in xsec/tools/xtest/xtest.cpp [2293:2548]
void testEncrypt(DOMImplementation *impl) {
cerr << "Creating a known doc encrypting a portion of it" << endl;
// Create a document
DOMDocument * doc = createTestDoc(impl);
DOMNode * categoryNode = findNode(doc, MAKE_UNICODE_STRING("category"));
if (categoryNode == NULL) {
cerr << "Error finding category node for encryption test" << endl;
exit(1);
}
// Check signature functions
XSECProvider prov;
XENCCipher * cipher;
try {
/*
* Now we have a document, find the data node.
*/
// Generate a key
unsigned char randomBuffer[256];
if (XSECPlatformUtils::g_cryptoProvider->getRandom(randomBuffer, 256) != 256) {
cerr << "Unable to obtain enough random bytes from Crypto Provider" << endl;
exit(1);
}
cipher = prov.newCipher(doc);
cipher->setXENCNSPrefix(MAKE_UNICODE_STRING("xenc"));
cipher->setPrettyPrint(true);
// Set a key
XSECCryptoSymmetricKey * k =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
k->setKey((unsigned char *) randomBuffer, 24);
cipher->setKey(k);
// Now encrypt!
cerr << "Performing 3DES encryption on <category> element ... ";
cipher->encryptElement((DOMElement *) categoryNode, DSIGConstants::s_unicodeStrURI3DES_CBC);
// Add a KeyInfo
cerr << "done\nAppending a <KeyName> ... ";
XENCEncryptedData * encryptedData = cipher->getEncryptedData();
encryptedData->appendKeyName(s_tstKeyName);
cerr << "done\nAdding Encoding and MimeType ... ";
// Add MimeType and Encoding
encryptedData->setEncoding(s_tstEncoding);
encryptedData->setMimeType(s_tstMimeType);
// Set a KeySize
cerr << "done\nSetting <KeySize> ... ";
encryptedData->getEncryptionMethod()->setKeySize(192);
cerr << "done\nSearching for <category> ... ";
DOMNode * t = findNode(doc, MAKE_UNICODE_STRING("category"));
if (t != NULL) {
cerr << "found!\nError - category is not encrypted" << endl;
exit(1);
}
else
cerr << "not found (OK - now encrypted)" << endl;
// Now try to encrypt the Key
cerr << "Encrypting symmetric key ... " << endl;
XSECCryptoSymmetricKey * kek;
if (g_haveAES) {
kek = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
kek->setKey((unsigned char *) s_keyStr, 16);
}
else {
kek = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
kek->setKey((unsigned char *) s_keyStr, 24);
}
cipher->setKEK(kek);
XENCEncryptedKey * encryptedKey;
if (g_haveAES)
encryptedKey = cipher->encryptKey(randomBuffer, 24, DSIGConstants::s_unicodeStrURIKW_AES128);
else
encryptedKey = cipher->encryptKey(randomBuffer, 24, DSIGConstants::s_unicodeStrURIKW_3DES);
cerr << "done!" << endl;
cerr << "Adding CarriedKeyName and Recipient to encryptedKey ... " << endl;
encryptedKey->setCarriedKeyName(s_tstCarriedKeyName);
encryptedKey->setRecipient(s_tstRecipient);
cerr << "done!" << endl;
encryptedData->appendEncryptedKey(encryptedKey);
outputDoc(impl, doc);
// OK - Now we try to decrypt
// Find the EncryptedData node
DOMNode * n = findXENCNode(doc, "EncryptedData");
XENCCipher * cipher2 = prov.newCipher(doc);
XSECCryptoSymmetricKey * k2;
if (g_haveAES) {
k2 = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
k2->setKey((unsigned char *) s_keyStr, 16);
}
else {
k2 = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
k2->setKey((unsigned char *) s_keyStr, 24);
}
cipher2->setKEK(k2);
cerr << "Decrypting ... ";
cipher2->decryptElement(static_cast<DOMElement *>(n));
cerr << "done" << endl;
cerr << "Checking for <category> element ... ";
t = findNode(doc, MAKE_UNICODE_STRING("category"));
if (t == NULL) {
cerr << " not found!\nError - category did not decrypt properly" << endl;
exit(1);
}
else
cerr << "found" << endl;
cerr << "Checking <KeyName> element is set correctly ... ";
encryptedData = cipher2->getEncryptedData();
if (encryptedData == NULL) {
cerr << "no - cannot access EncryptedData element" << endl;
exit(1);
}
DSIGKeyInfoList * kil = encryptedData->getKeyInfoList();
int nki = (int) kil->getSize();
bool foundNameOK = false;
int i;
for (i = 0; i < nki; ++i) {
if (kil->item(i)->getKeyInfoType() == DSIGKeyInfo::KEYINFO_NAME) {
DSIGKeyInfoName *n = (DSIGKeyInfoName *) (kil->item(i));
if (!strEquals(n->getKeyName(), s_tstKeyName)) {
cerr << "no!" << endl;
exit (1);
}
foundNameOK = true;
break;
}
}
if (foundNameOK == false) {
cerr << "no!" << endl;
exit(1);
}
else
cerr << "yes." << endl;
cerr << "Checking CarriedKeyName and Recipient values ... ";
bool foundCCN = false;
bool foundRecipient = false;
for (i = 0; i < nki; ++i) {
if (kil->item(i)->getKeyInfoType() == DSIGKeyInfo::KEYINFO_ENCRYPTEDKEY) {
XENCEncryptedKey * xek = (XENCEncryptedKey*)(kil->item(i));
if (strEquals(xek->getCarriedKeyName(), s_tstCarriedKeyName)) {
foundCCN = true;
}
if (strEquals(xek->getRecipient(), s_tstRecipient)) {
foundRecipient = true;
}
}
}
if (foundCCN == false || foundRecipient == false) {
cerr << "no!" << endl;
exit(1);
}
else {
cerr << "OK" << endl;
}
cerr << "Checking MimeType and Encoding ... ";
if (encryptedData->getMimeType() == NULL || !strEquals(encryptedData->getMimeType(), s_tstMimeType)) {
cerr << "Bad MimeType" << endl;
exit(1);
}
if (encryptedData->getEncoding() == NULL || !strEquals(encryptedData->getEncoding(), s_tstEncoding)) {
cerr << "Bad Encoding" << endl;
exit(1);
}
cerr << "OK" << endl;
cerr << "Checking KeySize in EncryptionMethod ... ";
if (encryptedData->getEncryptionMethod() == NULL || encryptedData->getEncryptionMethod()->getKeySize() != 192) {
cerr << "Bad KeySize" << endl;
exit(1);
}
cerr << "OK" << endl;
}
catch (const XSECException &e)
{
cerr << "An error occurred during signature processing\n Message: ";
char * ce = XMLString::transcode(e.getMsg());
cerr << ce << endl;
delete ce;
exit(1);
}
catch (const XSECCryptoException &e)
{
cerr << "A cryptographic error occurred during signature processing\n Message: "
<< e.getMsg() << endl;
exit(1);
}
outputDoc(impl, doc);
doc->release();
}