FileDocCategorySizeDatePackage
XMLCipher.javaAPI DocJava SE 6 API149492Tue Jun 10 00:23:02 BST 2008com.sun.org.apache.xml.internal.security.encryption

XMLCipher

public class XMLCipher extends Object
XMLCipher encrypts and decrypts the contents of Documents, Elements and Element contents. It was designed to resemble javax.crypto.Cipher in order to facilitate understanding of its functioning.
author
Axl Mattheus (Sun Microsystems)
author
Christian Geuer-Pollmann

Fields Summary
private static Logger
logger
public static final String
TRIPLEDES
Triple DES EDE (192 bit key) in CBC mode
public static final String
AES_128
AES 128 Cipher
public static final String
AES_256
AES 256 Cipher
public static final String
AES_192
AES 192 Cipher
public static final String
RSA_v1dot5
RSA 1.5 Cipher
public static final String
RSA_OAEP
RSA OAEP Cipher
public static final String
DIFFIE_HELLMAN
DIFFIE_HELLMAN Cipher
public static final String
TRIPLEDES_KeyWrap
Triple DES EDE (192 bit key) in CBC mode KEYWRAP
public static final String
AES_128_KeyWrap
AES 128 Cipher KeyWrap
public static final String
AES_256_KeyWrap
AES 256 Cipher KeyWrap
public static final String
AES_192_KeyWrap
AES 192 Cipher KeyWrap
public static final String
SHA1
SHA1 Cipher
public static final String
SHA256
SHA256 Cipher
public static final String
SHA512
SHA512 Cipher
public static final String
RIPEMD_160
RIPEMD Cipher
public static final String
XML_DSIG
XML Signature NS
public static final String
N14C_XML
N14C_XML
public static final String
N14C_XML_WITH_COMMENTS
N14C_XML with comments
public static final String
EXCL_XML_N14C
N14C_XML excluisve
public static final String
EXCL_XML_N14C_WITH_COMMENTS
N14C_XML exclusive with commetns
public static final String
BASE64_ENCODING
Base64 encoding
public static final int
ENCRYPT_MODE
ENCRYPT Mode
public static final int
DECRYPT_MODE
DECRYPT Mode
public static final int
UNWRAP_MODE
UNWRAP Mode
public static final int
WRAP_MODE
WRAP Mode
private static final String
ENC_ALGORITHMS
private Cipher
_contextCipher
Cipher created during initialisation that is used for encryption
private int
_cipherMode
Mode that the XMLCipher object is operating in
private String
_algorithm
URI of algorithm that is being used for cryptographic operation
private String
_requestedJCEProvider
Cryptographic provider requested by caller
private Canonicalizer
_canon
Holds c14n to serialize, if initialized then _always_ use this c14n to serialize
private Document
_contextDocument
Used for creation of DOM nodes in WRAP and ENCRYPT modes
private Factory
_factory
Instance of factory used to create XML Encryption objects
private Serializer
_serializer
Internal serializer class for going to/from UTF-8
private Key
_key
Local copy of user's key
private Key
_kek
Local copy of the kek (used to decrypt EncryptedKeys during a DECRYPT_MODE operation
private EncryptedKey
_ek
private EncryptedData
_ed
Constructors Summary
private XMLCipher()
Creates a new XMLCipher.

since
1.0.


               
      
        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Constructing XMLCipher...");

        _factory = new Factory();
        _serializer = new Serializer();

    
Methods Summary
public com.sun.org.apache.xml.internal.security.encryption.AgreementMethodcreateAgreementMethod(java.lang.String algorithm)
Create an AgreementMethod object

param
algorithm Algorithm of the agreement method
return

		return (_factory.newAgreementMethod(algorithm));
	
public com.sun.org.apache.xml.internal.security.encryption.CipherDatacreateCipherData(int type)
Create a CipherData object

param
type Type of this CipherData (either VALUE_TUPE or REFERENCE_TYPE)
return

		return (_factory.newCipherData(type));
	
public com.sun.org.apache.xml.internal.security.encryption.CipherReferencecreateCipherReference(java.lang.String uri)
Create a CipherReference object

return
param
uri The URI that the reference will refer

		return (_factory.newCipherReference(uri));
	
public com.sun.org.apache.xml.internal.security.encryption.CipherValuecreateCipherValue(java.lang.String value)
Create a CipherValue element

param
value The value to set the ciphertext to
return

		return (_factory.newCipherValue(value));
	
public com.sun.org.apache.xml.internal.security.encryption.EncryptedDatacreateEncryptedData(int type, java.lang.String value)
Creates an EncryptedData Element. The newEncryptedData and newEncryptedKey methods create fairly complete elements that are immediately useable. All the other create* methods return bare elements that still need to be built upon.

