/** * Generate a random symmetric encryption key. * * @param encryptionAlgorithmURI the encryption algorithm URI * @return a randomly generated symmetric key * @throws EncryptionException thrown if the key can not be generated based on the specified algorithm URI */ protected SecretKey generateEncryptionKey(String encryptionAlgorithmURI) throws EncryptionException { try { log.debug("Generating random symmetric data encryption key from algorithm URI: {}", encryptionAlgorithmURI); return SecurityHelper.generateSymmetricKey(encryptionAlgorithmURI); } catch (NoSuchAlgorithmException e) { log.error("Could not generate encryption key, algorithm URI was invalid: " + encryptionAlgorithmURI); throw new EncryptionException("Could not generate encryption key, algorithm URI was invalid: " + encryptionAlgorithmURI); } catch (KeyException e) { log.error("Could not generate encryption key from algorithm URI: " + encryptionAlgorithmURI); throw new EncryptionException("Could not generate encryption key from algorithm URI: " + encryptionAlgorithmURI); } }
/** * Check data encryption parameters for consistency and required values. * * @param encParams the data encryption parameters to check * * @throws EncryptionException thrown if any parameters are missing or have invalid values */ protected void checkParams(EncryptionParameters encParams) throws EncryptionException { if (encParams == null) { log.error("Data encryption parameters are required"); throw new EncryptionException("Data encryption parameters are required"); } if (DatatypeHelper.isEmpty(encParams.getAlgorithm())) { log.error("Data encryption algorithm URI is required"); throw new EncryptionException("Data encryption algorithm URI is required"); } }
/** * Generate a random symmetric encryption key. * * @param encryptionAlgorithmURI the encryption algorithm URI * @return a randomly generated symmetric key * @throws EncryptionException thrown if the key can not be generated based on the specified algorithm URI */ protected SecretKey generateEncryptionKey(String encryptionAlgorithmURI) throws EncryptionException { try { log.debug("Generating random symmetric data encryption key from algorithm URI: {}", encryptionAlgorithmURI); return SecurityHelper.generateSymmetricKey(encryptionAlgorithmURI); } catch (NoSuchAlgorithmException e) { log.error("Could not generate encryption key, algorithm URI was invalid: " + encryptionAlgorithmURI); throw new EncryptionException("Could not generate encryption key, algorithm URI was invalid: " + encryptionAlgorithmURI); } catch (KeyException e) { log.error("Could not generate encryption key from algorithm URI: " + encryptionAlgorithmURI); throw new EncryptionException("Could not generate encryption key from algorithm URI: " + encryptionAlgorithmURI); } }
/** * Check data encryption parameters for consistency and required values. * * @param encParams the data encryption parameters to check * * @throws EncryptionException thrown if any parameters are missing or have invalid values */ protected void checkParams(EncryptionParameters encParams) throws EncryptionException { if (encParams == null) { log.error("Data encryption parameters are required"); throw new EncryptionException("Data encryption parameters are required"); } if (DatatypeHelper.isEmpty(encParams.getAlgorithm())) { log.error("Data encryption algorithm URI is required"); throw new EncryptionException("Data encryption algorithm URI is required"); } }
/** * Check a list of key encryption parameters for consistency and required values. * * @param kekParamsList the key encryption parameters list to check * @param allowEmpty if false, a null or empty list is treated as an error * * @throws EncryptionException thrown if any parameters are missing or have invalid values */ protected void checkParams(List<KeyEncryptionParameters> kekParamsList, boolean allowEmpty) throws EncryptionException { if (kekParamsList == null || kekParamsList.isEmpty()) { if (allowEmpty) { return; } else { log.error("Key encryption parameters list may not be empty"); throw new EncryptionException("Key encryption parameters list may not be empty"); } } for (KeyEncryptionParameters kekParams : kekParamsList) { checkParams(kekParams, false); } }
