Java XMLCipher类代码示例

import org.apache.xml.security.encryption.XMLCipher; //导入依赖的package包/类
@Test
public void testPartialPayloadAsymmetricKeyDecryptionCustomNS() throws Exception {
    final KeyStoreParameters tsParameters = new KeyStoreParameters();
    tsParameters.setPassword("password");
    tsParameters.setResource("sender.ts");
    
    final KeyStoreParameters ksParameters = new KeyStoreParameters();
    ksParameters.setPassword("password");
    ksParameters.setResource("recipient.ks");
    
    
    final Map<String, String> namespaces = new HashMap<String, String>();
    namespaces.put("cust", "http://cheese.xmlsecurity.camel.apache.org/");


    context.addRoutes(new RouteBuilder() {
        public void configure() {
            from("direct:start")
                .marshal().secureXML("//cust:cheesesites/italy", namespaces, true, "recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5, tsParameters).to("mock:encrypted")
                .unmarshal().secureXML("//cust:cheesesites/italy", namespaces, true, "recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5, ksParameters).to("mock:decrypted");
        }
    });
    xmlsecTestHelper.testDecryption(TestHelper.NS_XML_FRAGMENT, context);
}
 

import org.apache.xml.security.encryption.XMLCipher; //导入依赖的package包/类
@Test
public void testEncryptElement() {
    // Arrange
    Key aesSymmetricKey = null;
    Key deSedeEncryptKey = null;
    EncryptedKey encryptedKey = null;
    Element rootElement = null;
    try {
        aesSymmetricKey = EncryptTool.generateDataEncryptionKey();
        deSedeEncryptKey = EncryptTool.generateKeyEncryptionKey();
        String algorithmURI = XMLCipher.TRIPLEDES_KeyWrap;
        XMLCipher keyCipher = XMLCipher.getInstance(algorithmURI);
        keyCipher.init(XMLCipher.WRAP_MODE, deSedeEncryptKey);
        encryptedKey = keyCipher.encryptKey(c32Document, aesSymmetricKey);
        rootElement = c32Document.getDocumentElement();

        String notEncrypted = documentXmlConverter
                .convertXmlDocToString(c32Document);

        // Act
        documentEncrypter.encryptElement(c32Document, aesSymmetricKey,
                encryptedKey, rootElement);
        String encrypted = documentXmlConverter
                .convertXmlDocToString(c32Document);

        // Assert
        assertNotEquals(notEncrypted, encrypted);
        assertTrue(XmlComparator.compareXMLs(testEncrypted, encrypted,
                Arrays.asList("CipherData")).similar());

    } catch (Exception e) {
        fail(e.getMessage().toString());
    }
}
 

import org.apache.xml.security.encryption.XMLCipher; //导入依赖的package包/类
/**
 * Method itemEncryptedKey
 *
 * @param i
 * @return the asked EncryptedKey element, null if the index is too big
 * @throws XMLSecurityException
 */
public EncryptedKey itemEncryptedKey(int i) throws XMLSecurityException {
    if (encryptedKeys != null) {
        return encryptedKeys.get(i);
    }
    Element e =
        XMLUtils.selectXencNode(
            getFirstChild(), EncryptionConstants._TAG_ENCRYPTEDKEY, i);

    if (e != null) {
        XMLCipher cipher = XMLCipher.getInstance();
        cipher.init(XMLCipher.UNWRAP_MODE, null);
        return cipher.loadEncryptedKey(e);
    }
    return null;
}
 

import org.apache.xml.security.encryption.XMLCipher; //导入依赖的package包/类
@Test
public void testFullPayloadAsymmetricKeyDecryptionSHA256() throws Exception {
                  
    final KeyStoreParameters tsParameters = new KeyStoreParameters();
    tsParameters.setPassword("password");
    tsParameters.setResource("sender.ts");
    
    final KeyStoreParameters ksParameters = new KeyStoreParameters();
    ksParameters.setPassword("password");
    ksParameters.setResource("recipient.ks");

