org.apache.xml.security.encryption

Class XMLCipher

java.lang.Object

org.apache.xml.security.encryption.XMLCipher

public class XMLCipher
extends Object

XMLCipher encrypts and decrypts the contents of Documents, Elements and Element contents. It was designed to resemble javax.crypto.Cipher in order to facilitate understanding of its functioning.

Field Summary

Fields

Modifier and Type	Field and Description
static String	AES_128 AES 128 Cipher
static String	AES_128_GCM AES 128 GCM Cipher
static String	AES_128_KeyWrap AES 128 Cipher KeyWrap
static String	AES_192 AES 192 Cipher
static String	AES_192_GCM AES 192 GCM Cipher
static String	AES_192_KeyWrap AES 192 Cipher KeyWrap
static String	AES_256 AES 256 Cipher
static String	AES_256_GCM AES 256 GCM Cipher
static String	AES_256_KeyWrap AES 256 Cipher KeyWrap
static String	BASE64_ENCODING Base64 encoding
static String	CAMELLIA_128 CAMELLIA 128 Cipher
static String	CAMELLIA_128_KeyWrap CAMELLIA 128 Cipher KeyWrap
static String	CAMELLIA_192 CAMELLIA 192 Cipher
static String	CAMELLIA_192_KeyWrap CAMELLIA 192 Cipher KeyWrap
static String	CAMELLIA_256 CAMELLIA 256 Cipher
static String	CAMELLIA_256_KeyWrap CAMELLIA 256 Cipher KeyWrap
static int	DECRYPT_MODE DECRYPT Mode
static String	DIFFIE_HELLMAN DIFFIE_HELLMAN Cipher
static int	ENCRYPT_MODE ENCRYPT Mode
static String	EXCL_XML_N14C N14C_XML exclusive
static String	EXCL_XML_N14C_WITH_COMMENTS N14C_XML exclusive with comments
static String	N14C_XML N14C_XML
static String	N14C_XML_WITH_COMMENTS N14C_XML with comments
static String	PHYSICAL_XML_N14C N14C_PHYSICAL preserve the physical representation
static String	RIPEMD_160 RIPEMD Cipher
static String	RSA_OAEP RSA OAEP Cipher
static String	RSA_OAEP_11 RSA OAEP Cipher
static String	RSA_v1dot5 RSA 1.5 Cipher
static String	SEED_128 SEED 128 Cipher
static String	SEED_128_KeyWrap SEED 128 Cipher KeyWrap
static String	SHA1 SHA1 Cipher
static String	SHA256 SHA256 Cipher
static String	SHA512 SHA512 Cipher
static String	TRIPLEDES Triple DES EDE (192 bit key) in CBC mode
static String	TRIPLEDES_KeyWrap Triple DES EDE (192 bit key) in CBC mode KEYWRAP
static int	UNWRAP_MODE UNWRAP Mode
static int	WRAP_MODE WRAP Mode
static String	XML_DSIG XML Signature NS