/** * Check a list of key encryption parameters for consistency and required values. * * @param kekParamsList the key encryption parameters list to check * @param allowEmpty if false, a null or empty list is treated as an error * * @throws EncryptionException thrown if any parameters are missing or have invalid values */ protected void checkParams(List<KeyEncryptionParameters> kekParamsList, boolean allowEmpty) throws EncryptionException { if (kekParamsList == null || kekParamsList.isEmpty()) { if (allowEmpty) { return; } else { log.error("Key encryption parameters list may not be empty"); throw new EncryptionException("Key encryption parameters list may not be empty"); } } for (KeyEncryptionParameters kekParams : kekParamsList) { checkParams(kekParams, false); } }
} else { log.error("Key encryption parameters are required"); throw new EncryptionException("Key encryption parameters are required"); if (key == null) { log.error("Key encryption credential and contained key are required"); throw new EncryptionException("Key encryption credential and contained key are required"); } else if (key instanceof DSAPublicKey) { log.error("Attempt made to use DSA key for encrypted key transport"); throw new EncryptionException("DSA keys may not be used for encrypted key transport"); } else if (key instanceof ECPublicKey) { log.error("Attempt made to use EC key for encrypted key transport"); throw new EncryptionException("EC keys may not be used for encrypted key transport"); } else if (DatatypeHelper.isEmpty(kekParams.getAlgorithm())) { log.error("Key encryption algorithm URI is required"); throw new EncryptionException("Key encryption algorithm URI is required");
} else { log.error("Key encryption parameters are required"); throw new EncryptionException("Key encryption parameters are required"); if (key == null) { log.error("Key encryption credential and contained key are required"); throw new EncryptionException("Key encryption credential and contained key are required"); } else if (key instanceof DSAPublicKey) { log.error("Attempt made to use DSA key for encrypted key transport"); throw new EncryptionException("DSA keys may not be used for encrypted key transport"); } else if (key instanceof ECPublicKey) { log.error("Attempt made to use EC key for encrypted key transport"); throw new EncryptionException("EC keys may not be used for encrypted key transport"); } else if (DatatypeHelper.isEmpty(kekParams.getAlgorithm())) { log.error("Key encryption algorithm URI is required"); throw new EncryptionException("Key encryption algorithm URI is required");
throw new EncryptionException(e.getMessage(), e);
throw new EncryptionException("Target key was null"); throw new EncryptionException("Encryption key was null"); } catch (XMLEncryptionException e) { log.error("Error initializing cipher instance on key encryption", e); throw new EncryptionException("Error initializing cipher instance on key encryption", e); } catch (XMLEncryptionException e) { log.error("Error encrypting element on key encryption", e); throw new EncryptionException("Error encrypting element on key encryption", e); } catch (UnmarshallingException e) { log.error("Error unmarshalling EncryptedKey element", e); throw new EncryptionException("Error unmarshalling EncryptedKey element");
throw new EncryptionException("Target key was null"); throw new EncryptionException("Encryption key was null"); } catch (XMLEncryptionException e) { log.error("Error initializing cipher instance on key encryption", e); throw new EncryptionException("Error initializing cipher instance on key encryption", e); } catch (XMLEncryptionException e) { log.error("Error encrypting element on key encryption", e); throw new EncryptionException("Error encrypting element on key encryption", e); } catch (UnmarshallingException e) { log.error("Error unmarshalling EncryptedKey element", e); throw new EncryptionException("Error unmarshalling EncryptedKey element");
/** * Check the encryption parameters and key encryption parameters for valid combinations of options. * * @param encParams the encryption parameters to use * @param kekParamsList the key encryption parameters to use * @throws EncryptionException exception thrown on encryption errors */ protected void checkParams(EncryptionParameters encParams, List<KeyEncryptionParameters> kekParamsList) throws EncryptionException { checkParams(encParams); checkParams(kekParamsList, true); if (SecurityHelper.extractEncryptionKey(encParams.getEncryptionCredential()) == null && (kekParamsList == null || kekParamsList.isEmpty())) { log.error("Using a generated encryption key requires a KeyEncryptionParameters " + "object and key encryption key"); throw new EncryptionException("Using a generated encryption key requires a KeyEncryptionParameters " + "object and key encryption key"); } }
