/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /* * XSEC * * XKMSRecoverResultImpl := Implementation of RecoverResult Messages * * $Id$ * */ #include <xsec/enc/XSECCryptoUtils.hpp> #include <xsec/enc/XSECCryptoKey.hpp> #include <xsec/framework/XSECDefs.hpp> #include <xsec/framework/XSECError.hpp> #include <xsec/framework/XSECEnv.hpp> #include <xsec/framework/XSECAlgorithmMapper.hpp> #include <xsec/framework/XSECAlgorithmHandler.hpp> #include <xsec/xenc/XENCEncryptedData.hpp> #include <xsec/xenc/XENCEncryptionMethod.hpp> #include <xsec/xenc/XENCCipher.hpp> #ifdef XSEC_XKMS_ENABLED #include "../../utils/XSECDOMUtils.hpp" #include "XKMSRecoverResultImpl.hpp" #include "XKMSKeyBindingImpl.hpp" #include "XKMSRSAKeyPairImpl.hpp" #include <xsec/xkms/XKMSConstants.hpp> #include <xercesc/dom/DOM.hpp> XERCES_CPP_NAMESPACE_USE // -------------------------------------------------------------------------------- // Construct/Destruct // -------------------------------------------------------------------------------- XKMSRecoverResultImpl::XKMSRecoverResultImpl( const XSECEnv * env) : m_result(env), m_msg(m_result.m_msg), mp_RSAKeyPair(NULL), mp_privateKeyElement(NULL) { } XKMSRecoverResultImpl::XKMSRecoverResultImpl( const XSECEnv * env, XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * node) : m_result(env, node), m_msg(m_result.m_msg), mp_RSAKeyPair(NULL), mp_privateKeyElement(NULL) { } XKMSRecoverResultImpl::~XKMSRecoverResultImpl() { XKMSRecoverResultImpl::KeyBindingVectorType::iterator i; for (i = m_keyBindingList.begin() ; i != m_keyBindingList.end(); ++i) { delete (*i); } if (mp_RSAKeyPair != NULL) delete mp_RSAKeyPair; } // -------------------------------------------------------------------------------- // Load from DOM // -------------------------------------------------------------------------------- // Load elements void XKMSRecoverResultImpl::load() { if (m_msg.mp_messageAbstractTypeElement == NULL) { // Attempt to load an empty element throw XSECException(XSECException::XKMSError, "XKMSRecoverResult::load - called on empty DOM"); } if (!strEquals(getXKMSLocalName(m_msg.mp_messageAbstractTypeElement), XKMSConstants::s_tagRecoverResult)) { throw XSECException(XSECException::XKMSError, "XKMSRecoverResult::load - called incorrect node"); } // Get any UnverifiedKeyBinding elements DOMNodeList * nl = m_msg.mp_messageAbstractTypeElement->getElementsByTagNameNS( XKMSConstants::s_unicodeStrURIXKMS, XKMSConstants::s_tagKeyBinding); if (nl != NULL) { XKMSKeyBindingImpl * kb; for (unsigned int i = 0; i < nl->getLength() ; ++ i) { XSECnew(kb, XKMSKeyBindingImpl(m_msg.mp_env, (DOMElement *) nl->item(i))); m_keyBindingList.push_back(kb); kb->load(); } } nl = m_msg.mp_messageAbstractTypeElement->getElementsByTagNameNS( XKMSConstants::s_unicodeStrURIXKMS, XKMSConstants::s_tagPrivateKey); if (nl != NULL) mp_privateKeyElement = (DOMElement *) nl->item(0); // Load the base message m_result.load(); } // -------------------------------------------------------------------------------- // Create a blank one // -------------------------------------------------------------------------------- DOMElement * XKMSRecoverResultImpl::createBlankRecoverResult( const XMLCh * service, const XMLCh * id, ResultMajor rmaj, ResultMinor rmin) { return m_result.createBlankResultType( XKMSConstants::s_tagRecoverResult, service, id, rmaj, rmin); } // -------------------------------------------------------------------------------- // Get interface methods // -------------------------------------------------------------------------------- XKMSMessageAbstractType::messageType XKMSRecoverResultImpl::getMessageType(void) { return XKMSMessageAbstractTypeImpl::RecoverResult; } // -------------------------------------------------------------------------------- // UnverifiedKeyBinding handling // -------------------------------------------------------------------------------- int XKMSRecoverResultImpl::getKeyBindingSize(void) const { return (int) m_keyBindingList.size(); } XKMSKeyBinding * XKMSRecoverResultImpl::getKeyBindingItem(int item) const { if (item < 0 || item >= (int) m_keyBindingList.size()) { throw XSECException(XSECException::XKMSError, "XKMSRecoverResult::getKeyBindingItem - item out of range"); } return m_keyBindingList[item]; } XKMSKeyBinding * XKMSRecoverResultImpl::appendKeyBindingItem(XKMSStatus::StatusValue status) { XKMSKeyBindingImpl * u; XSECnew(u, XKMSKeyBindingImpl(m_msg.mp_env)); m_keyBindingList.push_back(u); DOMElement * e = u->createBlankKeyBinding(status); // Append the element DOMElement * c = findFirstElementChild(m_msg.mp_messageAbstractTypeElement); while (c != NULL) { if (strEquals(getXKMSLocalName(c), XKMSConstants::s_tagPrivateKey)) break; } if (c != NULL) { m_msg.mp_messageAbstractTypeElement->insertBefore(e, c); if (m_msg.mp_env->getPrettyPrintFlag()) { m_msg.mp_messageAbstractTypeElement->insertBefore( m_msg.mp_env->getParentDocument()->createTextNode(DSIGConstants::s_unicodeStrNL), c); } } else { m_msg.mp_messageAbstractTypeElement->appendChild(e); m_msg.mp_env->doPrettyPrint(m_msg.mp_messageAbstractTypeElement); } return u; } // -------------------------------------------------------------------------------- // RSAKeyPair handling // -------------------------------------------------------------------------------- XKMSRSAKeyPair * XKMSRecoverResultImpl::getRSAKeyPair(const char * passPhrase) { // Already done? if (mp_RSAKeyPair != NULL) return mp_RSAKeyPair; // Nope - can we do it? if (mp_privateKeyElement == NULL) return NULL; // Yep! Load the key unsigned char kbuf[XSEC_MAX_HASH_SIZE]; unsigned int len = CalculateXKMSKEK((unsigned char *) passPhrase, (int) strlen(passPhrase), kbuf, XSEC_MAX_HASH_SIZE); if (len == 0) { throw XSECException(XSECException::XKMSError, "XKMSRecoverResult::getRSAKeyPair - error deriving KEK"); } XSECProvider prov; XENCCipher * cipher = prov.newCipher(m_msg.mp_env->getParentDocument()); // Find the encrypted info DOMNode * n = findXENCNode(mp_privateKeyElement, "EncryptedData"); // Load into the Cipher class XENCEncryptedData * xed = cipher->loadEncryptedData((DOMElement *) n); if (xed == NULL) { throw XSECException(XSECException::XKMSError, "XKMSRecoverResult::getRSAKeyPair - error loading encrypted data"); } // Setup the appropriate key if (xed->getEncryptionMethod() == NULL) { throw XSECException(XSECException::XKMSError, "XKMSRecoverResult::getRSAKeyPair - no <EncryptionMethod> in EncryptedData"); } // Now find if we can get an algorithm for this URI const XSECAlgorithmHandler *handler = XSECPlatformUtils::g_algorithmMapper->mapURIToHandler( xed->getEncryptionMethod()->getAlgorithm()); if (handler == NULL) { throw XSECException(XSECException::XKMSError, "XKMSRecoverResult::getRSAKeyPair - unable to handle algorithm in EncryptedData"); } XSECCryptoKey * sk = handler->createKeyForURI( xed->getEncryptionMethod()->getAlgorithm(), (XMLByte *) kbuf, len); memset(kbuf, 0, XSEC_MAX_HASH_SIZE); cipher->setKey(sk); cipher->decryptElement(); // WooHoo - if we get this far things are looking good! DOMElement * kp = findFirstElementChild(mp_privateKeyElement); if (kp == NULL || !strEquals(getXKMSLocalName(kp), XKMSConstants::s_tagRSAKeyPair)) { throw XSECException(XSECException::XKMSError, "XKMSRecoverResult::getRSAKeyPair - private key did not decrypt to RSAKeyPair"); } XSECnew(mp_RSAKeyPair, XKMSRSAKeyPairImpl(m_msg.mp_env, kp)); mp_RSAKeyPair->load(); return mp_RSAKeyPair; } XENCEncryptedData * XKMSRecoverResultImpl::setRSAKeyPair(const char * passPhrase, XMLCh * Modulus, XMLCh * Exponent, XMLCh * P, XMLCh * Q, XMLCh * DP, XMLCh * DQ, XMLCh * InverseQ, XMLCh * D, const XMLCh * algorithmURI) { // Try to set up the key first - if this fails, don't want to have added the // XML // Find if we can get an algorithm for this URI const XSECAlgorithmHandler *handler = XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(algorithmURI); if (handler == NULL) { throw XSECException(XSECException::XKMSError, "XKMSRecoverResult::setRSAKeyPair - unable to handle algorithm"); } unsigned char kbuf[XSEC_MAX_HASH_SIZE]; unsigned int len = CalculateXKMSKEK((unsigned char *) passPhrase, (int) strlen(passPhrase), kbuf, XSEC_MAX_HASH_SIZE); if (len == 0) { throw XSECException(XSECException::XKMSError, "XKMSRecoverResult::setRSAKeyPair - error deriving KEK"); } XSECCryptoKey * sk = handler->createKeyForURI( algorithmURI, (XMLByte *) kbuf, len); memset(kbuf, 0, XSEC_MAX_HASH_SIZE); // Get some setup values safeBuffer str; DOMDocument *doc = m_msg.mp_env->getParentDocument(); const XMLCh * prefix = m_msg.mp_env->getXKMSNSPrefix(); makeQName(str, prefix, XKMSConstants::s_tagPrivateKey); // Create a PrivateKey to add this to DOMElement * pk = doc->createElementNS(XKMSConstants::s_unicodeStrURIXKMS, str.rawXMLChBuffer()); m_msg.mp_env->doPrettyPrint(pk); // Add it to the request doc m_msg.mp_messageAbstractTypeElement->appendChild(pk); m_msg.mp_env->doPrettyPrint(m_msg.mp_messageAbstractTypeElement); // Now create the RSA structure XKMSRSAKeyPairImpl * rsa; XSECnew(rsa, XKMSRSAKeyPairImpl(m_msg.mp_env)); DOMElement * e = rsa->createBlankXKMSRSAKeyPairImpl(Modulus, Exponent, P, Q, DP, DQ, InverseQ, D); // Add it to the PrivateKey pk->appendChild(e); m_msg.mp_env->doPrettyPrint(pk); // Encrypt all of this for future use XENCCipher * cipher = m_prov.newCipher(m_msg.mp_env->getParentDocument()); cipher->setKey(sk); cipher->encryptElementContent(pk, algorithmURI); // Now load the encrypted data back in return cipher->loadEncryptedData(findFirstElementChild(pk)); } #endif /* XSEC_XKMS_ENABLED */