Method Summary

Modifier and Type	Method and Description
AgreementMethod	createAgreementMethod(String algorithm) Create an AgreementMethod object
CipherData	createCipherData(int type) Create a CipherData object
CipherReference	createCipherReference(String uri) Create a CipherReference object
CipherValue	createCipherValue(String value) Create a CipherValue element
EncryptedData	createEncryptedData(int type, String value) Creates an EncryptedData Element.
EncryptedKey	createEncryptedKey(int type, String value) Creates an EncryptedKey Element.
EncryptionMethod	createEncryptionMethod(String algorithm) Create an EncryptionMethod object
EncryptionProperties	createEncryptionProperties() Create an EncryptionProperties element
EncryptionProperty	createEncryptionProperty() Create a new EncryptionProperty element
ReferenceList	createReferenceList(int type) Create a new ReferenceList object
Transforms	createTransforms() Create a new Transforms object
Transforms	createTransforms(Document doc) Create a new Transforms object Because the handling of Transforms is currently done in the signature code, the creation of a Transforms object requires a context document.
Key	decryptKey(EncryptedKey encryptedKey) Decrypt a key from a passed in EncryptedKey structure.
Key	decryptKey(EncryptedKey encryptedKey, String algorithm) Decrypt a key from a passed in EncryptedKey structure
byte[]	decryptToByteArray(Element element) Decrypt an EncryptedData element to a byte array.
Document	doFinal(Document context, Document source) Process a DOM Document node.
Document	doFinal(Document context, Element element) Process a DOM Element node.
Document	doFinal(Document context, Element element, boolean content) Process the contents of a DOM Element node.
EncryptedData	encryptData(Document context, Element element) Returns an EncryptedData interface.
EncryptedData	encryptData(Document context, Element element, boolean contentMode) Returns an EncryptedData interface.
EncryptedData	encryptData(Document context, String type, InputStream serializedData) Returns an EncryptedData interface.
EncryptedKey	encryptKey(Document doc, Key key) Encrypts a key to an EncryptedKey structure
EncryptedKey	encryptKey(Document doc, Key key, String mgfAlgorithm, byte[] oaepParams) Encrypts a key to an EncryptedKey structure
EncryptedKey	encryptKey(Document doc, Key key, String mgfAlgorithm, byte[] oaepParams, SecureRandom random) Encrypts a key to an EncryptedKey structure
EncryptedData	getEncryptedData() Get the EncryptedData being built
EncryptedKey	getEncryptedKey() Get the EncryptedData being build Returns the EncryptedData being built during an ENCRYPT operation.
static XMLCipher	getInstance() Returns an XMLCipher that implements no specific transformation, and can therefore only be used for decrypt or unwrap operations where the encryption method is defined in the EncryptionMethod element.
static XMLCipher	getInstance(String transformation) Returns an XMLCipher that implements the specified transformation and operates on the specified context document.
static XMLCipher	getInstance(String transformation, Serializer serializer) Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified serializer before it encrypts the document.
static XMLCipher	getInstance(String transformation, String canon) Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.
static XMLCipher	getInstance(String transformation, String canon, String digestMethod) Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.
static XMLCipher	getProviderInstance(String provider) Returns an XMLCipher that implements no specific transformation, and can therefore only be used for decrypt or unwrap operations where the encryption method is defined in the EncryptionMethod element.
static XMLCipher	getProviderInstance(String transformation, String provider) Returns an XMLCipher that implements the specified transformation and operates on the specified context document.
static XMLCipher	getProviderInstance(String transformation, String provider, Serializer serializer, String digestMethod) Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified Serializer before it encrypts the document.
static XMLCipher	getProviderInstance(String transformation, String provider, String canon) Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.
static XMLCipher	getProviderInstance(String transformation, String provider, String canon, String digestMethod) Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.
void	init(int opmode, Key key) Initializes this cipher with a key.
EncryptedData	loadEncryptedData(Document context, Element element) Returns an EncryptedData interface.
EncryptedKey	loadEncryptedKey(Document context, Element element) Returns an EncryptedKey interface.
EncryptedKey	loadEncryptedKey(Element element) Returns an EncryptedKey interface.
Element	martial(Document context, EncryptedData encryptedData) Martial an EncryptedData Takes an EncryptedData object and returns a DOM Element that represents the appropriate EncryptedData
Element	martial(Document context, EncryptedKey encryptedKey) Martial an EncryptedKey Takes an EncryptedKey object and returns a DOM Element that represents the appropriate EncryptedKey
Element	martial(Document context, ReferenceList referenceList) Martial a ReferenceList Takes a ReferenceList object and returns a DOM Element that represents the appropriate ReferenceList
Element	martial(EncryptedData encryptedData) Martial an EncryptedData Takes an EncryptedData object and returns a DOM Element that represents the appropriate EncryptedData
Element	martial(EncryptedKey encryptedKey) Martial an EncryptedKey Takes an EncryptedKey object and returns a DOM Element that represents the appropriate EncryptedKey
Element	martial(ReferenceList referenceList) Martial a ReferenceList Takes a ReferenceList object and returns a DOM Element that represents the appropriate ReferenceList
void	registerInternalKeyResolver(KeyResolverSpi keyResolver) This method is used to add a custom KeyResolverSpi to an XMLCipher.
void	setKEK(Key kek) Set a Key Encryption Key.
void	setSecureValidation(boolean secureValidation) Set whether secure validation is enabled or not.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TRIPLEDES