throw new EncryptionException("XMLObject was null"); throw new EncryptionException("Encryption key was null"); } catch (XMLEncryptionException e) { log.error("Error initializing cipher instance on XMLObject encryption", e); throw new EncryptionException("Error initializing cipher instance", e); } catch (Exception e) { log.error("Error encrypting XMLObject", e); throw new EncryptionException("Error encrypting XMLObject", e); } catch (UnmarshallingException e) { log.error("Error unmarshalling EncryptedData element", e); throw new EncryptionException("Error unmarshalling EncryptedData element", e);
/** * Check the encryption parameters and key encryption parameters for valid combinations of options. * * @param encParams the encryption parameters to use * @param kekParamsList the key encryption parameters to use * @throws EncryptionException exception thrown on encryption errors */ protected void checkParams(EncryptionParameters encParams, List<KeyEncryptionParameters> kekParamsList) throws EncryptionException { checkParams(encParams); checkParams(kekParamsList, true); if (SecurityHelper.extractEncryptionKey(encParams.getEncryptionCredential()) == null && (kekParamsList == null || kekParamsList.isEmpty())) { log.error("Using a generated encryption key requires a KeyEncryptionParameters " + "object and key encryption key"); throw new EncryptionException("Using a generated encryption key requires a KeyEncryptionParameters " + "object and key encryption key"); } }
throw new EncryptionException("XMLObject was null"); throw new EncryptionException("Encryption key was null"); } catch (XMLEncryptionException e) { log.error("Error initializing cipher instance on XMLObject encryption", e); throw new EncryptionException("Error initializing cipher instance", e); } catch (Exception e) { log.error("Error encrypting XMLObject", e); throw new EncryptionException("Error encrypting XMLObject", e); } catch (UnmarshallingException e) { log.error("Error unmarshalling EncryptedData element", e); throw new EncryptionException("Error unmarshalling EncryptedData element", e);
/** * Ensure that the XMLObject is marshalled. * * @param xmlObject the object to check and marshall * @throws EncryptionException thrown if there is an error when marshalling the XMLObject */ protected void checkAndMarshall(XMLObject xmlObject) throws EncryptionException { Element targetElement = xmlObject.getDOM(); if (targetElement == null) { Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(xmlObject); try { targetElement = marshaller.marshall(xmlObject); } catch (MarshallingException e) { log.error("Error marshalling target XMLObject", e); throw new EncryptionException("Error marshalling target XMLObject", e); } } }
/** * Ensure that the XMLObject is marshalled. * * @param xmlObject the object to check and marshall * @throws EncryptionException thrown if there is an error when marshalling the XMLObject */ protected void checkAndMarshall(XMLObject xmlObject) throws EncryptionException { Element targetElement = xmlObject.getDOM(); if (targetElement == null) { Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(xmlObject); try { targetElement = marshaller.marshall(xmlObject); } catch (MarshallingException e) { log.error("Error marshalling target XMLObject", e); throw new EncryptionException("Error marshalling target XMLObject", e); } } }
encryptedData.setKeyInfo( generator.generate(encParams.getEncryptionCredential()) ); } catch (SecurityException e) { throw new EncryptionException("Error generating EncryptedData KeyInfo", e);
} catch (SecurityException e) { log.error("Error during EncryptedKey KeyInfo generation", e); throw new EncryptionException("Error during EncryptedKey KeyInfo generation", e);
} catch (SecurityException e) { log.error("Error during EncryptedKey KeyInfo generation", e); throw new EncryptionException("Error during EncryptedKey KeyInfo generation", e);