in ws-security-dom/src/main/java/org/apache/wss4j/dom/message/Encryptor.java [83:212]
public List<String> doEncryption(
KeyInfo keyInfo,
SecretKey secretKey,
String encryptionAlgorithm,
List<WSEncryptionPart> references,
List<Element> attachmentEncryptedDataElements
) throws WSSecurityException {
XMLCipher xmlCipher = null;
try {
if (encryptionSerializer != null) {
xmlCipher = XMLCipher.getInstance(encryptionSerializer, encryptionAlgorithm);
} else {
xmlCipher = XMLCipher.getInstance(encryptionAlgorithm);
}
} catch (XMLEncryptionException ex) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, ex
);
}
List<String> encDataRef = new ArrayList<>();
WSEncryptionPart attachmentEncryptionPart = null;
for (WSEncryptionPart encPart : references) {
if (encPart.getId() != null && encPart.getId().startsWith("cid:")) {
attachmentEncryptionPart = encPart;
continue;
}
//
// Get the data to encrypt.
//
if (callbackLookup == null) {
callbackLookup = new DOMCallbackLookup(doc);
}
List<Element> elementsToEncrypt =
WSSecurityUtil.findElements(encPart, callbackLookup);
if (elementsToEncrypt == null || elementsToEncrypt.isEmpty()) {
if (!encPart.isRequired()) {
continue;
}
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILURE,
"noEncElement",
new Object[] {"{" + encPart.getNamespace() + "}" + encPart.getName()});
}
if (expandXopInclude) {
for (Element elementToEncrypt : elementsToEncrypt) {
Element encrElement = elementToEncrypt;
// Look for xop:Include Nodes
List<Element> includeElements =
XMLUtils.findElements(elementToEncrypt.getFirstChild(), "Include", WSConstants.XOP_NS);
if (includeElements != null && !includeElements.isEmpty()) {
// See if we already have an expanded Element available (from Signature) that matches the current Element
Element matchingElement = findMatchingExpandedElement(encrElement);
if (matchingElement != null && matchingElement != encrElement) {
// If so then replace the existing Element to encrypt in the SOAP Envelope
encrElement.getParentNode().replaceChild(matchingElement, encrElement);
encrElement = matchingElement;
// We already have an expanded Element, but might need to delete the attachments
for (Element includeElement : includeElements) {
String xopURI = includeElement.getAttributeNS(null, "href");
if (xopURI != null) {
// Delete the attachment
AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
attachmentRequestCallback.setAttachmentId(WSSecurityUtil.getAttachmentId(xopURI));
try {
attachmentCallbackHandler.handle(new Callback[]{attachmentRequestCallback});
} catch (UnsupportedCallbackException | IOException e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
}
}
}
} else {
// Here we didn't find an already expanded Element, so inline the attachment bytes
WSSecurityUtil.inlineAttachments(includeElements, attachmentCallbackHandler, true);
}
}
if (storeBytesInAttachment) {
try {
String id =
encryptElementInAttachment(keyInfo, secretKey, encryptionAlgorithm, encPart, encrElement);
encPart.setEncId(id);
encDataRef.add("#" + id);
} catch (Exception ex) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, ex);
}
} else {
String id =
encryptElement(encrElement, encPart.getEncModifier(), xmlCipher, secretKey, keyInfo);
encPart.setEncId(id);
encDataRef.add("#" + id);
}
}
} else if (storeBytesInAttachment) {
for (Element elementToEncrypt : elementsToEncrypt) {
try {
String id =
encryptElementInAttachment(keyInfo, secretKey, encryptionAlgorithm, encPart, elementToEncrypt);
encPart.setEncId(id);
encDataRef.add("#" + id);
} catch (Exception ex) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_ENCRYPTION, ex
);
}
}
} else {
for (Element elementToEncrypt : elementsToEncrypt) {
String id =
encryptElement(elementToEncrypt, encPart.getEncModifier(), xmlCipher, secretKey, keyInfo);
encPart.setEncId(id);
encDataRef.add("#" + id);
}
}
}
if (attachmentEncryptionPart != null) {
encryptAttachment(keyInfo, secretKey, encryptionAlgorithm, attachmentEncryptionPart, encDataRef,
attachmentEncryptedDataElements);
}
return encDataRef;
}