public static final String TRIPLEDES

Triple DES EDE (192 bit key) in CBC mode

See Also:

Constant Field Values

AES_128

public static final String AES_128

AES 128 Cipher

See Also:

Constant Field Values

AES_256

public static final String AES_256

AES 256 Cipher

See Also:

Constant Field Values

AES_192

public static final String AES_192

AES 192 Cipher

See Also:

Constant Field Values

AES_128_GCM

public static final String AES_128_GCM

AES 128 GCM Cipher

See Also:

Constant Field Values

AES_192_GCM

public static final String AES_192_GCM

AES 192 GCM Cipher

See Also:

Constant Field Values

AES_256_GCM

public static final String AES_256_GCM

AES 256 GCM Cipher

See Also:

Constant Field Values

SEED_128

public static final String SEED_128

SEED 128 Cipher

See Also:

Constant Field Values

CAMELLIA_128

public static final String CAMELLIA_128

CAMELLIA 128 Cipher

See Also:

Constant Field Values

CAMELLIA_192

public static final String CAMELLIA_192

CAMELLIA 192 Cipher

See Also:

Constant Field Values

CAMELLIA_256

public static final String CAMELLIA_256

CAMELLIA 256 Cipher

See Also:

Constant Field Values

RSA_v1dot5

public static final String RSA_v1dot5

RSA 1.5 Cipher

See Also:

Constant Field Values

RSA_OAEP

public static final String RSA_OAEP

RSA OAEP Cipher

See Also:

Constant Field Values

RSA_OAEP_11

public static final String RSA_OAEP_11

RSA OAEP Cipher

See Also:

Constant Field Values

DIFFIE_HELLMAN

public static final String DIFFIE_HELLMAN

DIFFIE_HELLMAN Cipher

See Also:

Constant Field Values

TRIPLEDES_KeyWrap

public static final String TRIPLEDES_KeyWrap

Triple DES EDE (192 bit key) in CBC mode KEYWRAP

See Also:

Constant Field Values

AES_128_KeyWrap

public static final String AES_128_KeyWrap

AES 128 Cipher KeyWrap

See Also:

Constant Field Values

AES_256_KeyWrap

public static final String AES_256_KeyWrap

AES 256 Cipher KeyWrap

See Also:

Constant Field Values

AES_192_KeyWrap

public static final String AES_192_KeyWrap

AES 192 Cipher KeyWrap

See Also:

Constant Field Values

CAMELLIA_128_KeyWrap

public static final String CAMELLIA_128_KeyWrap

CAMELLIA 128 Cipher KeyWrap

See Also:

Constant Field Values

CAMELLIA_192_KeyWrap

public static final String CAMELLIA_192_KeyWrap

CAMELLIA 192 Cipher KeyWrap

See Also:

Constant Field Values

CAMELLIA_256_KeyWrap

public static final String CAMELLIA_256_KeyWrap

CAMELLIA 256 Cipher KeyWrap

See Also:

Constant Field Values

SEED_128_KeyWrap

public static final String SEED_128_KeyWrap

SEED 128 Cipher KeyWrap

See Also:

Constant Field Values

SHA1

public static final String SHA1

SHA1 Cipher

See Also:

Constant Field Values

SHA256

public static final String SHA256

SHA256 Cipher

See Also:

Constant Field Values

SHA512

public static final String SHA512

SHA512 Cipher

See Also:

Constant Field Values

RIPEMD_160

public static final String RIPEMD_160

RIPEMD Cipher

See Also:

Constant Field Values

XML_DSIG

public static final String XML_DSIG

XML Signature NS

See Also:

Constant Field Values

N14C_XML

public static final String N14C_XML

N14C_XML

See Also:

Constant Field Values

N14C_XML_WITH_COMMENTS

public static final String N14C_XML_WITH_COMMENTS

N14C_XML with comments

See Also:

Constant Field Values

EXCL_XML_N14C

public static final String EXCL_XML_N14C

N14C_XML exclusive

See Also:

Constant Field Values

EXCL_XML_N14C_WITH_COMMENTS

public static final String EXCL_XML_N14C_WITH_COMMENTS

N14C_XML exclusive with comments

See Also:

Constant Field Values

PHYSICAL_XML_N14C

public static final String PHYSICAL_XML_N14C

N14C_PHYSICAL preserve the physical representation

See Also:

Constant Field Values

BASE64_ENCODING

public static final String BASE64_ENCODING

Base64 encoding

See Also:

Constant Field Values

ENCRYPT_MODE

public static final int ENCRYPT_MODE

ENCRYPT Mode

See Also:

Constant Field Values

DECRYPT_MODE

public static final int DECRYPT_MODE

DECRYPT Mode

See Also:

Constant Field Values

UNWRAP_MODE

public static final int UNWRAP_MODE

UNWRAP Mode

See Also:

Constant Field Values

WRAP_MODE

public static final int WRAP_MODE

WRAP Mode

See Also:

Constant Field Values

Method Detail

getInstance

public static XMLCipher getInstance(String transformation)
                             throws XMLEncryptionException

Returns an XMLCipher that implements the specified transformation and operates on the specified context document.

If the default provider package supplies an implementation of the requested transformation, an instance of Cipher containing that implementation is returned. If the transformation is not available in the default provider package, other provider packages are searched.

NOTE₁: The transformation name does not follow the same pattern as that outlined in the Java Cryptography Extension Reference Guide but rather that specified by the XML Encryption Syntax and Processing document. The rational behind this is to make it easier for a novice at writing Java Encryption software to use the library.

NOTE₂: getInstance() does not follow the same pattern regarding exceptional conditions as that used in javax.crypto.Cipher. Instead, it only throws an XMLEncryptionException which wraps an underlying exception. The stack trace from the exception should be self explanatory.

Parameters:

transformation - the name of the transformation, e.g., XMLCipher.TRIPLEDES which is shorthand for "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"

Returns:

the XMLCipher

Throws:

XMLEncryptionException

See Also:

Cipher.getInstance(java.lang.String)

getInstance

public static XMLCipher getInstance(String transformation,
                                    Serializer serializer)
                             throws XMLEncryptionException

Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified serializer before it encrypts the document.

Parameters:

transformation - the name of the transformation

serializer - A custom Serializer instance

Returns:

the XMLCipher

Throws:

XMLEncryptionException

getInstance

public static XMLCipher getInstance(String transformation,
                                    String canon)
                             throws XMLEncryptionException

Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.

Parameters:

transformation - the name of the transformation

canon - the name of the c14n algorithm, if null use standard serializer

Returns:

the XMLCipher

Throws:

XMLEncryptionException

getInstance

public static XMLCipher getInstance(String transformation,
                                    String canon,
                                    String digestMethod)
                             throws XMLEncryptionException

Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.

Parameters:

transformation - the name of the transformation

canon - the name of the c14n algorithm, if null use standard serializer

digestMethod - An optional digestMethod to use

Returns:

the XMLCipher

Throws:

XMLEncryptionException

getProviderInstance

public static XMLCipher getProviderInstance(String transformation,
                                            String provider)
                                     throws XMLEncryptionException

Returns an XMLCipher that implements the specified transformation and operates on the specified context document.

