Package com.sun.identity.xmlenc

Class AMEncryptionProvider

java.lang.Object

com.sun.identity.xmlenc.AMEncryptionProvider

All Implemented Interfaces:

EncryptionProvider

Direct Known Subclasses:

WSSEncryptionProvider

public class AMEncryptionProvider
extends Object
implements EncryptionProvider

AMEncryptionProvider is a class for encrypting and decrypting XML Documents which implements EncryptionProvider.

Field Summary

Fields

Modifier and Type	Field	Description
protected static Map	keyMap	A static map contains provider id and symmetric keys as key value pairs.
protected KeyProvider	keyProvider

Constructor Summary

Constructors

Constructor	Description
AMEncryptionProvider()

Method Summary

Modifier and Type	Method	Description
Document	decryptAndReplace(Document encryptedDoc, String certAlias)	Decrypts an XML Document that contains encrypted data.
Document	decryptAndReplace(Document encryptedDoc, Key privKey)	Decrypts an XML Document that contains encrypted data.
Key	decryptKey(Element encryptedKey, String certAlias)	Decrypt the given encrypted key.
Document	encryptAndReplace(Document doc, Element element, String secretKeyAlg, int keyStrength, String certAlias, int kekStrength)	Encrypts the given XML element in a given XML Context document.
Document	encryptAndReplace(Document doc, Element element, String secretKeyAlg, int keyStrength, String certAlias, int kekStrength, String providerID)	Encrypts the given XML element in a given XML Context document.
Document	encryptAndReplace(Document doc, Element element, String secretKeyAlg, int keyStrength, Key kek, int kekStrength, String providerID)	Encrypts the given XML element in a given XML Context document.
Document	encryptAndReplaceResourceID(Document doc, Element element, String secretKeyAlg, int keyStrength, String certAlias, int kekStrength, String providerID)	Encrypts the given ResourceID XML element in a given XML Context document.
Document	encryptAndReplaceResourceID(Document doc, Element element, String secretKeyAlg, int keyStrength, Key kek, int kekStrength, String providerID)	Encrypts the given XML element in a given XML Context document.
Document	encryptAndReplaceWSSElements(Document doc, Map elmMap, String encDataEncAlg, int encDataEncAlgStrength, String certAlias, int kekStrength, String tokenType, String providerID)	Encrypts the given WSS XML element in a given XML Context document.
protected SecretKey	generateSecretKey(String algorithm, int keyStrength)	Generates secret key for a given algorithm and key strength.
protected String	getEncryptionAlgorithm(String algorithm, int keyStrength)	Gets the equivalent XML encryption algorithm string for a given algorithm and strength that is published by the provider.
protected PrivateKey	getPrivateKey(org.apache.xml.security.keys.KeyInfo keyinfo)	Returns the private key for X509Certificate embedded in the KeyInfo
void	initialize(KeyProvider keyprovider)	Initializes encryption provider.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

keyProvider

protected KeyProvider keyProvider

keyMap

protected static Map keyMap

A static map contains provider id and symmetric keys as key value pairs. Key generation each time is an expensive operation and using the same key for each provider should be okay.

Constructor Detail

AMEncryptionProvider

public AMEncryptionProvider()

Method Detail

initialize

public void initialize(KeyProvider keyprovider)
                throws EncryptionException

Initializes encryption provider.

Specified by:

initialize in interface EncryptionProvider

Throws:

EncryptionException

encryptAndReplace

public Document encryptAndReplace(Document doc,
                                  Element element,
                                  String secretKeyAlg,
                                  int keyStrength,
                                  String certAlias,
                                  int kekStrength)
                           throws EncryptionException

Encrypts the given XML element in a given XML Context document.

Specified by:

encryptAndReplace in interface EncryptionProvider

Parameters:

doc - the context XML Document.

element - Element to be encrypted.

secretKeyAlg - Encryption Key Algorithm.

keyStrength - Encryption Key Strength.

certAlias - KeyEncryption Key cert alias.

kekStrength - Key Encryption Key Strength.

Returns:

org.w3c.dom.Document XML Document replaced with encrypted data for a given XML element.

Throws:

EncryptionException

encryptAndReplace

public Document encryptAndReplace(Document doc,
                                  Element element,
                                  String secretKeyAlg,
                                  int keyStrength,
                                  String certAlias,
                                  int kekStrength,
                                  String providerID)
                           throws EncryptionException

Encrypts the given XML element in a given XML Context document.

Specified by:

encryptAndReplace in interface EncryptionProvider

Parameters:

doc - the context XML Document.

element - Element to be encrypted.

secretKeyAlg - Encryption Key Algorithm.

keyStrength - Encryption Key Strength.

certAlias - KeyEncryption Key cert alias.

kekStrength - Key Encryption Key Strength,

providerID - Provider ID.

Returns:

org.w3c.dom.Document XML Document replaced with encrypted data for a given XML element.

Throws:

EncryptionException

encryptAndReplaceResourceID

public Document encryptAndReplaceResourceID(Document doc,
                                            Element element,
                                            String secretKeyAlg,
                                            int keyStrength,
                                            String certAlias,
                                            int kekStrength,
                                            String providerID)
                                     throws EncryptionException

Encrypts the given ResourceID XML element in a given XML Context document.