An EncryptionMethod will still need to be added however

param
type Either REFERENCE_TYPE or VALUE_TYPE - defines what kind of CipherData this EncryptedData will contain.
param
value the Base 64 encoded, encrypted text to wrap in the EncryptedData or the URI to set in the CipherReference (usage will depend on the type
return
the EncryptedData Element.
throws
XMLEncryptionException

        EncryptedData result = null;
        CipherData data = null;

        switch (type) {
            case CipherData.REFERENCE_TYPE:
                CipherReference cipherReference = _factory.newCipherReference(
                    value);
                data = _factory.newCipherData(type);
                data.setCipherReference(cipherReference);
                result = _factory.newEncryptedData(data);
				break;
            case CipherData.VALUE_TYPE:
                CipherValue cipherValue = _factory.newCipherValue(value);
                data = _factory.newCipherData(type);
                data.setCipherValue(cipherValue);
                result = _factory.newEncryptedData(data);
        }

        return (result);
    
public com.sun.org.apache.xml.internal.security.encryption.EncryptedKeycreateEncryptedKey(int type, java.lang.String value)
Creates an EncryptedKey Element. The newEncryptedData and newEncryptedKey methods create fairly complete elements that are immediately useable. All the other create* methods return bare elements that still need to be built upon.

An EncryptionMethod will still need to be added however

param
type Either REFERENCE_TYPE or VALUE_TYPE - defines what kind of CipherData this EncryptedData will contain.
param
value the Base 64 encoded, encrypted text to wrap in the EncryptedKey or the URI to set in the CipherReference (usage will depend on the type
return
the EncryptedKey Element.
throws
XMLEncryptionException

        EncryptedKey result = null;
        CipherData data = null;

        switch (type) {
            case CipherData.REFERENCE_TYPE:
                CipherReference cipherReference = _factory.newCipherReference(
                    value);
                data = _factory.newCipherData(type);
                data.setCipherReference(cipherReference);
                result = _factory.newEncryptedKey(data);
				break;
            case CipherData.VALUE_TYPE:
                CipherValue cipherValue = _factory.newCipherValue(value);
                data = _factory.newCipherData(type);
                data.setCipherValue(cipherValue);
                result = _factory.newEncryptedKey(data);
        }

        return (result);
    
public com.sun.org.apache.xml.internal.security.encryption.EncryptionMethodcreateEncryptionMethod(java.lang.String algorithm)
Create an EncryptedMethod object

param
algorithm Algorithm for the encryption
return

		return (_factory.newEncryptionMethod(algorithm));
	
public com.sun.org.apache.xml.internal.security.encryption.EncryptionPropertiescreateEncryptionProperties()
Create an EncryptedProperties element

return

		return (_factory.newEncryptionProperties());
	
public com.sun.org.apache.xml.internal.security.encryption.EncryptionPropertycreateEncryptionProperty()
Create a new EncryptionProperty element

return

		return (_factory.newEncryptionProperty());
	
public com.sun.org.apache.xml.internal.security.encryption.ReferenceListcreateReferenceList(int type)
Create a new ReferenceList object

return
param
type

		return (_factory.newReferenceList(type));
	
public com.sun.org.apache.xml.internal.security.encryption.TransformscreateTransforms()
Create a new Transforms object

Note: A context document must have been set elsewhere (possibly via a call to doFinal). If not, use the createTransforms(Document) method.

return

		return (_factory.newTransforms());
	
public com.sun.org.apache.xml.internal.security.encryption.TransformscreateTransforms(org.w3c.dom.Document doc)
Create a new Transforms object Because the handling of Transforms is currently done in the signature code, the creation of a Transforms object requires a context document.

param
doc Document that will own the created Transforms node
return

		return (_factory.newTransforms(doc));
	
private org.w3c.dom.DocumentdecryptElement(org.w3c.dom.Element element)
Decrypts EncryptedData in a single-part operation.

param
element the EncryptedData to decrypt.
return
the Node as a result of the decrypt operation.
throws
XMLEncryptionException