Parameters:

transformation - the name of the transformation

provider - the JCE provider that supplies the transformation

Returns:

the XMLCipher

Throws:

XMLEncryptionException

getProviderInstance

public static XMLCipher getProviderInstance(String transformation,
                                            String provider,
                                            String canon)
                                     throws XMLEncryptionException

Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.

Parameters:

transformation - the name of the transformation

provider - the JCE provider that supplies the transformation

canon - the name of the c14n algorithm, if null use standard serializer

Returns:

the XMLCipher

Throws:

XMLEncryptionException

getProviderInstance

public static XMLCipher getProviderInstance(String transformation,
                                            String provider,
                                            String canon,
                                            String digestMethod)
                                     throws XMLEncryptionException

Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.

Parameters:

transformation - the name of the transformation

provider - the JCE provider that supplies the transformation

canon - the name of the c14n algorithm, if null use standard serializer

digestMethod - An optional digestMethod to use

Returns:

the XMLCipher

Throws:

XMLEncryptionException

getProviderInstance

public static XMLCipher getProviderInstance(String transformation,
                                            String provider,
                                            Serializer serializer,
                                            String digestMethod)
                                     throws XMLEncryptionException

Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified Serializer before it encrypts the document.

Parameters:

transformation - the name of the transformation

provider - the JCE provider that supplies the transformation

serializer - A custom serializer instance to use

digestMethod - An optional digestMethod to use

Returns:

the XMLCipher

Throws:

XMLEncryptionException

getInstance

public static XMLCipher getInstance()
                             throws XMLEncryptionException

Returns an XMLCipher that implements no specific transformation, and can therefore only be used for decrypt or unwrap operations where the encryption method is defined in the EncryptionMethod element.

Returns:

The XMLCipher

Throws:

XMLEncryptionException

getProviderInstance

public static XMLCipher getProviderInstance(String provider)
                                     throws XMLEncryptionException

Returns an XMLCipher that implements no specific transformation, and can therefore only be used for decrypt or unwrap operations where the encryption method is defined in the EncryptionMethod element. Allows the caller to specify a provider that will be used for cryptographic operations.

Parameters:

provider - the JCE provider that supplies the transformation

Returns:

the XMLCipher

Throws:

XMLEncryptionException

init

public void init(int opmode,
                 Key key)
          throws XMLEncryptionException

Initializes this cipher with a key.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode. For WRAP and ENCRYPT modes, this also initialises the internal EncryptedKey or EncryptedData (with a CipherValue) structure that will be used during the ensuing operations. This can be obtained (in order to modify KeyInfo elements etc. prior to finalising the encryption) by calling getEncryptedData() or getEncryptedKey().

Parameters:

opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)

key -

Throws:

XMLEncryptionException

See Also:

Cipher.init(int, java.security.Key)

setSecureValidation

public void setSecureValidation(boolean secureValidation)

Set whether secure validation is enabled or not. The default is false.

registerInternalKeyResolver

public void registerInternalKeyResolver(KeyResolverSpi keyResolver)

This method is used to add a custom KeyResolverSpi to an XMLCipher. These KeyResolvers are used in KeyInfo objects in DECRYPT and UNWRAP modes.

Parameters:

keyResolver -

getEncryptedData

public EncryptedData getEncryptedData()

Get the EncryptedData being built

Returns the EncryptedData being built during an ENCRYPT operation. This can then be used by applications to add KeyInfo elements and set other parameters.

Returns:

The EncryptedData being built

getEncryptedKey

public EncryptedKey getEncryptedKey()

Get the EncryptedData being build Returns the EncryptedData being built during an ENCRYPT operation. This can then be used by applications to add KeyInfo elements and set other parameters.

Returns:

The EncryptedData being built

setKEK

public void setKEK(Key kek)

Set a Key Encryption Key.

