/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

/*
 * XSEC
 *
 * XSECAlgorithmHandlerDefault := Interface class to define handling of
 *                                  default encryption algorithms
 *
 * $Id$
 *
 */

// XSEC Includes

#include <xsec/dsig/DSIGConstants.hpp>
#include <xsec/enc/XSECCryptoKey.hpp>
#include <xsec/enc/XSECCryptoSymmetricKey.hpp>
#include <xsec/framework/XSECError.hpp>
#include <xsec/transformers/TXFMChain.hpp>
#include <xsec/transformers/TXFMCipher.hpp>
#include <xsec/transformers/TXFMBase64.hpp>
#include <xsec/transformers/TXFMSB.hpp>
#include <xsec/xenc/XENCEncryptionMethod.hpp>

#include "../../utils/XSECAutoPtr.hpp"
#include "../../utils/XSECDOMUtils.hpp"

#include "XENCAlgorithmHandlerDefault.hpp"

#include <xercesc/dom/DOM.hpp>
#include <xercesc/util/Janitor.hpp>

XERCES_CPP_NAMESPACE_USE

#define _MY_MAX_KEY_SIZE 2048

unsigned char s_3DES_CMS_IV [] = {
    0x4a,
    0xdd,
    0xa2,
    0x2c,
    0x79,
    0xe8,
    0x21,
    0x05
};

unsigned char s_AES_IV [] = {

    0xA6,
    0xA6,
    0xA6,
    0xA6,
    0xA6,
    0xA6,
    0xA6,
    0xA6

};

// --------------------------------------------------------------------------------
//            Compare URI to key type
// --------------------------------------------------------------------------------

void XENCAlgorithmHandlerDefault::mapURIToKey(const XMLCh* uri,
                                              const XSECCryptoKey* key,
                                              XSECCryptoKey::KeyType& kt,
                                              XSECCryptoSymmetricKey::SymmetricKeyType& skt,
                                              bool& isSymmetricKeyWrap,
                                              XSECCryptoSymmetricKey::SymmetricKeyMode& skm,
                                              unsigned int& taglen) const {

    if (key == NULL) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault::mapURIToKey - trying to process a NULL key");
    }

    XSECCryptoSymmetricKey* keySymmetric;
    bool keyOK = false;

    kt = key->getKeyType();
    skt = XSECCryptoSymmetricKey::KEY_NONE;
    isSymmetricKeyWrap = false;
    skm = XSECCryptoSymmetricKey::MODE_NONE;
    taglen = 0;

    switch (kt) {

    case XSECCryptoKey::KEY_RSA_PUBLIC :
    case XSECCryptoKey::KEY_RSA_PAIR :
    case XSECCryptoKey::KEY_RSA_PRIVATE :
        keyOK = strEquals(uri, DSIGConstants::s_unicodeStrURIRSA_1_5) ||
            strEquals(uri, DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1) ||
            strEquals(uri, DSIGConstants::s_unicodeStrURIRSA_OAEP);
        break;

    case XSECCryptoKey::KEY_SYMMETRIC :

        keySymmetric = (XSECCryptoSymmetricKey*) key;
        if (keySymmetric != NULL) {
            skt = keySymmetric->getSymmetricKeyType();

            switch (skt) {

            case XSECCryptoSymmetricKey::KEY_3DES_192 :
                if (strEquals(uri, DSIGConstants::s_unicodeStrURIKW_3DES)) {
                    keyOK = true;
                    isSymmetricKeyWrap = true;
                    skm = XSECCryptoSymmetricKey::MODE_CBC;
                }
                else if (strEquals(uri, DSIGConstants::s_unicodeStrURI3DES_CBC)) {
                    keyOK = true;
                    skm = XSECCryptoSymmetricKey::MODE_CBC;
                }
                break;

            case XSECCryptoSymmetricKey::KEY_AES_128 :
                if (strEquals(uri, DSIGConstants::s_unicodeStrURIKW_AES128) || strEquals(uri, DSIGConstants::s_unicodeStrURIKW_AES128_PAD)) {
                    keyOK = true;
                    isSymmetricKeyWrap = true;
                    skm = XSECCryptoSymmetricKey::MODE_ECB;
                }
                else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_CBC)) {
                    keyOK = true;
                    skm = XSECCryptoSymmetricKey::MODE_CBC;
                }
                else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_GCM)) {
                    keyOK = true;
                    skm = XSECCryptoSymmetricKey::MODE_GCM;
                    taglen = 16;
                }
                break;

            case XSECCryptoSymmetricKey::KEY_AES_192 :
                if (strEquals(uri, DSIGConstants::s_unicodeStrURIKW_AES192) || strEquals(uri, DSIGConstants::s_unicodeStrURIKW_AES192_PAD)) {
                    keyOK = true;
                    isSymmetricKeyWrap = true;
                    skm = XSECCryptoSymmetricKey::MODE_ECB;
                }
                else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_CBC)) {
                    keyOK = true;
                    skm = XSECCryptoSymmetricKey::MODE_CBC;
                }
                else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_GCM)) {
                    keyOK = true;
                    skm = XSECCryptoSymmetricKey::MODE_GCM;
                    taglen = 16;
                }
                break;