        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Decrypting element...");

        if(_cipherMode != DECRYPT_MODE)
            logger.log(java.util.logging.Level.SEVERE, "XMLCipher unexpectedly not in DECRYPT_MODE...");

		String octets;
		try {
			octets = new String(decryptToByteArray(element), "UTF-8");
		} catch (UnsupportedEncodingException uee) {
			throw new XMLEncryptionException("empty", uee);
		}


        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Decrypted octets:\n" + octets);

        Node sourceParent =  element.getParentNode();

        DocumentFragment decryptedFragment = 
			_serializer.deserialize(octets, sourceParent);


		// The de-serialiser returns a fragment whose children we need to
		// take on.

		if (sourceParent instanceof Document) {
			
		    // If this is a content decryption, this may have problems

		    _contextDocument.removeChild(_contextDocument.getDocumentElement());
		    _contextDocument.appendChild(decryptedFragment);
		}
		else {
		    sourceParent.replaceChild(decryptedFragment, element);

		}

        return (_contextDocument);
    
private org.w3c.dom.DocumentdecryptElementContent(org.w3c.dom.Element element)

param
element
return
throws
XMLEncryptionException

    	Element e = (Element) element.getElementsByTagNameNS(
    		EncryptionConstants.EncryptionSpecNS, 
    		EncryptionConstants._TAG_ENCRYPTEDDATA).item(0);
    	
    	if (null == e) {
    		throw new XMLEncryptionException("No EncryptedData child element.");
    	}
    	
    	return (decryptElement(e));
    
public java.security.KeydecryptKey(com.sun.org.apache.xml.internal.security.encryption.EncryptedKey encryptedKey, java.lang.String algorithm)
Decrypt a key from a passed in EncryptedKey structure

param
encryptedKey Previously loaded EncryptedKey that needs to be decrypted.
param
algorithm Algorithm for the decryption
return
a key corresponding to the give type
throws
XMLEncryptionException


        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Decrypting key from previously loaded EncryptedKey...");

        if(_cipherMode != UNWRAP_MODE)
            if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in UNWRAP_MODE...");

		if (algorithm == null) {
			throw new XMLEncryptionException("Cannot decrypt a key without knowing the algorithm");
		}

		if (_key == null) {

			if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Trying to find a KEK via key resolvers");

			KeyInfo ki = encryptedKey.getKeyInfo();
			if (ki != null) {
				try {
					_key = ki.getSecretKey();
				}
				catch (Exception e) {
				}
			}
			if (_key == null) {
				logger.log(java.util.logging.Level.SEVERE, "XMLCipher::decryptKey called without a KEK and cannot resolve");
				throw new XMLEncryptionException("Unable to decrypt without a KEK");
			}
		}

		// Obtain the encrypted octets 
		XMLCipherInput cipherInput = new XMLCipherInput(encryptedKey);
		byte [] encryptedBytes = cipherInput.getBytes();

		String jceKeyAlgorithm =
			JCEMapper.getJCEKeyAlgorithmFromURI(algorithm);

		Cipher c;
		if (_contextCipher == null) {
			// Now create the working cipher

			String jceAlgorithm =
				JCEMapper.translateURItoJCEID(
					encryptedKey.getEncryptionMethod().getAlgorithm());

			if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "JCE Algorithm = " + jceAlgorithm);

			try {
                            if (_requestedJCEProvider == null)
				c = Cipher.getInstance(jceAlgorithm);
                            else
                                c = Cipher.getInstance(jceAlgorithm, _requestedJCEProvider);
			} catch (NoSuchAlgorithmException nsae) {
				throw new XMLEncryptionException("empty", nsae);
			} catch (NoSuchProviderException nspre) {
				throw new XMLEncryptionException("empty", nspre);
			} catch (NoSuchPaddingException nspae) {
				throw new XMLEncryptionException("empty", nspae);
			}
		} else {
			c = _contextCipher;
		}

		Key ret;

		try {		
			c.init(Cipher.UNWRAP_MODE, _key);
			ret = c.unwrap(encryptedBytes, jceKeyAlgorithm, Cipher.SECRET_KEY);
			