The Key Encryption Key (KEK) is used for encrypting/decrypting EncryptedKey elements. By setting this separately, the XMLCipher class can know whether a key applies to the data part or wrapped key part of an encrypted object.

Parameters:

kek - The key to use for de/encrypting key data

martial

public Element martial(EncryptedData encryptedData)

Martial an EncryptedData Takes an EncryptedData object and returns a DOM Element that represents the appropriate EncryptedData

Note: This should only be used in cases where the context document has been passed in via a call to doFinal.

Parameters:

encryptedData - EncryptedData object to martial

Returns:

the DOM Element representing the passed in object

martial

public Element martial(Document context,
                       EncryptedData encryptedData)

Martial an EncryptedData Takes an EncryptedData object and returns a DOM Element that represents the appropriate EncryptedData

Parameters:

context - The document that will own the returned nodes

encryptedData - EncryptedData object to martial

Returns:

the DOM Element representing the passed in object

martial

public Element martial(EncryptedKey encryptedKey)

Martial an EncryptedKey Takes an EncryptedKey object and returns a DOM Element that represents the appropriate EncryptedKey

Note: This should only be used in cases where the context document has been passed in via a call to doFinal.

Parameters:

encryptedKey - EncryptedKey object to martial

Returns:

the DOM Element representing the passed in object

martial

public Element martial(Document context,
                       EncryptedKey encryptedKey)

Martial an EncryptedKey Takes an EncryptedKey object and returns a DOM Element that represents the appropriate EncryptedKey

Parameters:

context - The document that will own the created nodes

encryptedKey - EncryptedKey object to martial

Returns:

the DOM Element representing the passed in object

martial

public Element martial(ReferenceList referenceList)

Martial a ReferenceList Takes a ReferenceList object and returns a DOM Element that represents the appropriate ReferenceList

Note: This should only be used in cases where the context document has been passed in via a call to doFinal.

Parameters:

referenceList - ReferenceList object to martial

Returns:

the DOM Element representing the passed in object

martial

public Element martial(Document context,
                       ReferenceList referenceList)

Martial a ReferenceList Takes a ReferenceList object and returns a DOM Element that represents the appropriate ReferenceList

Parameters:

context - The document that will own the created nodes

referenceList - ReferenceList object to martial

Returns:

the DOM Element representing the passed in object

doFinal

public Document doFinal(Document context,
                        Document source)
                 throws Exception

Process a DOM Document node. The processing depends on the initialization parameters of init().

Parameters:

context - the context Document.

source - the Document to be encrypted or decrypted.

Returns:

the processed Document.

Throws:

Exception - to indicate any exceptional conditions.

doFinal

public Document doFinal(Document context,
                        Element element)
                 throws Exception

Process a DOM Element node. The processing depends on the initialization parameters of init().

Parameters:

context - the context Document.

element - the Element to be encrypted.

Returns:

the processed Document.

Throws:

Exception - to indicate any exceptional conditions.

doFinal

public Document doFinal(Document context,
                        Element element,
                        boolean content)
                 throws Exception

Process the contents of a DOM Element node. The processing depends on the initialization parameters of init().

Parameters:

context - the context Document.

element - the Element which contents is to be encrypted.

content -

Returns:

the processed Document.

Throws:

Exception - to indicate any exceptional conditions.

encryptData

public EncryptedData encryptData(Document context,
                                 Element element)
                          throws Exception

Returns an EncryptedData interface. Use this operation if you want to have full control over the contents of the EncryptedData structure. This does not change the source document in any way.

Parameters:

context - the context Document.

element - the Element that will be encrypted.

Returns:

the EncryptedData

Throws:

Exception

encryptData

public EncryptedData encryptData(Document context,
                                 String type,
                                 InputStream serializedData)
                          throws Exception

Returns an EncryptedData interface. Use this operation if you want to have full control over the serialization of the element or element content. This does not change the source document in any way.