Specified by:

encryptAndReplaceResourceID in interface EncryptionProvider

Parameters:

doc - the context XML Document.

element - Element to be encrypted.

secretKeyAlg - Encryption Key Algorithm.

keyStrength - Encryption Key Strength.

certAlias - KeyEncryption Key cert alias.

kekStrength - Key Encryption Key Strength,

providerID - Provider ID.

Returns:

org.w3c.dom.Document EncryptedResourceID XML Document.

Throws:

EncryptionException

encryptAndReplace

public Document encryptAndReplace(Document doc,
                                  Element element,
                                  String secretKeyAlg,
                                  int keyStrength,
                                  Key kek,
                                  int kekStrength,
                                  String providerID)
                           throws EncryptionException

Encrypts the given XML element in a given XML Context document.

Specified by:

encryptAndReplace in interface EncryptionProvider

Parameters:

doc - the context XML Document.

element - Element to be encrypted.

secretKeyAlg - Encryption Key Algorithm.

keyStrength - Encryption Key Strength.

kek - Key Encryption Key.

kekStrength - Key Encryption Key Strength,

providerID - Provider ID

Returns:

org.w3c.dom.Document XML Document replaced with encrypted data for a given XML element.

Throws:

EncryptionException

encryptAndReplaceResourceID

public Document encryptAndReplaceResourceID(Document doc,
                                            Element element,
                                            String secretKeyAlg,
                                            int keyStrength,
                                            Key kek,
                                            int kekStrength,
                                            String providerID)
                                     throws EncryptionException

Encrypts the given XML element in a given XML Context document.

Specified by:

encryptAndReplaceResourceID in interface EncryptionProvider

Parameters:

doc - the context XML Document.

element - Element to be encrypted.

secretKeyAlg - Encryption Key Algorithm.

keyStrength - Encryption Key Strength.

kek - Key Encryption Key.

kekStrength - Key Encryption Key Strength,

providerID - Provider ID

Returns:

org.w3c.dom.Document XML Document replaced with encrypted data for a given XML element.

Throws:

EncryptionException

encryptAndReplaceWSSElements

public Document encryptAndReplaceWSSElements(Document doc,
                                             Map elmMap,
                                             String encDataEncAlg,
                                             int encDataEncAlgStrength,
                                             String certAlias,
                                             int kekStrength,
                                             String tokenType,
                                             String providerID)
                                      throws EncryptionException

Encrypts the given WSS XML element in a given XML Context document.

Specified by:

encryptAndReplaceWSSElements in interface EncryptionProvider

Parameters:

doc - the context XML Document.

elmMap - Map of (Element, wsu_id) to be encrypted.

encDataEncAlg - Encryption Key Algorithm.

encDataEncAlgStrength - Encryption Key Strength.

certAlias - Key Encryption Key cert alias.

kekStrength - Key Encryption Key Strength.

tokenType - Security token type.

providerID - Provider ID.

Returns:

org.w3c.dom.Document XML Document replaced with encrypted data for a given XML element.

Throws:

EncryptionException

decryptAndReplace

public Document decryptAndReplace(Document encryptedDoc,
                                  String certAlias)
                           throws EncryptionException

Decrypts an XML Document that contains encrypted data.

Specified by:

decryptAndReplace in interface EncryptionProvider

Parameters:

encryptedDoc - XML Document with encrypted data.

certAlias - Private Key Certificate Alias.

Returns:

org.w3c.dom.Document Decrypted XML Document.

Throws:

EncryptionException

decryptAndReplace

public Document decryptAndReplace(Document encryptedDoc,
                                  Key privKey)
                           throws EncryptionException

Decrypts an XML Document that contains encrypted data.

Specified by:

decryptAndReplace in interface EncryptionProvider

Parameters:

encryptedDoc - XML Document with encrypted data.

privKey - Key Encryption Key used for encryption.

Returns:

org.w3c.dom.Document Decrypted XML Document.

Throws:

EncryptionException

getEncryptionAlgorithm

protected String getEncryptionAlgorithm(String algorithm,
                                        int keyStrength)
                                 throws EncryptionException

Gets the equivalent XML encryption algorithm string for a given algorithm and strength that is published by the provider.

Throws:

EncryptionException

generateSecretKey

protected SecretKey generateSecretKey(String algorithm,
                                      int keyStrength)
                               throws EncryptionException

Generates secret key for a given algorithm and key strength.

Throws:

EncryptionException

getPrivateKey

protected PrivateKey getPrivateKey(org.apache.xml.security.keys.KeyInfo keyinfo)

Returns the private key for X509Certificate embedded in the KeyInfo

Parameters:

keyinfo - KeyInfo

Returns:

a private key for X509Certificate

decryptKey

public Key decryptKey(Element encryptedKey,
                      String certAlias)

Decrypt the given encrypted key.

Specified by:

decryptKey in interface EncryptionProvider

Parameters:

encryptedKey - the encrypted key element

certAlias - the private key alias

Returns:

the key associated with the decrypted key.