		} catch (InvalidKeyException ike) {
			throw new XMLEncryptionException("empty", ike);
		} catch (NoSuchAlgorithmException nsae) {
			throw new XMLEncryptionException("empty", nsae);
		}

		if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Decryption of key type " + algorithm + " OK");

		return ret;

    
public java.security.KeydecryptKey(com.sun.org.apache.xml.internal.security.encryption.EncryptedKey encryptedKey)
Decrypt a key from a passed in EncryptedKey structure. This version is used mainly internally, when the cipher already has an EncryptedData loaded. The algorithm URI will be read from the EncryptedData

param
encryptedKey Previously loaded EncryptedKey that needs to be decrypted.
return
a key corresponding to the give type
throws
XMLEncryptionException


		return decryptKey(encryptedKey, _ed.getEncryptionMethod().getAlgorithm());

	
public byte[]decryptToByteArray(org.w3c.dom.Element element)
Decrypt an EncryptedData element to a byte array When passed in an EncryptedData node, returns the decryption as a byte array. Does not modify the source document

param
element
return
throws
XMLEncryptionException

		
        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Decrypting to ByteArray...");

        if(_cipherMode != DECRYPT_MODE)
            logger.log(java.util.logging.Level.SEVERE, "XMLCipher unexpectedly not in DECRYPT_MODE...");

        EncryptedData encryptedData = _factory.newEncryptedData(element);

		if (_key == null) {

			KeyInfo ki = encryptedData.getKeyInfo();

			if (ki != null) {
				try {
					// Add a EncryptedKey resolver
					ki.registerInternalKeyResolver(
			             new EncryptedKeyResolver(encryptedData.
												  getEncryptionMethod().
												  getAlgorithm(), 
												  _kek));
					_key = ki.getSecretKey();
				} catch (KeyResolverException kre) {
					// We will throw in a second...
				}
			}

			if (_key == null) {
				logger.log(java.util.logging.Level.SEVERE, "XMLCipher::decryptElement called without a key and unable to resolve");

				throw new XMLEncryptionException("encryption.nokey");
			}
		}

		// Obtain the encrypted octets 
		XMLCipherInput cipherInput = new XMLCipherInput(encryptedData);
		byte [] encryptedBytes = cipherInput.getBytes();

		// Now create the working cipher

		String jceAlgorithm = 
			JCEMapper.translateURItoJCEID(encryptedData.getEncryptionMethod().getAlgorithm());

		Cipher c;
		try {
                    if (_requestedJCEProvider == null)
			c = Cipher.getInstance(jceAlgorithm);
                    else
                        c = Cipher.getInstance(jceAlgorithm, _requestedJCEProvider);
		} catch (NoSuchAlgorithmException nsae) {
			throw new XMLEncryptionException("empty", nsae);
		} catch (NoSuchProviderException nspre) {
			throw new XMLEncryptionException("empty", nspre);
		} catch (NoSuchPaddingException nspae) {
			throw new XMLEncryptionException("empty", nspae);
		}

		// Calculate the IV length and copy out

		// For now, we only work with Block ciphers, so this will work.
		// This should probably be put into the JCE mapper.

		int ivLen = c.getBlockSize();
		byte[] ivBytes = new byte[ivLen];

		// You may be able to pass the entire piece in to IvParameterSpec
		// and it will only take the first x bytes, but no way to be certain
		// that this will work for every JCE provider, so lets copy the
		// necessary bytes into a dedicated array.

		System.arraycopy(encryptedBytes, 0, ivBytes, 0, ivLen);
		IvParameterSpec iv = new IvParameterSpec(ivBytes);		
		
		try {
			c.init(_cipherMode, _key, iv);
		} catch (InvalidKeyException ike) {
			throw new XMLEncryptionException("empty", ike);
		} catch (InvalidAlgorithmParameterException iape) {
			throw new XMLEncryptionException("empty", iape);
		}

		byte[] plainBytes;

        try {
            plainBytes = c.doFinal(encryptedBytes, 
								   ivLen, 
								   encryptedBytes.length - ivLen);

        } catch (IllegalBlockSizeException ibse) {
            throw new XMLEncryptionException("empty", ibse);
        } catch (BadPaddingException bpe) {
            throw new XMLEncryptionException("empty", bpe);
        }
		
        return (plainBytes);
    
public org.w3c.dom.DocumentdoFinal(org.w3c.dom.Document context, org.w3c.dom.Document source)
Process a DOM Document node. The processing depends on the initialization parameters of {@link #init(int, Key) init()}.

param
context the context Document.
param
source the Document to be encrypted or decrypted.
return
the processed Document.
throws
Exception to indicate any exceptional conditions.