            case XSECCryptoSymmetricKey::KEY_AES_256 :
                if (strEquals(uri, DSIGConstants::s_unicodeStrURIKW_AES256) || strEquals(uri, DSIGConstants::s_unicodeStrURIKW_AES256_PAD)) {
                    keyOK = true;
                    isSymmetricKeyWrap = true;
                    skm = XSECCryptoSymmetricKey::MODE_ECB;
                }
                else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_CBC)) {
                    keyOK = true;
                    skm = XSECCryptoSymmetricKey::MODE_CBC;
                }
                else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_GCM)) {
                    keyOK = true;
                    skm = XSECCryptoSymmetricKey::MODE_GCM;
                    taglen = 16;
                }
                break;

            default:
                break;
            }
        }
        break;

    default:
         break;
    }

    if (keyOK == false) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault::mapURIToKey - key inappropriate for URI");
    }
}

// --------------------------------------------------------------------------------
//            AES Key wrap/unwrap
// --------------------------------------------------------------------------------

unsigned int XENCAlgorithmHandlerDefault::unwrapKeyAES(
        TXFMChain* cipherText,
        const XSECCryptoKey* key,
        safeBuffer& result) const {

    // Cat the encrypted key
    XMLByte buf[_MY_MAX_KEY_SIZE];
    XMLByte aesBuf[16];
    XMLByte aesOutBuf[16];
    TXFMBase* b = cipherText->getLastTxfm();
    unsigned int sz = (unsigned int) b->readBytes(buf, _MY_MAX_KEY_SIZE);

    if (sz <= 0) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault - AES Wrapped Key not found");
    }

    if (sz == _MY_MAX_KEY_SIZE) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault - Key to decrypt too big!");
    }

    // Find number of blocks, and ensure we are a multiple of 64 bits
    if (sz % 8 != 0) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault - AES wrapped key not a multiple of 64");
    }

    // Do the decrypt - this cast will throw if wrong, but we should
    // not have been able to get through algorithm checks otherwise
    XSECCryptoSymmetricKey* sk = (XSECCryptoSymmetricKey*) key;

    int blocks = sz / 8;
    int n = blocks - 1;
    for (int j = 5; j >= 0; j--) {
        for (int i = n ; i > 0 ; --i) {

            // Gather blocks to decrypt
            // A
            memcpy(aesBuf, buf, 8);
            // Ri
            memcpy(&aesBuf[8], &buf[8* i], 8);
            // A mod t
            aesBuf[7] ^= ((n * j) + i);

            // do decrypt
            sk->decryptInit(false, XSECCryptoSymmetricKey::MODE_ECB);        // No padding
            int sz = sk->decrypt(aesBuf, aesOutBuf, 16, 16);
            sz += sk->decryptFinish(&aesOutBuf[sz], 16 - sz);

            if (sz != 16) {
                throw XSECException(XSECException::CipherError,
                    "XENCAlgorithmHandlerDefault - Error performing decrypt in AES Unwrap");
            }

            // Copy back to where we are
            // A
            memcpy(buf, aesOutBuf, 8);
            // Ri
            memcpy(&buf[8 * i], &aesOutBuf[8], 8);
        }
    }

    // Check is valid
    if (memcmp(buf, s_AES_IV, 8) != 0) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault - decrypt failed - AES IV is not correct");
    }

    // Copy to safebuffer
    result.sbMemcpyIn(&buf[8], n * 8);

    return n * 8;
}

bool XENCAlgorithmHandlerDefault::wrapKeyAES(
        TXFMChain* cipherText,
        const XSECCryptoKey* key,
        safeBuffer& result) const {

    // get the raw key
    XMLByte buf[_MY_MAX_KEY_SIZE + 8];
    memcpy(buf, s_AES_IV, 8);
    XMLByte aesBuf[16];
    XMLByte aesOutBuf[32];  // Give this an extra block for WinCAPI
    TXFMBase* b = cipherText->getLastTxfm();
    unsigned int sz = (unsigned int) b->readBytes(&buf[8], _MY_MAX_KEY_SIZE);

    if (sz <= 0) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault - Key not found");
    }

    if (sz == _MY_MAX_KEY_SIZE) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault - Key to encrypt too big!");
    }

    // Find number of blocks, and ensure we are a multiple of 64 bits
    if (sz % 8 != 0) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault - AES wrapped key not a multiple of 64");
    }

    // Do the decrypt - this cast will throw if wrong, but we should
    // not have been able to get through algorithm checks otherwise
    XSECCryptoSymmetricKey* sk = (XSECCryptoSymmetricKey*) key;

    int n = sz / 8;

    for (int j = 0; j <= 5; ++j) {
        for (int i = 1 ; i <= n ; ++i) {

            // Gather blocks to decrypt
            // A
            memcpy(aesBuf, buf, 8);
            // Ri
            memcpy(&aesBuf[8], &buf[8 * i], 8);

