Package org.keycloak.saml.processing.core.util

Class XMLEncryptionUtil

  • public class XMLEncryptionUtil
extends Object
    Utility for XML Encryption Note: This utility is currently using Apache XML Security library API. JSR-106 is not yet final. Until that happens,we rely on the non-standard API.
    Since:
    May 4, 2009
    Author:
    Anil.Saldhana@redhat.com

    • Constructor Detail

      • XMLEncryptionUtil

        public XMLEncryptionUtil()

    • Method Detail

      • encryptKey

        public static org.apache.xml.security.encryption.EncryptedKey encryptKey​(Document document,
                                                                         SecretKey keyToBeEncrypted,
                                                                         PublicKey keyUsedToEncryptSecretKey,
                                                                         int keySize)
                                                                  throws ProcessingException

        Encrypt the Key to be transported

        Data is encrypted with a SecretKey. Then the key needs to be transported to the other end where it is needed for decryption. For the Key transport, the SecretKey is encrypted with the recipient's public key. At the receiving end, the receiver can decrypt the Secret Key using his private key.s

        Parameters:
        document -
        keyToBeEncrypted - Symmetric Key (SecretKey)
        keyUsedToEncryptSecretKey - Asymmetric Key (Public Key)
        keySize - Length of the key
        Returns:
        Throws:
        ProcessingException

      • encryptElement

        public static void encryptElement​(QName elementQName,
                                  Document document,
                                  PublicKey publicKey,
                                  SecretKey secretKey,
                                  int keySize,
                                  QName wrappingElementQName,
                                  boolean addEncryptedKeyInKeyInfo)
                           throws ProcessingException
        Given an element in a Document, encrypt the element and replace the element in the document with the encrypted data
        Parameters:
        elementQName - QName of the element that we like to encrypt
        document -
        publicKey -
        secretKey -
        keySize -
        wrappingElementQName - A QName of an element that will wrap the encrypted element
        addEncryptedKeyInKeyInfo - Need for the EncryptedKey to be placed in ds:KeyInfo
        Throws:
        ProcessingException

      • encryptElement

        public static void encryptElement​(Document document,
                                  Element element,
                                  PublicKey publicKey,
                                  SecretKey secretKey,
                                  int keySize)
                           throws ProcessingException

        Encrypts an element in a XML document using the specified public key, secret key, and key size. This method doesn't wrap the encrypted element in a new element. Instead, it replaces the element with its encrypted version.

        For example, calling this method to encrypt the inner element in the following XML document 

            <root>
       <outer>
          <inner>
             ...
          </inner>
       </outer>
    </root>
        would result in a document similar to 
            <root>
       <outer>
          <xenc:EncryptedData xmlns:xenc="...">
             ...
          </xenc:EncryptedData>
       </outer>
    </root>

        Parameters:
        document - the Document that contains the element to be encrypted.
        element - the Element to be encrypted.
        publicKey - the PublicKey that must be used to encrypt the secret key.
        secretKey - the SecretKey used to encrypt the specified element.
        keySize - the size (in bits) of the secret key.
        Throws:
        ProcessingException - if an error occurs while encrypting the element with the specified params.

      • encryptElementInDocument

        public static Element encryptElementInDocument​(Document document,
                                               PublicKey publicKey,
                                               SecretKey secretKey,
                                               int keySize,
                                               QName wrappingElementQName,
                                               boolean addEncryptedKeyInKeyInfo)
                                        throws ProcessingException,
                                               ConfigurationException
        Encrypt the root document element inside a Document. NOTE: The document root element will be replaced by the wrapping element.
        Parameters:
        document - Document that contains an element to encrypt
        publicKey - The Public Key used to encrypt the secret encryption key
        secretKey - The secret encryption key
        keySize - Length of key
        wrappingElementQName - QName of the element to be used to wrap around the cipher data.
        addEncryptedKeyInKeyInfo - Should the encrypted key be inside a KeyInfo or added as a peer of Cipher Data
        Returns:
        An element that has the wrappingElementQName
        Throws:
        ProcessingException
        ConfigurationException

      • decryptElementInDocument

        public static Element decryptElementInDocument​(Document documentWithEncryptedElement,
                                               PrivateKey privateKey)
                                        throws ProcessingException
        Decrypt an encrypted element inside a document
        Parameters:
        documentWithEncryptedElement -
        privateKey - key need to unwrap the encryption key
        Returns:
        the document with the encrypted element replaced by the data element
        Throws:
        ProcessingException