        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Processing source document...");
        if(null == context)
            logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
        if(null == source)
            logger.log(java.util.logging.Level.SEVERE, "Source document unexpectedly null...");

        _contextDocument = context;

        Document result = null;

        switch (_cipherMode) {
        case DECRYPT_MODE:
            result = decryptElement(source.getDocumentElement());
            break;
        case ENCRYPT_MODE:
            result = encryptElement(source.getDocumentElement());
            break;
        case UNWRAP_MODE:
            break;
        case WRAP_MODE:
            break;
        default:
            throw new XMLEncryptionException(
                "empty", new IllegalStateException());
        }

        return (result);
    
public org.w3c.dom.DocumentdoFinal(org.w3c.dom.Document context, org.w3c.dom.Element element)
Process a DOM Element node. The processing depends on the initialization parameters of {@link #init(int, Key) init()}.

param
context the context Document.
param
element the Element to be encrypted.
return
the processed Document.
throws
Exception to indicate any exceptional conditions.

        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Processing source element...");
        if(null == context)
            logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
        if(null == element)
            logger.log(java.util.logging.Level.SEVERE, "Source element unexpectedly null...");

        _contextDocument = context;

        Document result = null;

        switch (_cipherMode) {
        case DECRYPT_MODE:
            result = decryptElement(element);
            break;
        case ENCRYPT_MODE:
            result = encryptElement(element);
            break;
        case UNWRAP_MODE:
            break;
        case WRAP_MODE:
            break;
        default:
            throw new XMLEncryptionException(
                "empty", new IllegalStateException());
        }

        return (result);
    
public org.w3c.dom.DocumentdoFinal(org.w3c.dom.Document context, org.w3c.dom.Element element, boolean content)
Process the contents of a DOM Element node. The processing depends on the initialization parameters of {@link #init(int, Key) init()}.

param
context the context Document.
param
element the Element which contents is to be encrypted.
param
content
return
the processed Document.
throws
Exception to indicate any exceptional conditions.

        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Processing source element...");
        if(null == context)
            logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
        if(null == element)
            logger.log(java.util.logging.Level.SEVERE, "Source element unexpectedly null...");

        _contextDocument = context;

        Document result = null;

        switch (_cipherMode) {
        case DECRYPT_MODE:
            if (content) {
                result = decryptElementContent(element);
            } else {
                result = decryptElement(element);
            }
            break;
        case ENCRYPT_MODE:
            if (content) {
                result = encryptElementContent(element);
            } else {
                result = encryptElement(element);
            }
            break;
        case UNWRAP_MODE:
            break;
        case WRAP_MODE:
            break;
        default:
            throw new XMLEncryptionException(
                "empty", new IllegalStateException());
        }

        return (result);
    
public com.sun.org.apache.xml.internal.security.encryption.EncryptedDataencryptData(org.w3c.dom.Document context, org.w3c.dom.Element element)
Returns an EncryptedData interface. Use this operation if you want to have full control over the contents of the EncryptedData structure. this does not change the source document in any way.

param
context the context Document.
param
element the Element that will be encrypted.
return
the EncryptedData
throws
Exception

	return encryptData(context, element, false);
    
public com.sun.org.apache.xml.internal.security.encryption.EncryptedDataencryptData(org.w3c.dom.Document context, org.w3c.dom.Element element, boolean contentMode)
Returns an EncryptedData interface. Use this operation if you want to have full control over the contents of the EncryptedData structure. this does not change the source document in any way.

param
context the context Document.
param
element the Element that will be encrypted.
param
contentMode true to encrypt element's content only, false otherwise
return
the EncryptedData
throws
Exception

		if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Encrypting element...");
		if (null == context)
			logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
		if (null == element)
			logger.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
		if (_cipherMode != ENCRYPT_MODE)
			if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");

		_contextDocument = context;

		if (_algorithm == null) {
			throw new XMLEncryptionException("XMLCipher instance without transformation specified");
		}

		String serializedOctets = null;
		if (contentMode) {
			NodeList children = element.getChildNodes();
			if ((null != children)) {
				serializedOctets = _serializer.serialize(children);
			} else {
				Object exArgs[] = { "Element has no content." };
				throw new XMLEncryptionException("empty", exArgs);
			}
		} else {
			serializedOctets = _serializer.serialize(element);
		}
		if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Serialized octets:\n" + serializedOctets);

        byte[] encryptedBytes = null;