            // do encrypt
            sk->encryptInit(false, XSECCryptoSymmetricKey::MODE_ECB);
            int sz = sk->encrypt(aesBuf, aesOutBuf, 16, 32);
            sz += sk->encryptFinish(&aesOutBuf[sz], 32 - sz);

            if (sz != 16) {
                throw XSECException(XSECException::CipherError,
                    "XENCAlgorithmHandlerDefault - Error performing encrypt in AES wrap");
            }

            // Copy back to where we are
            // A
            memcpy(buf, aesOutBuf, 8);
            // A mod t
            buf[7] ^= ((n * j) + i);
            // Ri
            memcpy(&buf[8 * i], &aesOutBuf[8], 8);
        }
    }

    // Now we have to base64 encode
    XSECCryptoBase64* b64 = XSECPlatformUtils::g_cryptoProvider->base64();

    if (!b64) {
        throw XSECException(XSECException::CryptoProviderError,
                "XENCAlgorithmHandlerDefault - Error getting base64 encoder in AES wrap");
    }

    Janitor<XSECCryptoBase64> j_b64(b64);
    unsigned char* b64Buffer;
    int bufLen = ((n + 1) * 8) * 3;
    XSECnew(b64Buffer, unsigned char[bufLen + 1]);// Overkill
    ArrayJanitor<unsigned char> j_b64Buffer(b64Buffer);

    b64->encodeInit();
    int outputLen = b64->encode (buf, (n+1) * 8, b64Buffer, bufLen);
    outputLen += b64->encodeFinish(&b64Buffer[outputLen], bufLen - outputLen);
    b64Buffer[outputLen] = '\0';

    // Copy to safebuffer
    result.sbStrcpyIn((const char*) b64Buffer);

    return true;
}

// --------------------------------------------------------------------------------
//            DES CMS Key wrap/unwrap
// --------------------------------------------------------------------------------

unsigned int XENCAlgorithmHandlerDefault::unwrapKey3DES(
        TXFMChain* cipherText,
        const XSECCryptoKey* key,
        safeBuffer& result) const {

    // Perform an unwrap on the key
    safeBuffer cipherSB;

    // Cat the encrypted key
    XMLByte buf[_MY_MAX_KEY_SIZE];
    TXFMBase* b = cipherText->getLastTxfm();
    unsigned int offset = 0;
    unsigned int sz = (unsigned int) b->readBytes(buf, _MY_MAX_KEY_SIZE);

    while (sz > 0) {
        cipherSB.sbMemcpyIn(offset, buf, sz);
        offset += sz;
        sz = (unsigned int) b->readBytes(buf, _MY_MAX_KEY_SIZE);
    }

    if (offset > _MY_MAX_KEY_SIZE) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault - Key to decrypt too big!");
    }

    // Do the decrypt - this cast will throw if wrong, but we should
    // not have been able to get through algorithm checks otherwise
    XSECCryptoSymmetricKey* sk = (XSECCryptoSymmetricKey*) key;

    sk->decryptInit(false, XSECCryptoSymmetricKey::MODE_CBC, s_3DES_CMS_IV);
    // If key is bigger than this, then we have a problem
    sz = sk->decrypt(cipherSB.rawBuffer(), buf, offset, _MY_MAX_KEY_SIZE);

    sz += sk->decryptFinish(&buf[sz], _MY_MAX_KEY_SIZE - sz);

    if (sz <= 0) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault - Error decrypting key!");
    }

    // We now have the first cut, reverse the cipher text
    XMLByte buf2[_MY_MAX_KEY_SIZE];
    for (unsigned int i = 0; i < sz; ++ i) {
        buf2[sz - i - 1] = buf[i];
    }

    // decrypt again
    sk->decryptInit(false);
    offset = sk->decrypt(buf2, buf, sz, _MY_MAX_KEY_SIZE);
    offset += sk->decryptFinish(&buf[offset], _MY_MAX_KEY_SIZE - offset);

    // Calculate the CMS Key Checksum
    XSECCryptoHash* sha1 = XSECPlatformUtils::g_cryptoProvider->hash(XSECCryptoHash::HASH_SHA1);
    if (!sha1) {
        throw XSECException(XSECException::CryptoProviderError,
                "XENCAlgorithmHandlerDefault - Error getting SHA-1 object in 3DES unwrap");
    }
    Janitor<XSECCryptoHash> j_sha1(sha1);
    sha1->reset();
    sha1->hash(buf, offset - 8);
    sha1->finish(buf2, _MY_MAX_KEY_SIZE);

    // Compare
    for (unsigned int j = 0; j < 8; ++j) {
        if (buf[offset - 8 + j] != buf2[j]) {
            throw XSECException(XSECException::CipherError,
                "XENCAlgorithmHandlerDefault::unwrapKey3DES - CMS Key Checksum does not match");
        }
    }

    result.sbMemcpyIn(buf, offset - 8);

    return offset - 8;
}

bool XENCAlgorithmHandlerDefault::wrapKey3DES(
        TXFMChain* cipherText,
        const XSECCryptoKey* key,
        safeBuffer& result) const {