Parameters:

context - the context Document.

type - a URI identifying type information about the plaintext form of the encrypted content (may be null)

serializedData - the serialized data

Returns:

the EncryptedData

Throws:

Exception

encryptData

public EncryptedData encryptData(Document context,
                                 Element element,
                                 boolean contentMode)
                          throws Exception

Returns an EncryptedData interface. Use this operation if you want to have full control over the contents of the EncryptedData structure. This does not change the source document in any way.

Parameters:

context - the context Document.

element - the Element that will be encrypted.

contentMode - true to encrypt element's content only, false otherwise

Returns:

the EncryptedData

Throws:

Exception

loadEncryptedData

public EncryptedData loadEncryptedData(Document context,
                                       Element element)
                                throws XMLEncryptionException

Returns an EncryptedData interface. Use this operation if you want to load an EncryptedData structure from a DOM structure and manipulate the contents.

Parameters:

context - the context Document.

element - the Element that will be loaded

Returns:

the EncryptedData

Throws:

XMLEncryptionException

loadEncryptedKey

public EncryptedKey loadEncryptedKey(Document context,
                                     Element element)
                              throws XMLEncryptionException

Returns an EncryptedKey interface. Use this operation if you want to load an EncryptedKey structure from a DOM structure and manipulate the contents.

Parameters:

context - the context Document.

element - the Element that will be loaded

Returns:

the EncryptedKey

Throws:

XMLEncryptionException

loadEncryptedKey

public EncryptedKey loadEncryptedKey(Element element)
                              throws XMLEncryptionException

Returns an EncryptedKey interface. Use this operation if you want to load an EncryptedKey structure from a DOM structure and manipulate the contents. Assumes that the context document is the document that owns the element

Parameters:

element - the Element that will be loaded

Returns:

the EncryptedKey

Throws:

XMLEncryptionException

encryptKey

public EncryptedKey encryptKey(Document doc,
                               Key key)
                        throws XMLEncryptionException

Encrypts a key to an EncryptedKey structure

Parameters:

doc - the Context document that will be used to general DOM

key - Key to encrypt (will use previously set KEK to perform encryption

Returns:

the EncryptedKey

Throws:

XMLEncryptionException

encryptKey

public EncryptedKey encryptKey(Document doc,
                               Key key,
                               String mgfAlgorithm,
                               byte[] oaepParams)
                        throws XMLEncryptionException

Encrypts a key to an EncryptedKey structure

Parameters:

doc - the Context document that will be used to general DOM

key - Key to encrypt (will use previously set KEK to perform encryption

mgfAlgorithm - The xenc11 MGF Algorithm to use

oaepParams - The OAEPParams to use

Returns:

the EncryptedKey

Throws:

XMLEncryptionException

encryptKey

public EncryptedKey encryptKey(Document doc,
                               Key key,
                               String mgfAlgorithm,
                               byte[] oaepParams,
                               SecureRandom random)
                        throws XMLEncryptionException

Encrypts a key to an EncryptedKey structure

Parameters:

doc - the Context document that will be used to general DOM

key - Key to encrypt (will use previously set KEK to perform encryption

mgfAlgorithm - The xenc11 MGF Algorithm to use

oaepParams - The OAEPParams to use

random - The SecureRandom instance to use when initializing the Cipher

Returns:

the EncryptedKey

Throws:

XMLEncryptionException

decryptKey

public Key decryptKey(EncryptedKey encryptedKey,
                      String algorithm)
               throws XMLEncryptionException

Decrypt a key from a passed in EncryptedKey structure

Parameters:

encryptedKey - Previously loaded EncryptedKey that needs to be decrypted.

algorithm - Algorithm for the decrypted key

Returns:

a key corresponding to the given type

Throws:

XMLEncryptionException

decryptKey

public Key decryptKey(EncryptedKey encryptedKey)
               throws XMLEncryptionException

Decrypt a key from a passed in EncryptedKey structure. This version is used mainly internally, when the cipher already has an EncryptedData loaded. The algorithm URI will be read from the EncryptedData

Parameters:

encryptedKey - Previously loaded EncryptedKey that needs to be decrypted.