    context.addRoutes(new RouteBuilder() {
        public void configure() {
            from("direct:start")
                .marshal().secureXML("", new HashMap<String, String>(), true, "recipient", XMLCipher.AES_128, 
                                     XMLCipher.RSA_OAEP, tsParameters, null, XMLCipher.SHA256).to("mock:encrypted")
                .unmarshal().secureXML("", new HashMap<String, String>(), true, "recipient", XMLCipher.AES_128, 
                                     XMLCipher.RSA_OAEP, ksParameters, null, XMLCipher.SHA256).to("mock:decrypted");
        }
    });
    xmlsecTestHelper.testDecryption(context);
}
 

import org.apache.xml.security.encryption.XMLCipher; //导入依赖的package包/类
/**
 * Decrypt the document using DOM API and run some tests on the decrypted Document.
 */
private Document decryptUsingDOM(
        String algorithm,
        SecretKey secretKey,
        Key wrappingKey,
        Document document
) throws Exception {
    XMLCipher cipher = XMLCipher.getInstance(algorithm);
    cipher.init(XMLCipher.DECRYPT_MODE, secretKey);
    if (wrappingKey != null) {
        cipher.setKEK(wrappingKey);
    }

    NodeList nodeList = document.getElementsByTagNameNS(
            XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
            XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart()
    );
    Element ee = (Element) nodeList.item(0);
    return cipher.doFinal(document, ee);
}
 

import org.apache.xml.security.encryption.XMLCipher; //导入依赖的package包/类
/**
 * Decrypt the document using DOM API and run some tests on the decrypted Document.
 */
private Document decryptUsingDOM(
    String algorithm,
    SecretKey secretKey,
    Key wrappingKey,
    Document document
) throws Exception {
    XMLCipher cipher = XMLCipher.getInstance(algorithm);
    cipher.init(XMLCipher.DECRYPT_MODE, secretKey);
    if (wrappingKey != null) {
        cipher.setKEK(wrappingKey);
    }

    NodeList nodeList = document.getElementsByTagNameNS(
            XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
            XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart()
        );
    Element ee = (Element)nodeList.item(0);
    return cipher.doFinal(document, ee);
}
 

import org.apache.xml.security.encryption.XMLCipher; //导入依赖的package包/类
@Test
public void testFullPayloadAsymmetricKeyEncryptionSHA256() throws Exception {
    KeyStoreParameters tsParameters = new KeyStoreParameters();
    tsParameters.setPassword("password");
    tsParameters.setResource("sender.ts");

    final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
    xmlEncDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_OAEP);
    xmlEncDataFormat.setKeyOrTrustStoreParameters(tsParameters);
    xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_128);
    xmlEncDataFormat.setRecipientKeyAlias("recipient");
    xmlEncDataFormat.setDigestAlgorithm(XMLCipher.SHA256);

    context.addRoutes(new RouteBuilder() {
        public void configure() {
            from("direct:start")
                .marshal(xmlEncDataFormat).to("mock:encrypted");
        }
    });
    xmlsecTestHelper.testEncryption(context);
}
 

import org.apache.xml.security.encryption.XMLCipher; //导入依赖的package包/类
@org.junit.Test
public void testEncryptedKeyWithRecipient() throws Exception {
    String filename =
        "src/test/resources/org/apache/xml/security/encryption/encryptedKey.xml";
    if (basedir != null && !"".equals(basedir)) {
        filename = basedir + "/" + filename;
    }
    File f = new File(filename);

    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(f);

    XMLCipher keyCipher = XMLCipher.getInstance();
    keyCipher.init(XMLCipher.UNWRAP_MODE, null);

    NodeList ekList =
        document.getElementsByTagNameNS(
            EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_ENCRYPTEDKEY
        );
    for (int i = 0; i < ekList.getLength(); i++) {
        EncryptedKey ek =
            keyCipher.loadEncryptedKey(document, (Element) ekList.item(i));
        assertNotNull(ek.getRecipient());
    }
}
 

import org.apache.xml.security.encryption.XMLCipher; //导入依赖的package包/类
@org.junit.Test
public void testEecryptToByteArray() throws Exception {
    if (!bcInstalled) {
        return;
    }
    KeyGenerator keygen = KeyGenerator.getInstance("AES");
    keygen.init(128);
    Key key = keygen.generateKey();