    // Cat the plaintext key
    XMLByte buf[_MY_MAX_KEY_SIZE + 16];
    TXFMBase* b = cipherText->getLastTxfm();
    int offset = 0;
    unsigned int sz = (unsigned int) b->readBytes(buf, _MY_MAX_KEY_SIZE);

    if (sz <= 0) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault::wrapKey3DES - Unable to read key");
    }

    if (sz >= _MY_MAX_KEY_SIZE) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault::wrapKey3DES - Key to decrypt too big!");
    }

    if (sz % 8 != 0) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault::wrapKey3DES - Key to encrypt not a multiple of 8 bytes");
    }

    // Calculate the CMS Key Checksum

    // Do the first encrypt
    XMLByte buf2[_MY_MAX_KEY_SIZE + 16];

    XSECCryptoHash* sha1 = XSECPlatformUtils::g_cryptoProvider->hash(XSECCryptoHash::HASH_SHA1);
    if (!sha1) {
        throw XSECException(XSECException::CryptoProviderError,
                "XENCAlgorithmHandlerDefault - Error getting SHA-1 object in 3DES wrap");
    }
    Janitor<XSECCryptoHash> j_sha1(sha1);
    sha1->reset();
    sha1->hash(buf, sz);
    sha1->finish(buf2, _MY_MAX_KEY_SIZE);

    for (int j = 0; j < 8 ; ++j)
        buf[sz++] = buf2[j];

    // Do the first encrypt - this cast will throw if wrong, but we should
    // not have been able to get through algorithm checks otherwise
    XSECCryptoSymmetricKey* sk = (XSECCryptoSymmetricKey*) key;

    sk->encryptInit(false);
    // If key is bigger than this, then we have a problem
    sz = sk->encrypt(buf, buf2, sz, _MY_MAX_KEY_SIZE);
    sz += sk->encryptFinish(&buf2[sz], _MY_MAX_KEY_SIZE - sz);

    if (sz <= 0) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault::wrapKey3DES - Error encrypting key!");
    }

    // We now have the first cut, reverse the cipher text
    for (unsigned int i = 0; i < sz; ++ i) {
        buf[sz - i - 1] = buf2[i];
    }

    // encrypt again
    sk->encryptInit(false, XSECCryptoSymmetricKey::MODE_CBC, s_3DES_CMS_IV);
    offset = sk->encrypt(buf, buf2, sz, _MY_MAX_KEY_SIZE);
    offset += sk->encryptFinish(&buf2[offset], _MY_MAX_KEY_SIZE - offset);

    // Base64 encode
    XSECCryptoBase64* b64 = XSECPlatformUtils::g_cryptoProvider->base64();

    if (!b64) {
        throw XSECException(XSECException::CryptoProviderError,
                "XENCAlgorithmHandlerDefault - Error getting base64 encoder in 3DES wrap");
    }

    Janitor<XSECCryptoBase64> j_b64(b64);
    unsigned char* b64Buffer;
    int bufLen = (offset + 9) * 3;
    XSECnew(b64Buffer, unsigned char[bufLen + 1]);// Overkill
    ArrayJanitor<unsigned char> j_b64Buffer(b64Buffer);

    b64->encodeInit();
    int outputLen = b64->encode (&buf2[8], offset-8, b64Buffer, bufLen);
    outputLen += b64->encodeFinish(&b64Buffer[outputLen], bufLen - outputLen);
    b64Buffer[outputLen] = '\0';

    // Copy to safebuffer
    result.sbStrcpyIn((const char*) b64Buffer);

    return true;
}

// --------------------------------------------------------------------------------
//            InputStream decryption
// --------------------------------------------------------------------------------

bool XENCAlgorithmHandlerDefault::appendDecryptCipherTXFM(
        TXFMChain* cipherText,
        XENCEncryptionMethod* encryptionMethod,
        const XSECCryptoKey* key,
        XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* doc
        ) const {

    // We only support this for bulk Symmetric key algorithms

    XSECCryptoKey::KeyType kt;
    XSECCryptoSymmetricKey::SymmetricKeyType skt;
    bool isKeyWrap = false;
    XSECCryptoSymmetricKey::SymmetricKeyMode skm;
    unsigned int taglen;

    mapURIToKey(encryptionMethod->getAlgorithm(), key, kt, skt, isKeyWrap, skm, taglen);
    if (kt != XSECCryptoKey::KEY_SYMMETRIC || isKeyWrap == true) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault::appendDecryptCipherTXFM - only supports bulk symmetric algorithms");
    }

    if (skm == XSECCryptoSymmetricKey::MODE_GCM) {

        // GCM doesn't fit the pipelined model of the existing code, so we have a custom
        // routine that decrypts to a safeBuffer directly.
        safeBuffer result;
        unsigned int sz = doGCMDecryptToSafeBuffer(cipherText, key, taglen, result);

        // Now we hijack the original tansform chain with a safeBuffer-sourced link.
        TXFMSB* tsb;
        XSECnew(tsb, TXFMSB(doc));
        tsb->setInput(result, sz);
        cipherText->appendTxfm(tsb);
        result.cleanseBuffer();
        return true;
    }


