

	}

	/**
	 * Martial an EncryptedData
	 *
	 * Takes an EncryptedData object and returns a DOM Element that
	 * represents the appropriate <code>EncryptedData</code>
	 * <p>
	 * <b>Note:</b> This should only be used in cases where the context
	 * document has been passed in via a call to doFinal.
	 *
	 * @param encryptedData EncryptedData object to martial
	 * @return the DOM <code>Element</code> representing the passed in
	 * object 
     */

	public Element martial(EncryptedData encryptedData) {

		return (_factory.toElement (encryptedData));

	}

	/**
	 * Martial an EncryptedKey
	 *
	 * Takes an EncryptedKey object and returns a DOM Element that
	 * represents the appropriate <code>EncryptedKey</code>
	 *
	 * <p>