Returns:

a key corresponding to the given type

Throws:

XMLEncryptionException

decryptToByteArray

public byte[] decryptToByteArray(Element element)
                          throws XMLEncryptionException

Decrypt an EncryptedData element to a byte array. When passed in an EncryptedData node, returns the decryption as a byte array. Does not modify the source document.

Parameters:

element -

Returns:

the bytes resulting from the decryption

Throws:

XMLEncryptionException

createEncryptedData

public EncryptedData createEncryptedData(int type,
                                         String value)
                                  throws XMLEncryptionException

Creates an EncryptedData Element. The newEncryptedData and newEncryptedKey methods create fairly complete elements that are immediately useable. All the other create* methods return bare elements that still need to be built upon.

An EncryptionMethod will still need to be added however

Parameters:

type - Either REFERENCE_TYPE or VALUE_TYPE - defines what kind of CipherData this EncryptedData will contain.

value - the Base 64 encoded, encrypted text to wrap in the EncryptedData or the URI to set in the CipherReference (usage will depend on the type

Returns:

the EncryptedData Element.

Throws:

XMLEncryptionException

createEncryptedKey

public EncryptedKey createEncryptedKey(int type,
                                       String value)
                                throws XMLEncryptionException

Creates an EncryptedKey Element. The newEncryptedData and newEncryptedKey methods create fairly complete elements that are immediately useable. All the other create* methods return bare elements that still need to be built upon.

An EncryptionMethod will still need to be added however

Parameters:

type - Either REFERENCE_TYPE or VALUE_TYPE - defines what kind of CipherData this EncryptedData will contain.

value - the Base 64 encoded, encrypted text to wrap in the EncryptedKey or the URI to set in the CipherReference (usage will depend on the type

Returns:

the EncryptedKey Element.

Throws:

XMLEncryptionException

createAgreementMethod

public AgreementMethod createAgreementMethod(String algorithm)

Create an AgreementMethod object

Parameters:

algorithm - Algorithm of the agreement method

Returns:

a new AgreementMethod

createCipherData

public CipherData createCipherData(int type)

Create a CipherData object

Parameters:

type - Type of this CipherData (either VALUE_TUPE or REFERENCE_TYPE)

Returns:

a new CipherData

createCipherReference

public CipherReference createCipherReference(String uri)

Create a CipherReference object

Parameters:

uri - The URI that the reference will refer

Returns:

a new CipherReference

createCipherValue

public CipherValue createCipherValue(String value)

Create a CipherValue element

Parameters:

value - The value to set the ciphertext to

Returns:

a new CipherValue

createEncryptionMethod

public EncryptionMethod createEncryptionMethod(String algorithm)

Create an EncryptionMethod object

Parameters:

algorithm - Algorithm for the encryption

Returns:

a new EncryptionMethod

createEncryptionProperties

public EncryptionProperties createEncryptionProperties()

Create an EncryptionProperties element

Returns:

a new EncryptionProperties

createEncryptionProperty

public EncryptionProperty createEncryptionProperty()

Create a new EncryptionProperty element

Returns:

a new EncryptionProperty

createReferenceList

public ReferenceList createReferenceList(int type)

Create a new ReferenceList object

Parameters:

type - ReferenceList.DATA_REFERENCE or ReferenceList.KEY_REFERENCE

Returns:

a new ReferenceList

createTransforms

public Transforms createTransforms()

Create a new Transforms object

Note: A context document must have been set elsewhere (possibly via a call to doFinal). If not, use the createTransforms(Document) method.

Returns:

a new Transforms

createTransforms

public Transforms createTransforms(Document doc)

Create a new Transforms object Because the handling of Transforms is currently done in the signature code, the creation of a Transforms object requires a context document.

Parameters:

doc - Document that will own the created Transforms node

Returns:

a new Transforms