    // Add the decryption TXFM
    TXFMCipher* tcipher;
    XSECnew(tcipher, TXFMCipher(doc, key, false));
    cipherText->appendTxfm(tcipher);

    return true;
}


// --------------------------------------------------------------------------------
//            GCM SafeBuffer decryption
// --------------------------------------------------------------------------------

unsigned int XENCAlgorithmHandlerDefault::doGCMDecryptToSafeBuffer(
        TXFMChain* cipherText,
        const XSECCryptoKey* key,
        unsigned int taglen,
        safeBuffer& result) const {

    // Only works with symmetric key
    if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault - GCM Decrypt must use symmetric key");
    }

    // First read in all the data so we can get to the tag.
    safeBuffer cipherBuf("");
    XMLByte inbuf[3072];
    unsigned int szTotal = 0, sz = cipherText->getLastTxfm()->readBytes(inbuf, 3072);
    while (sz > 0) {
        cipherBuf.sbMemcpyIn(szTotal, inbuf, sz);
        szTotal += sz;
        sz = cipherText->getLastTxfm()->readBytes(inbuf, 3072);
    }

    if (szTotal <= taglen) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault - GCM ciphertext size not large enough to include authentication tag");
    }

    const unsigned char* cipherPtr = cipherBuf.rawBuffer();

    // Init the cipher with the tag at the end of the cipher text and omit it from later decryption.
    szTotal -= taglen;
    ((XSECCryptoSymmetricKey*) key)->decryptInit(false, XSECCryptoSymmetricKey::MODE_GCM, NULL, cipherPtr + szTotal, taglen);

    unsigned int plainOffset = 0;
    do {
        // Feed the data in at most 2048-byte chunks.
        sz = ((XSECCryptoSymmetricKey*) key)->decrypt(cipherPtr, inbuf, (szTotal > 2048 ? 2048 : szTotal), 3072);
        cipherPtr += (szTotal > 2048 ? 2048 : szTotal);
        szTotal -= (szTotal > 2048 ? 2048 : szTotal);
        if (sz > 0) {
            result.sbMemcpyIn(plainOffset, inbuf, sz);
            plainOffset += sz;
        }
    } while (szTotal > 0);

    // Wrap it up.
    sz = ((XSECCryptoSymmetricKey*) key)->decryptFinish(inbuf, 3072);
    if (sz > 0) {
        result.sbMemcpyIn(plainOffset, inbuf, sz);
        plainOffset += sz;
    }

    // In case any plaintext is left lying around.
    memset(inbuf, 0, 3072);
    return plainOffset;
}

// --------------------------------------------------------------------------------
//            RSA SafeBuffer decryption
// --------------------------------------------------------------------------------

unsigned int XENCAlgorithmHandlerDefault::doRSADecryptToSafeBuffer(
        TXFMChain* cipherText,
        XENCEncryptionMethod* encryptionMethod,
        const XSECCryptoKey* key,
        DOMDocument* doc,
        safeBuffer& result) const {

    // Only works with RSA_PRIVATE or PAIR
    if (key->getKeyType() == XSECCryptoKey::KEY_RSA_PUBLIC) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault - RSA Decrypt must use private key");
    }

    // Know this is an RSA key, so just cast

    XSECCryptoKeyRSA* rsa = (XSECCryptoKeyRSA*) key;

    // Allocate an output buffer
    unsigned char* decBuf;
    XSECnew(decBuf, unsigned char[rsa->getLength()]);
    ArrayJanitor<unsigned char> j_decBuf(decBuf);

    // Input
    TXFMBase* b = cipherText->getLastTxfm();
    safeBuffer cipherSB;
    XMLByte buf[1024];
    unsigned int offset = 0;

    unsigned int bytesRead = (unsigned int) b->readBytes(buf, 1024);
    while (bytesRead > 0) {
        cipherSB.sbMemcpyIn(offset, buf, bytesRead);
        offset += bytesRead;
        bytesRead = (unsigned int) b->readBytes(buf, 1024);
    }

    unsigned int decryptLen;

    // Now we find out what kind of padding
    if (strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIRSA_1_5)) {

        // Do decrypt
        decryptLen = rsa->privateDecrypt(cipherSB.rawBuffer(),
                                                  decBuf,
                                                  offset,
                                                  rsa->getLength(),
                                                  XSECCryptoKeyRSA::PAD_PKCS_1_5);
    }
    else if (strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1) ||
             strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIRSA_OAEP)) {

        const XMLCh* digmeth = encryptionMethod->getDigestMethod();
        if (!digmeth|| !*digmeth) {
            digmeth = DSIGConstants::s_unicodeStrURISHA1;
        }

        const XMLCh* mgfalg = encryptionMethod->getMGF();
        if (!mgfalg || !*mgfalg) {
            mgfalg = DSIGConstants::s_unicodeStrURIMGF1_SHA1;
        }

