| /** |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.xml.security.samples.encryption; |
| |
| import java.io.File; |
| import java.io.FileOutputStream; |
| |
| import java.security.Key; |
| |
| import javax.crypto.SecretKey; |
| import javax.crypto.KeyGenerator; |
| |
| import org.apache.xml.security.keys.KeyInfo; |
| import org.apache.xml.security.encryption.XMLCipher; |
| import org.apache.xml.security.encryption.EncryptedData; |
| import org.apache.xml.security.encryption.EncryptedKey; |
| import org.apache.xml.security.utils.Constants; |
| |
| import org.w3c.dom.Document; |
| import org.w3c.dom.Element; |
| |
| import javax.xml.transform.TransformerFactory; |
| import javax.xml.transform.Transformer; |
| import javax.xml.transform.dom.DOMSource; |
| import javax.xml.transform.stream.StreamResult; |
| import javax.xml.transform.OutputKeys; |
| |
| /** |
| * This sample demonstrates how to encrypt data inside an xml document. |
| * |
| * @author Vishal Mahajan (Sun Microsystems) |
| */ |
| public class Encrypter { |
| |
| /** {@link org.apache.commons.logging} logging facility */ |
| static org.slf4j.Logger log = |
| org.slf4j.LoggerFactory.getLogger( |
| Encrypter.class.getName()); |
| |
| static { |
| org.apache.xml.security.Init.init(); |
| } |
| |
| private static Document createSampleDocument() throws Exception { |
| |
| javax.xml.parsers.DocumentBuilderFactory dbf = |
| javax.xml.parsers.DocumentBuilderFactory.newInstance(); |
| dbf.setNamespaceAware(true); |
| javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); |
| Document document = db.newDocument(); |
| |
| /** |
| * Build a sample document. It will look something like: |
| * |
| * <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1"> |
| * <apache:foo>Some simple text</apache:foo> |
| * </apache:RootElement> |
| */ |
| Element root = |
| document.createElementNS("http://www.apache.org/ns/#app1", "apache:RootElement"); |
| root.setAttributeNS( |
| Constants.NamespaceSpecNS, "xmlns:apache", "http://www.apache.org/ns/#app1" |
| ); |
| document.appendChild(root); |
| |
| root.appendChild(document.createTextNode("\n")); |
| |
| Element childElement = |
| document.createElementNS("http://www.apache.org/ns/#app1", "apache:foo"); |
| childElement.appendChild( |
| document.createTextNode("Some simple text")); |
| root.appendChild(childElement); |
| |
| root.appendChild(document.createTextNode("\n")); |
| |
| return document; |
| } |
| |
| private static SecretKey GenerateAndStoreKeyEncryptionKey() throws Exception { |
| String jceAlgorithmName = "DESede"; |
| KeyGenerator keyGenerator = |
| KeyGenerator.getInstance(jceAlgorithmName); |
| SecretKey kek = keyGenerator.generateKey(); |
| |
| byte[] keyBytes = kek.getEncoded(); |
| File kekFile = new File("build/kek"); |
| FileOutputStream f = new FileOutputStream(kekFile); |
| f.write(keyBytes); |
| f.close(); |
| System.out.println("Key encryption key stored in " + kekFile.toURI().toURL().toString()); |
| |
| return kek; |
| } |
| |
| private static SecretKey GenerateDataEncryptionKey() throws Exception { |
| String jceAlgorithmName = "AES"; |
| KeyGenerator keyGenerator = |
| KeyGenerator.getInstance(jceAlgorithmName); |
| keyGenerator.init(128); |
| return keyGenerator.generateKey(); |
| } |
| |
| private static void outputDocToFile(Document doc, String fileName) throws Exception { |
| File encryptionFile = new File(fileName); |
| FileOutputStream f = new FileOutputStream(encryptionFile); |
| |
| TransformerFactory factory = TransformerFactory.newInstance(); |
| Transformer transformer = factory.newTransformer(); |
| transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); |
| DOMSource source = new DOMSource(doc); |
| StreamResult result = new StreamResult(f); |
| transformer.transform(source, result); |
| |
| f.close(); |
| System.out.println( |
| "Wrote document containing encrypted data to " + encryptionFile.toURI().toURL().toString() |
| ); |
| } |
| |
| public static void main(String unused[]) throws Exception { |
| |
| Document document = createSampleDocument(); |
| |
| /* |
| * Get a key to be used for encrypting the element. |
| * Here we are generating an AES key. |
| */ |
| Key symmetricKey = GenerateDataEncryptionKey(); |
| |
| /* |
| * Get a key to be used for encrypting the symmetric key. |
| * Here we are generating a DESede key. |
| */ |
| Key kek = GenerateAndStoreKeyEncryptionKey(); |
| |
| String algorithmURI = XMLCipher.TRIPLEDES_KeyWrap; |
| |
| XMLCipher keyCipher = |
| XMLCipher.getInstance(algorithmURI); |
| keyCipher.init(XMLCipher.WRAP_MODE, kek); |
| EncryptedKey encryptedKey = |
| keyCipher.encryptKey(document, symmetricKey); |
| |
| /* |
| * Let us encrypt the contents of the document element. |
| */ |
| Element rootElement = document.getDocumentElement(); |
| |
| algorithmURI = XMLCipher.AES_128; |
| |
| XMLCipher xmlCipher = |
| XMLCipher.getInstance(algorithmURI); |
| xmlCipher.init(XMLCipher.ENCRYPT_MODE, symmetricKey); |
| |
| /* |
| * Setting keyinfo inside the encrypted data being prepared. |
| */ |
| EncryptedData encryptedData = xmlCipher.getEncryptedData(); |
| KeyInfo keyInfo = new KeyInfo(document); |
| keyInfo.add(encryptedKey); |
| encryptedData.setKeyInfo(keyInfo); |
| |
| /* |
| * doFinal - |
| * "true" below indicates that we want to encrypt element's content |
| * and not the element itself. Also, the doFinal method would |
| * modify the document by replacing the EncrypteData element |
| * for the data to be encrypted. |
| */ |
| xmlCipher.doFinal(document, rootElement, true); |
| |
| /* |
| * Output the document containing the encrypted information into |
| * a file. |
| */ |
| outputDocToFile(document, "build/encryptedInfo.xml"); |
| } |
| } |