in src/main/java/org/apache/xml/security/encryption/XMLCipher.java [1353:1448]
public EncryptedKey encryptKey(
Document doc,
Key key,
AlgorithmParameterSpec params,
SecureRandom random
) throws XMLEncryptionException {
LOG.log(Level.DEBUG, "Encrypting key using algorithm specs [{0}] ...", params);
if (null == key) {
throw new XMLEncryptionException("empty", "Key unexpectedly null...");
}
if (cipherMode != WRAP_MODE) {
throw new XMLEncryptionException("empty", "XMLCipher unexpectedly not in WRAP_MODE...");
}
if (algorithm == null) {
throw new XMLEncryptionException("empty", "XMLCipher instance without transformation specified");
}
contextDocument = doc;
byte[] encryptedBytes = null;
Cipher c;
if (contextCipher == null) {
// Now create the working cipher
c = constructCipher(algorithm, null);
} else {
c = contextCipher;
}
AlgorithmParameterSpec cipherSpec = null;
Key wrapKey = this.key;
if (params instanceof OAEPParameterSpec) {
cipherSpec = params;
} else if (params instanceof KeyAgreementParameters) {
KeyAgreementParameters keyAgreementParameter = (KeyAgreementParameters) params;
validateAndUpdateKeyAgreementParameterKeys(keyAgreementParameter);
// Generate a key using the key Agreement Parameters for the wrap algorithm
wrapKey = KeyUtils.aesWrapKeyWithDHGeneratedKey(keyAgreementParameter);
} else if (params != null) {
throw new XMLEncryptionException("encryption.UnsupportedAlgorithmParameterSpec", params.getClass().getName());
}
// Now perform the encryption
try {
if (random != null) {
if (cipherSpec == null) {
c.init(Cipher.WRAP_MODE, wrapKey, random);
} else {
c.init(Cipher.WRAP_MODE, wrapKey, cipherSpec, random);
}
} else {
if (cipherSpec == null) {
c.init(Cipher.WRAP_MODE, wrapKey);
} else {
c.init(Cipher.WRAP_MODE, wrapKey, cipherSpec);
}
}
encryptedBytes = c.wrap(key);
} catch (InvalidKeyException | IllegalBlockSizeException | InvalidAlgorithmParameterException e) {
throw new XMLEncryptionException(e);
}
String base64EncodedEncryptedOctets = XMLUtils.encodeToString(encryptedBytes);
LOG.log(Level.DEBUG, "Encrypted key octets:\n{0}", base64EncodedEncryptedOctets);
LOG.log(Level.DEBUG, "Encrypted key octets length = {0}", base64EncodedEncryptedOctets.length());
CipherValue cv = ek.getCipherData().getCipherValue();
cv.setValue(base64EncodedEncryptedOctets);
try {
EncryptionMethod method = factory.newEncryptionMethod(new URI(algorithm).toString());
method.setDigestAlgorithm(digestAlg);
ek.setEncryptionMethod(method);
if (params instanceof OAEPParameterSpec) {
OAEPParameterSpec oaepSpec = (OAEPParameterSpec) params;
String mgf1Uri = XMLCipherUtil.getMgf1URIForParameter((MGF1ParameterSpec) oaepSpec.getMGFParameters());
method.setMGFAlgorithm(mgf1Uri);
if (PSource.PSpecified.DEFAULT != oaepSpec.getPSource() && oaepSpec.getPSource() instanceof PSource.PSpecified) {
byte[] pSourceParams = ((PSource.PSpecified) oaepSpec.getPSource()).getValue();
method.setOAEPparams(pSourceParams);
}
} else if (params instanceof KeyAgreementParameters) {
KeyAgreementParameters keyAgreementParameter = (KeyAgreementParameters) params;
AgreementMethodImpl agreementMethod = new AgreementMethodImpl(contextDocument, keyAgreementParameter);
KeyInfoEnc keyInfo = new KeyInfoEnc(contextDocument);
keyInfo.add(agreementMethod);
ek.setKeyInfo(keyInfo);
}
} catch (URISyntaxException ex) {
throw new XMLEncryptionException(ex);
}
return ek;
}