        // Read out any OAEP params
        unsigned char* oaepParamsBuf = NULL;
        unsigned int oaepParamsLen = 0;

        const XMLCh* oaepParams = encryptionMethod->getOAEPparams();
        if (oaepParams != NULL) {
            XSECAutoPtrChar oaepParamsStr(oaepParams);

            unsigned int bufLen = (unsigned int) strlen(oaepParamsStr.get());
            oaepParamsBuf = new unsigned char[bufLen];

            XSECCryptoBase64* b64 = XSECPlatformUtils::g_cryptoProvider->base64();
            Janitor<XSECCryptoBase64> j_b64(b64);

            b64->decodeInit();
            oaepParamsLen = b64->decode((unsigned char*) oaepParamsStr.get(), bufLen, oaepParamsBuf, bufLen);
            oaepParamsLen += b64->decodeFinish(&oaepParamsBuf[oaepParamsLen], bufLen - oaepParamsLen);
        }

        ArrayJanitor<unsigned char> j_oaepParamsBuf(oaepParamsBuf);

        decryptLen = rsa->privateDecrypt(cipherSB.rawBuffer(),
                                                  decBuf,
                                                  offset,
                                                  rsa->getLength(),
                                                  XSECCryptoKeyRSA::PAD_OAEP,
                                                  digmeth,
                                                  mgfalg,
                                                  oaepParamsBuf,
                                                  oaepParamsLen);

    }

    else {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault::doRSADecryptToSafeBuffer - Unknown padding type");
    }
    // Copy to output
    result.sbMemcpyIn(decBuf, decryptLen);

    memset(decBuf, 0, decryptLen);

    return decryptLen;
}

// --------------------------------------------------------------------------------
//            SafeBuffer decryption
// --------------------------------------------------------------------------------

unsigned int XENCAlgorithmHandlerDefault::decryptToSafeBuffer(
        TXFMChain* cipherText,
        XENCEncryptionMethod* encryptionMethod,
        const XSECCryptoKey* key,
        DOMDocument* doc,
        safeBuffer& result
        ) const {

    XSECCryptoKey::KeyType kt;
    XSECCryptoSymmetricKey::SymmetricKeyType skt;
    bool isKeyWrap = false;
    XSECCryptoSymmetricKey::SymmetricKeyMode skm;
    unsigned int taglen;

    if (encryptionMethod == NULL) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault::decryptToSafeBuffer - Cannot operate with NULL encryption Method");
    }


    // Check the uri against the key type
    mapURIToKey(encryptionMethod->getAlgorithm(), key, kt, skt, isKeyWrap, skm, taglen);

    // RSA?
    if (kt == XSECCryptoKey::KEY_RSA_PAIR ||
        kt == XSECCryptoKey::KEY_RSA_PUBLIC ||
        kt == XSECCryptoKey::KEY_RSA_PRIVATE) {

        return doRSADecryptToSafeBuffer(cipherText, encryptionMethod, key, doc, result);

    }

    // Ensure is symmetric before we continue
    if (kt != XSECCryptoKey::KEY_SYMMETRIC) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault::decryptToSafeBuffer - Not an RSA key, but not symmetric");
    }

    // Key wrap?

    if (isKeyWrap == true) {

        if (skt == XSECCryptoSymmetricKey::KEY_AES_128 ||
            skt == XSECCryptoSymmetricKey::KEY_AES_192 ||
            skt == XSECCryptoSymmetricKey::KEY_AES_256) {

            return unwrapKeyAES(cipherText, key, result);
        }
        else if (skt == XSECCryptoSymmetricKey::KEY_3DES_192) {
            return unwrapKey3DES(cipherText, key, result);
        }
        else {
            throw XSECException(XSECException::CipherError,
                "XENCAlgorithmHandlerDefault::decryptToSafeBuffer - don't know how to do key wrap for algorithm");
        }
    }

    if (skm == XSECCryptoSymmetricKey::MODE_GCM) {
        // GCM doesn't fit the pipelined model of the existing code, so we have a custom
        // routine that decrypts to a safeBuffer directly.
        return doGCMDecryptToSafeBuffer(cipherText, key, taglen, result);
    }

    // It's symmetric and it's not a key wrap or GCM, so just treat as a block algorithm.

    TXFMCipher* tcipher;
    XSECnew(tcipher, TXFMCipher(doc, key, false));

    cipherText->appendTxfm(tcipher);

    // Do the decrypt to the safeBuffer.

    result.sbStrcpyIn("");
    unsigned int offset = 0;
    XMLByte buf[1024];
    TXFMBase* b = cipherText->getLastTxfm();

    unsigned int bytesRead = (unsigned int) b->readBytes(buf, 1024);
    while (bytesRead > 0) {
        result.sbMemcpyIn(offset, buf, bytesRead);
        offset += bytesRead;
        bytesRead = (unsigned int) b->readBytes(buf, 1024);
    }

    result[offset] = '\0';

    return offset;
}

// --------------------------------------------------------------------------------
//            RSA SafeBuffer encryption
// --------------------------------------------------------------------------------

bool XENCAlgorithmHandlerDefault::doRSAEncryptToSafeBuffer(
        TXFMChain* plainText,
        XENCEncryptionMethod* encryptionMethod,
        const XSECCryptoKey* key,
        XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* doc,
        safeBuffer& result
        ) const {