		// Now create the working cipher if none was created already
		Cipher c;
		if (_contextCipher == null) {
			String jceAlgorithm =
				JCEMapper.translateURItoJCEID(_algorithm);

			if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "alg = " + jceAlgorithm);

			try {
                            if (_requestedJCEProvider == null)
				c = Cipher.getInstance(jceAlgorithm);
                            else
                                c = Cipher.getInstance(jceAlgorithm, _requestedJCEProvider);
			} catch (NoSuchAlgorithmException nsae) {
				throw new XMLEncryptionException("empty", nsae);
			} catch (NoSuchProviderException nspre) {
				throw new XMLEncryptionException("empty", nspre);
			} catch (NoSuchPaddingException nspae) {
				throw new XMLEncryptionException("empty", nspae);
			}
		}
		else {
			c = _contextCipher;
		}
		// Now perform the encryption

		try {
			// Should internally generate an IV
			// todo - allow user to set an IV
			c.init(_cipherMode, _key);
		} catch (InvalidKeyException ike) {
			throw new XMLEncryptionException("empty", ike);
		}

        try {
            encryptedBytes =
                c.doFinal(serializedOctets.getBytes("UTF-8"));

            if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Expected cipher.outputSize = " +
                Integer.toString(c.getOutputSize(
                    serializedOctets.getBytes().length)));
            if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Actual cipher.outputSize = " +
                Integer.toString(encryptedBytes.length));
        } catch (IllegalStateException ise) {
            throw new XMLEncryptionException("empty", ise);
        } catch (IllegalBlockSizeException ibse) {
            throw new XMLEncryptionException("empty", ibse);
        } catch (BadPaddingException bpe) {
            throw new XMLEncryptionException("empty", bpe);
        } catch (UnsupportedEncodingException uee) {
		   	throw new XMLEncryptionException("empty", uee);
		}

		// Now build up to a properly XML Encryption encoded octet stream
		// IvParameterSpec iv;

		byte[] iv = c.getIV();
		byte[] finalEncryptedBytes = 
			new byte[iv.length + encryptedBytes.length];
		System.arraycopy(iv, 0, finalEncryptedBytes, 0,
						 iv.length);
		System.arraycopy(encryptedBytes, 0, finalEncryptedBytes, 
						 iv.length,
						 encryptedBytes.length);

        String base64EncodedEncryptedOctets = Base64.encode(finalEncryptedBytes);

        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Encrypted octets:\n" + base64EncodedEncryptedOctets);
        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Encrypted octets length = " +
            base64EncodedEncryptedOctets.length());

		try {
			CipherData cd = _ed.getCipherData();
			CipherValue cv = cd.getCipherValue();
			// cv.setValue(base64EncodedEncryptedOctets.getBytes());
			cv.setValue(base64EncodedEncryptedOctets);

			if (contentMode) {
				_ed.setType(
					new URI(EncryptionConstants.TYPE_CONTENT).toString());
			} else {
				_ed.setType(
					new URI(EncryptionConstants.TYPE_ELEMENT).toString());
			}
			EncryptionMethod method =
				_factory.newEncryptionMethod(new URI(_algorithm).toString());
			_ed.setEncryptionMethod(method);
		} catch (URI.MalformedURIException mfue) {
			throw new XMLEncryptionException("empty", mfue);
		}
        return (_ed);
    
public com.sun.org.apache.xml.internal.security.encryption.EncryptedDataencryptData(org.w3c.dom.Document context, byte[] serializedOctets, boolean contentMode)

        logger.log(java.util.logging.Level.FINE, "Encrypting element...");
        if (null == context)
            logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
        if (null == serializedOctets)
            logger.log(java.util.logging.Level.SEVERE, "Canonicalized Data is unexpectedly null...");
        if (_cipherMode != ENCRYPT_MODE)
            logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
        
        _contextDocument = context;
        
        if (_algorithm == null) {
            throw new XMLEncryptionException("XMLCipher instance without transformation specified");
        }
        
       
        logger.log(java.util.logging.Level.FINE, "Serialized octets:\n" + serializedOctets);
        
        byte[] encryptedBytes = null;
        