    Document document = document();

    XMLCipher cipher = XMLCipher.getInstance(XMLCipher.AES_128_GCM);
    cipher.init(XMLCipher.ENCRYPT_MODE, key);
    cipher.getEncryptedData();

    Document encrypted = cipher.doFinal(document, document);

    XMLCipher xmlCipher = XMLCipher.getInstance();
    xmlCipher.init(XMLCipher.DECRYPT_MODE, key);
    Element encryptedData = (Element) encrypted.getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_ENCRYPTEDDATA).item(0);

    xmlCipher.decryptToByteArray(encryptedData);
}
 

import org.apache.xml.security.encryption.XMLCipher; //导入依赖的package包/类
/**
 * Method decryptElement
 *
 * Take a key, encryption type and a document, find an encrypted element
 * decrypt it and return the resulting document
 *
 * @param filename File to decrypt from
 * @param key The Key to use for decryption
 */
private Document decryptElement(Document doc, Key rsaKey, X509Certificate rsaCert) throws Exception {
    // Create the XMLCipher element
    XMLCipher cipher = XMLCipher.getInstance();

    // Need to pre-load the Encrypted Data so we can get the key info
    Element ee =
        (Element) doc.getElementsByTagNameNS(
            "http://www.w3.org/2001/04/xmlenc#", "EncryptedData"
        ).item(0);
    cipher.init(XMLCipher.DECRYPT_MODE, null);
    EncryptedData encryptedData = cipher.loadEncryptedData(doc, ee);

    KeyInfo ki = encryptedData.getKeyInfo();
    EncryptedKey encryptedKey = ki.itemEncryptedKey(0);
    KeyInfo kiek = encryptedKey.getKeyInfo();
    X509Data certData = kiek.itemX509Data(0);
    XMLX509Certificate xcert = certData.itemCertificate(0);
    X509Certificate cert = xcert.getX509Certificate();
    assertTrue(rsaCert.equals(cert));

    XMLCipher cipher2 = XMLCipher.getInstance();
    cipher2.init(XMLCipher.UNWRAP_MODE, rsaKey);
    Key key =
        cipher2.decryptKey(
            encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm()
        );

    cipher.init(XMLCipher.DECRYPT_MODE, key);
    Document dd = cipher.doFinal(doc, ee);

    return dd;
}
 

import org.apache.xml.security.encryption.XMLCipher; //导入依赖的package包/类
@org.junit.Test
public void testRSAOAEP11KW() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument =
            this.getClass().getClassLoader().getResourceAsStream(
                    "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);

    // Set up the Key
    KeyGenerator keygen = KeyGenerator.getInstance("DESede");
    SecretKey key = keygen.generateKey();

    // Set up the Key Wrapping Key
    XMLCipher cipher = XMLCipher.getInstance(XMLCipher.RSA_OAEP_11);
    cipher.init(XMLCipher.WRAP_MODE, rsaKeyPair.getPublic());
    EncryptedKey encryptedKey = cipher.encryptKey(document, key);

    List<String> localNames = new ArrayList<String>();
    localNames.add("PaymentInfo");

    String encryptionAlgorithm = XMLCipher.TRIPLEDES;

    encrypt(encryptedKey, encryptionAlgorithm, document, localNames, key);

    // Check the CreditCard encrypted ok
    NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 0);

    // XMLUtils.outputDOM(document, System.out);
    document = decrypt(document, rsaKeyPair.getPrivate());