    // Only works with RSA_PRIVATE or PAIR
    if (key->getKeyType() == XSECCryptoKey::KEY_RSA_PRIVATE) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault - RSA Encrypt must use public key");
    }

    XSECCryptoKeyRSA* rsa = (XSECCryptoKeyRSA*) key;

    // Allocate an output buffer
    unsigned char* encBuf;
    XSECnew(encBuf, unsigned char[rsa->getLength()]);
    ArrayJanitor<unsigned char> j_encBuf(encBuf);

    // Input
    TXFMBase* b = plainText->getLastTxfm();
    safeBuffer plainSB;
    plainSB.isSensitive();

    XMLByte buf[1024];
    unsigned int offset = 0;

    unsigned int bytesRead = (unsigned int) b->readBytes(buf, 1024);
    while (bytesRead > 0) {
        plainSB.sbMemcpyIn(offset, buf, bytesRead);
        offset += bytesRead;
        bytesRead = (unsigned int) b->readBytes(buf, 1024);
    }

    unsigned int encryptLen;

    // Do encrypt
    if (strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIRSA_1_5)) {
        encryptLen = rsa->publicEncrypt(plainSB.rawBuffer(),
                                                  encBuf,
                                                  offset,
                                                  rsa->getLength(),
                                                  XSECCryptoKeyRSA::PAD_PKCS_1_5);
    }

    else if (strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1) ||
            strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIRSA_OAEP)) {

        const XMLCh* digmeth = encryptionMethod->getDigestMethod();
        if (!digmeth || !*digmeth) {
            digmeth = DSIGConstants::s_unicodeStrURISHA1;
        }

        const XMLCh* mgfalg = encryptionMethod->getMGF();
        if (!mgfalg || !*mgfalg) {
            mgfalg = DSIGConstants::s_unicodeStrURIMGF1_SHA1;
        }

        // Read out any OAEP params
        unsigned char* oaepParamsBuf = NULL;
        unsigned int oaepParamsLen = 0;

        const XMLCh* oaepParams = encryptionMethod->getOAEPparams();
        if (oaepParams != NULL) {
            XSECAutoPtrChar oaepParamsStr(oaepParams);

            unsigned int bufLen = (unsigned int) strlen(oaepParamsStr.get());
            oaepParamsBuf = new unsigned char[bufLen];

            XSECCryptoBase64* b64 = XSECPlatformUtils::g_cryptoProvider->base64();
            Janitor<XSECCryptoBase64> j_b64(b64);

            b64->decodeInit();
            oaepParamsLen = b64->decode((unsigned char*) oaepParamsStr.get(), bufLen, oaepParamsBuf, bufLen);
            oaepParamsLen += b64->decodeFinish(&oaepParamsBuf[oaepParamsLen], bufLen - oaepParamsLen);
        }

        ArrayJanitor<unsigned char> j_oaepParamsBuf(oaepParamsBuf);

        encryptLen = rsa->publicEncrypt(plainSB.rawBuffer(),
                                          encBuf,
                                          offset,
                                          rsa->getLength(),
                                          XSECCryptoKeyRSA::PAD_OAEP,
                                          digmeth,
                                          mgfalg,
                                          oaepParamsBuf,
                                          oaepParamsLen);
    }
    else {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault::doRSAEncryptToSafeBuffer - Unknown padding type");
    }

    // Now need to base64 encode
    XSECCryptoBase64* b64 =
        XSECPlatformUtils::g_cryptoProvider->base64();
    Janitor<XSECCryptoBase64> j_b64(b64);

    b64->encodeInit();
    encryptLen = b64->encode(encBuf, encryptLen, buf, 1024);
    result.sbMemcpyIn(buf, encryptLen);
    unsigned int finalLen = b64->encodeFinish(buf, 1024);
    result.sbMemcpyIn(encryptLen, buf, finalLen);
    result[encryptLen + finalLen] = '\0';

    // This is a string, so set the buffer correctly
    result.setBufferType(safeBuffer::BUFFER_CHAR);

    return true;
}


// --------------------------------------------------------------------------------
//            SafeBuffer encryption
// --------------------------------------------------------------------------------

bool XENCAlgorithmHandlerDefault::encryptToSafeBuffer(
        TXFMChain* plainText,
        XENCEncryptionMethod* encryptionMethod,
        const XSECCryptoKey* key,
        XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* doc,
        safeBuffer& result
        ) const {

    XSECCryptoKey::KeyType kt;
    XSECCryptoSymmetricKey::SymmetricKeyType skt;
    bool isKeyWrap = false;
    XSECCryptoSymmetricKey::SymmetricKeyMode skm;
    unsigned int taglen;

    if (encryptionMethod == NULL) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault::encryptToSafeBuffer - Cannot operate with NULL encryption Method");
    }


    // Check the uri against the key type
    mapURIToKey(encryptionMethod->getAlgorithm(), key, kt, skt, isKeyWrap, skm, taglen);