        // Now create the working cipher if none was created already
        Cipher c;
        if (_contextCipher == null) {
            String jceAlgorithm =
                    JCEMapper.translateURItoJCEID(_algorithm);
            
            logger.log(java.util.logging.Level.FINE, "alg = " + jceAlgorithm);
            
            try {
                if (_requestedJCEProvider == null)
                    c = Cipher.getInstance(jceAlgorithm);
                else
                    c = Cipher.getInstance(jceAlgorithm, _requestedJCEProvider);
            } catch (NoSuchAlgorithmException nsae) {
                throw new XMLEncryptionException("empty", nsae);
            } catch (NoSuchProviderException nspre) {
                throw new XMLEncryptionException("empty", nspre);
            } catch (NoSuchPaddingException nspae) {
                throw new XMLEncryptionException("empty", nspae);
            }
        } else {
            c = _contextCipher;
        }
        // Now perform the encryption
        
        try {
            // Should internally generate an IV
            // todo - allow user to set an IV
            c.init(_cipherMode, _key);
        } catch (InvalidKeyException ike) {
            throw new XMLEncryptionException("empty", ike);
        }
        
        try {
            encryptedBytes =
                    c.doFinal(serializedOctets);
            
            logger.log(java.util.logging.Level.FINE, "Expected cipher.outputSize = " +
                    Integer.toString(c.getOutputSize(
                    serializedOctets.length)));
            logger.log(java.util.logging.Level.FINE, "Actual cipher.outputSize = " +
                    Integer.toString(encryptedBytes.length));
        } catch (IllegalStateException ise) {
            throw new XMLEncryptionException("empty", ise);
        } catch (IllegalBlockSizeException ibse) {
            throw new XMLEncryptionException("empty", ibse);
        } catch (BadPaddingException bpe) {
            throw new XMLEncryptionException("empty", bpe);
        } catch (Exception uee) {
            throw new XMLEncryptionException("empty", uee);
        }
        
        // Now build up to a properly XML Encryption encoded octet stream
        // IvParameterSpec iv;
        
        byte[] iv = c.getIV();
        byte[] finalEncryptedBytes =
                new byte[iv.length + encryptedBytes.length];
        System.arraycopy(iv, 0, finalEncryptedBytes, 0,
                iv.length);
        System.arraycopy(encryptedBytes, 0, finalEncryptedBytes,
                iv.length,
                encryptedBytes.length);
        
        String base64EncodedEncryptedOctets = Base64.encode(finalEncryptedBytes);
        
        logger.log(java.util.logging.Level.FINE, "Encrypted octets:\n" + base64EncodedEncryptedOctets);
        logger.log(java.util.logging.Level.FINE, "Encrypted octets length = " +
                base64EncodedEncryptedOctets.length());
        
        try {
            CipherData cd = _ed.getCipherData();
            CipherValue cv = cd.getCipherValue();
            // cv.setValue(base64EncodedEncryptedOctets.getBytes());
            cv.setValue(base64EncodedEncryptedOctets);
            
            if (contentMode) {
                _ed.setType(
                        new URI(EncryptionConstants.TYPE_CONTENT).toString());
            } else {
                _ed.setType(
                        new URI(EncryptionConstants.TYPE_ELEMENT).toString());
            }
            EncryptionMethod method =
                    _factory.newEncryptionMethod(new URI(_algorithm).toString());
            _ed.setEncryptionMethod(method);
        } catch (URI.MalformedURIException mfue) {
            throw new XMLEncryptionException("empty", mfue);
        }
        return (_ed);
    
private org.w3c.dom.DocumentencryptElement(org.w3c.dom.Element element)
Encrypts an Element and replaces it with its encrypted counterpart in the context Document, that is, the Document specified when one calls {@link #getInstance(String) getInstance}.

param
element the Element to encrypt.
return
the context Document with the encrypted Element having replaced the source Element.
throws
Exception

        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Encrypting element...");
        if(null == element) 
            logger.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
        if(_cipherMode != ENCRYPT_MODE)
            if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");

		if (_algorithm == null) {
	    	throw new XMLEncryptionException("XMLCipher instance without transformation specified");
		}
		encryptData(_contextDocument, element, false);

        Element encryptedElement = _factory.toElement(_ed);

        Node sourceParent = element.getParentNode();
        sourceParent.replaceChild(encryptedElement, element);

        return (_contextDocument);
    
private org.w3c.dom.DocumentencryptElementContent(org.w3c.dom.Element element)
Encrypts a NodeList (the contents of an Element) and replaces its parent Element's content with this the resulting EncryptedType within the context Document, that is, the Document specified when one calls {@link #getInstance(String) getInstance}.

param
element the NodeList to encrypt.
return
the context Document with the encrypted NodeList having replaced the content of the source Element.
throws
Exception

