Santuario-java (Stax) <KeyInfo> extraction

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Santuario-java (Stax) <KeyInfo> extraction

sitchennam

Hi,

 

In processing an XML encrypted file, I have to extract the <keyInfo> within the <EncryptedKey>.

The purpose is to retrieve the corresponding PrivateKey in our keystore, then used to decrypt the file.

Besides using XMLStreamReader to parse it manually, is there any facility in Santuario-Java (Stax) API to do it?

Or put it in another way, how can I instantiate a KeyInfo object from the corresponding <KeyInfo> element by Santuario-Java API .

Any code example in this domain in the Junit tests ?

 

Thanks.

Reply | Threaded
Open this post in threaded view
|

Re: Santuario-java (Stax) <KeyInfo> extraction

Marc Giger
Hi Chen,

Not directly possible ATM, but what you can do is to provide
your own SecurityTokenFactoryImpl via configuration:

Have a look at the default security-config.xml, there you
can register your own SecurityTokenFactoryImpl. Then
call Init.init(URL config) whereby config points to
your new security-config.xml. That should work in theory...

Marc



On Tue, 23 Feb 2016 14:58:34 +0000
Chen Nam Sit <[hidden email]> wrote:

> Hi,
>
> In processing an XML encrypted file, I have to extract the <keyInfo>
> within the <EncryptedKey>. The purpose is to retrieve the
> corresponding PrivateKey in our keystore, then used to decrypt the
> file. Besides using XMLStreamReader to parse it manually, is there
> any facility in Santuario-Java (Stax) API to do it? Or put it in
> another way, how can I instantiate a KeyInfo object from the
> corresponding <KeyInfo> element by Santuario-Java API . Any code
> example in this domain in the Junit tests ?
>
> Thanks.

Reply | Threaded
Open this post in threaded view
|

Re: Santuario-java (Stax) <KeyInfo> extraction

Marc Giger
Hi Chen,

As far as I know there is no such test in santuario but I may be wrong.
Please have a look at the tests yourself to see if there is one.

Secondly,
http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#sec-eg-EncryptedKey
should answer your question regarding mulitple recipients. A
separate EncyptedKey structure with a distinct CarriedKeyName for each
recipient should be used. Also the xml-enc.xsd schema doesn't allow
to have more than one KeyInfo element under EncryptedKey.

Hope that helps,

Marc



On Fri, 26 Feb 2016 13:16:40 +0000
Chen Nam Sit <[hidden email]> wrote:

> Hi Marc,
>
> Thanks for the reply.
>
> Another question, I have to support multiple <KeyInfo> on recipient
> side.
>
> As Santuario-Java (Stax) does not support multiple recipients (as for
> v2.0.6), Is there any Junit in the current Santuario-Java (DOM or
> Stax)  test cases  producing a multiple recipients encrypted keys ?
> If not, what is the XML structure
> - Multiple KeyInfo under a single EncryptedKey , or
> - Multiple EncyptedKey, each with a single KeyInfo ?
>
> I read the W3C RFC, but can't get a clean picture,
>
>
> <EncryptedData>
> .....
>   <EncryptedKey>
> ....
>          <KeyInfo> ... </KeyInfo>
>          <KeyInfo> ... </KeyInfo>
> ....
>   </EncryptedKey>
> ....
> </EncryptedData>
>
>
> Or
>
>
>   <EncryptedKey>
> ....
>          <KeyInfo> ... </KeyInfo>
> ....
>   </EncryptedKey>
>
> ....
>
>   <EncryptedKey>
> ....
>          <KeyInfo> ... </KeyInfo>
> ....
>   </EncryptedKey>
>
>
> -----Original Message-----
> From: Marc Giger [mailto:[hidden email]]
> Sent: 25 February 2016 19:07
> To: [hidden email]
> Cc: Chen Nam Sit
> Subject: Re: Santuario-java (Stax) <KeyInfo> extraction
>
> Hi Chen,
>
> Not directly possible ATM, but what you can do is to provide your own
> SecurityTokenFactoryImpl via configuration:
>
> Have a look at the default security-config.xml, there you can
> register your own SecurityTokenFactoryImpl. Then call Init.init(URL
> config) whereby config points to your new security-config.xml. That
> should work in theory...
>
> Marc
>
>
>
> On Tue, 23 Feb 2016 14:58:34 +0000
> Chen Nam Sit <[hidden email]> wrote:
>
> > Hi,
> >
> > In processing an XML encrypted file, I have to extract the
> > <keyInfo> within the <EncryptedKey>. The purpose is to retrieve the
> > corresponding PrivateKey in our keystore, then used to decrypt the
> > file. Besides using XMLStreamReader to parse it manually, is there
> > any facility in Santuario-Java (Stax) API to do it? Or put it in
> > another way, how can I instantiate a KeyInfo object from the
> > corresponding <KeyInfo> element by Santuario-Java API . Any code
> > example in this domain in the Junit tests ?
> >
> > Thanks.
>