    // Check the CreditCard decrypted ok
    nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
    Assert.assertEquals(nodeList.getLength(), 1);
}
 

import org.apache.xml.security.encryption.XMLCipher; //导入依赖的package包/类
@Test
public void testFullPayloadAsymmetricKeyEncryptionGCM() throws Exception {
    KeyStoreParameters tsParameters = new KeyStoreParameters();
    tsParameters.setPassword("password");
    tsParameters.setResource("sender.ts");

    final XMLSecurityDataFormat xmlEncDataFormat = new XMLSecurityDataFormat();
    xmlEncDataFormat.setKeyCipherAlgorithm(XMLCipher.RSA_OAEP);
    xmlEncDataFormat.setKeyOrTrustStoreParameters(tsParameters);
    xmlEncDataFormat.setXmlCipherAlgorithm(XMLCipher.AES_128_GCM);
    xmlEncDataFormat.setRecipientKeyAlias("recipient");

    context.addRoutes(new RouteBuilder() {
        public void configure() {
            from("direct:start")
                .marshal(xmlEncDataFormat).to("mock:encrypted");
        }
    });
    xmlsecTestHelper.testEncryption(context);
}
 

import org.apache.xml.security.encryption.XMLCipher; //导入依赖的package包/类
private void decryptDocument(Document docSource, KeyResolverSpi internalResolver) throws Exception
{
    Document document = (Document)docSource.cloneNode(true);
    Element rootElement = document.getDocumentElement();
    Element encryptedDataElement = (Element)rootElement.getFirstChild();

    XMLCipher decryptCipher = XMLCipher.getInstance();
    decryptCipher.init(XMLCipher.DECRYPT_MODE, null);
    if (internalResolver != null) {
        decryptCipher.registerInternalKeyResolver(internalResolver);
    }
    decryptCipher.doFinal(document, encryptedDataElement);

    Element decryptedElement = (Element) rootElement.getFirstChild();
    assertEquals("elem", decryptedElement.getLocalName());
}
 

import org.apache.xml.security.encryption.XMLCipher; //导入依赖的package包/类
@Test
  public void testParseProtectedStringEncrypted() throws Exception {
final String TEST_NAME = "testParseProtectedStringEncrypted";
displayTestTitle(TEST_NAME);

// GIVEN
      Protector protector = PrismInternalTestUtil.createProtector(XMLCipher.AES_128);
      ProtectedStringType protectedStringType = protector.encryptString("salalala");

      PrismContext prismContext = PrismTestUtil.getPrismContext();

      // WHEN

      MapXNode protectedStringTypeXNode = ((PrismContextImpl) prismContext).getBeanMarshaller().marshalProtectedDataType(protectedStringType, null);
      System.out.println("Protected string type XNode: " + protectedStringTypeXNode.debugDump());

      // THEN
      ProtectedStringType unmarshalled = new ProtectedStringType();
      XNodeProcessorUtil.parseProtectedType(unmarshalled, protectedStringTypeXNode, prismContext, ParsingContext.createDefault());
      System.out.println("Unmarshalled value: " + unmarshalled);
      assertEquals("Unmarshalled value differs from the original", protectedStringType, unmarshalled);
  }
 

import org.apache.xml.security.encryption.XMLCipher; //导入依赖的package包/类
@Test
  public void testParseProtectedStringHashed() throws Exception {
final String TEST_NAME = "testParseProtectedStringHashed";
displayTestTitle(TEST_NAME);

// GIVEN
ProtectedStringType protectedStringType = new ProtectedStringType();
protectedStringType.setClearValue("blabla");
      Protector protector = PrismInternalTestUtil.createProtector(XMLCipher.AES_128);
      protector.hash(protectedStringType);

      PrismContext prismContext = PrismTestUtil.getPrismContext();

      // WHEN

      MapXNode protectedStringTypeXNode = ((PrismContextImpl) prismContext).getBeanMarshaller().marshalProtectedDataType(protectedStringType, null);
      System.out.println("Protected string type XNode: " + protectedStringTypeXNode.debugDump());

      // THEN
      ProtectedStringType unmarshalled = new ProtectedStringType();
      XNodeProcessorUtil.parseProtectedType(unmarshalled, protectedStringTypeXNode, prismContext, ParsingContext.createDefault());
      System.out.println("Unmarshalled value: " + unmarshalled);
      assertEquals("Unmarshalled value differs from the original", protectedStringType, unmarshalled);
  }