    // RSA?
    if (kt == XSECCryptoKey::KEY_RSA_PRIVATE ||
        kt == XSECCryptoKey::KEY_RSA_PUBLIC ||
        kt == XSECCryptoKey::KEY_RSA_PAIR) {

        return doRSAEncryptToSafeBuffer(plainText, encryptionMethod, key, doc, result);
    }

    // Ensure is symmetric before we continue
    if (kt != XSECCryptoKey::KEY_SYMMETRIC) {
        throw XSECException(XSECException::CipherError,
            "XENCAlgorithmHandlerDefault::encryptToSafeBuffer - Not an RSA key, but not symmetric");
    }

    if (isKeyWrap == true) {

        if (skt == XSECCryptoSymmetricKey::KEY_AES_128 ||
            skt == XSECCryptoSymmetricKey::KEY_AES_192 ||
            skt == XSECCryptoSymmetricKey::KEY_AES_256) {

            return wrapKeyAES(plainText, key, result);
        }

        if (skt == XSECCryptoSymmetricKey::KEY_3DES_192) {
            return wrapKey3DES(plainText, key, result);
        }
        else {
            throw XSECException(XSECException::CipherError,
                "XENCAlgorithmHandlerDefault::decryptToSafeBuffer - don't know how to do key wrap for algorithm");
        }
    }

    // Must be bulk symmetric - do the encryption

    TXFMCipher* tcipher;
    XSECnew(tcipher, TXFMCipher(doc, key, true, skm, taglen));
    plainText->appendTxfm(tcipher);

    // Transform to Base64
    TXFMBase64* tb64;
    XSECnew(tb64, TXFMBase64(doc, false));
    plainText->appendTxfm(tb64);

    // Read into the safeBuffer
    result = "";

    result << plainText->getLastTxfm();

    return true;
}
// --------------------------------------------------------------------------------
//            Key Creation
// --------------------------------------------------------------------------------

XSECCryptoKey* XENCAlgorithmHandlerDefault::createKeyForURI(
        const XMLCh* uri,
        const unsigned char* keyBuffer,
        unsigned int keyLen
        ) const {

    XSECCryptoSymmetricKey* sk = NULL;

    if (strEquals(uri, DSIGConstants::s_unicodeStrURI3DES_CBC)) {
        if (keyLen < 192 / 8)
            throw XSECException(XSECException::CipherError, 
                "XENCAlgorithmHandlerDefault - key size was invalid");
        sk = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
    }
    else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_CBC) || strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_GCM)) {
        if (keyLen < 128 / 8)
            throw XSECException(XSECException::CipherError, 
                "XENCAlgorithmHandlerDefault - key size was invalid");
        sk = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
    }
    else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_CBC) || strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_GCM)) {
        if (keyLen < 192 / 8)
            throw XSECException(XSECException::CipherError, 
                "XENCAlgorithmHandlerDefault - key size was invalid");
        sk = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_192);
    }
    else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_CBC) || strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_GCM)) {
        if (keyLen < 256 / 8)
            throw XSECException(XSECException::CipherError, 
                "XENCAlgorithmHandlerDefault - key size was invalid");
        sk = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_256);
    }

    if (sk != NULL) {
        sk->setKey(keyBuffer, keyLen);
        return sk;
    }

    throw XSECException(XSECException::CipherError,
        "XENCAlgorithmHandlerDefault - URI Provided, but cannot create associated key");
}


// --------------------------------------------------------------------------------
//            Clone
// --------------------------------------------------------------------------------

XSECAlgorithmHandler* XENCAlgorithmHandlerDefault::clone(void) const {

    XENCAlgorithmHandlerDefault* ret;
    XSECnew(ret, XENCAlgorithmHandlerDefault);

    return ret;
}

// --------------------------------------------------------------------------------
//            Unsupported operations
// --------------------------------------------------------------------------------

unsigned int XENCAlgorithmHandlerDefault::signToSafeBuffer(
        TXFMChain* inputBytes,
        const XMLCh* URI,
        const XSECCryptoKey* key,
        unsigned int outputLength,
        safeBuffer& result) const {

    throw XSECException(XSECException::AlgorithmMapperError,
            "XENCAlgorithmHandlerDefault - Signature operations not supported");
}


bool XENCAlgorithmHandlerDefault::appendSignatureHashTxfm(
        TXFMChain* inputBytes,
        const XMLCh* URI,
        const XSECCryptoKey* key) const {

    throw XSECException(XSECException::AlgorithmMapperError,
            "XENCAlgorithmHandlerDefault - Signature operations not supported");
}

bool XENCAlgorithmHandlerDefault::verifyBase64Signature(
        TXFMChain* inputBytes,
        const XMLCh* URI,
        const char* sig,
        unsigned int outputLength,
        const XSECCryptoKey* key) const {

    throw XSECException(XSECException::AlgorithmMapperError,
            "XENCAlgorithmHandlerDefault - Signature operations not supported");
}

bool XENCAlgorithmHandlerDefault::appendHashTxfm(
        TXFMChain* inputBytes,
        const XMLCh* URI) const {

    throw XSECException(XSECException::AlgorithmMapperError,
            "XENCAlgorithmHandlerDefault - Hash operations not supported");
}