        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Encrypting element content...");
        if(null == element) 
            logger.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
        if(_cipherMode != ENCRYPT_MODE)
            if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");

		if (_algorithm == null) {
	    	throw new XMLEncryptionException("XMLCipher instance without transformation specified");
		}
		encryptData(_contextDocument, element, true);	

        Element encryptedElement = _factory.toElement(_ed);

        removeContent(element);
        element.appendChild(encryptedElement);

        return (_contextDocument);
    
public com.sun.org.apache.xml.internal.security.encryption.EncryptedKeyencryptKey(org.w3c.dom.Document doc, java.security.Key key)
Encrypts a key to an EncryptedKey structure

param
doc the Context document that will be used to general DOM
param
key Key to encrypt (will use previously set KEK to perform encryption
return
throws
XMLEncryptionException


        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Encrypting key ...");

        if(null == key) 
            logger.log(java.util.logging.Level.SEVERE, "Key unexpectedly null...");
        if(_cipherMode != WRAP_MODE)
            if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in WRAP_MODE...");

		if (_algorithm == null) {

			throw new XMLEncryptionException("XMLCipher instance without transformation specified");
		}

		_contextDocument = doc;

		byte[] encryptedBytes = null;
		Cipher c;

		if (_contextCipher == null) {
			// Now create the working cipher

			String jceAlgorithm =
				JCEMapper.translateURItoJCEID(_algorithm);

			if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "alg = " + jceAlgorithm);

			try {
			    if (_requestedJCEProvider == null)
				c = Cipher.getInstance(jceAlgorithm);
                            else
                                c = Cipher.getInstance(jceAlgorithm, _requestedJCEProvider);
			} catch (NoSuchAlgorithmException nsae) {
				throw new XMLEncryptionException("empty", nsae);
			} catch (NoSuchProviderException nspre) {
				throw new XMLEncryptionException("empty", nspre);
			} catch (NoSuchPaddingException nspae) {
				throw new XMLEncryptionException("empty", nspae);
			}
		} else {
			c = _contextCipher;
		}
		// Now perform the encryption

		try {
			// Should internally generate an IV
			// todo - allow user to set an IV
			c.init(Cipher.WRAP_MODE, _key);
			encryptedBytes = c.wrap(key);
		} catch (InvalidKeyException ike) {
			throw new XMLEncryptionException("empty", ike);
		} catch (IllegalBlockSizeException ibse) {
			throw new XMLEncryptionException("empty", ibse);
		}

        String base64EncodedEncryptedOctets = Base64.encode(encryptedBytes);

        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Encrypted key octets:\n" + base64EncodedEncryptedOctets);
        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Encrypted key octets length = " +
            base64EncodedEncryptedOctets.length());

		CipherValue cv = _ek.getCipherData().getCipherValue();
		cv.setValue(base64EncodedEncryptedOctets);

        try {
            EncryptionMethod method = _factory.newEncryptionMethod(
                new URI(_algorithm).toString());
            _ek.setEncryptionMethod(method);
        } catch (URI.MalformedURIException mfue) {
            throw new XMLEncryptionException("empty", mfue);
        }
		return _ek;
		
    
public com.sun.org.apache.xml.internal.security.encryption.EncryptedDatagetEncryptedData()
Get the EncryptedData being build Returns the EncryptedData being built during an ENCRYPT operation. This can then be used by applications to add KeyInfo elements and set other parameters.

return
The EncryptedData being built


		// Sanity checks
		if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Returning EncryptedData");
		return _ed;

	
public com.sun.org.apache.xml.internal.security.encryption.EncryptedKeygetEncryptedKey()
Get the EncryptedData being build Returns the EncryptedData being built during an ENCRYPT operation. This can then be used by applications to add KeyInfo elements and set other parameters.

return
The EncryptedData being built


		// Sanity checks
		if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Returning EncryptedKey");
		return _ek;
	
public static com.sun.org.apache.xml.internal.security.encryption.XMLCiphergetInstance(java.lang.String transformation)
Returns an XMLCipher that implements the specified transformation and operates on the specified context document.

If the default provider package supplies an implementation of the requested transformation, an instance of Cipher containing that implementation is returned. If the transformation is not available in the default provider package, other provider packages are searched.

NOTE1: The transformation name does not follow the same pattern as that oulined in the Java Cryptography Extension Reference Guide but rather that specified by the XML Encryption Syntax and Processing document. The rational behind this is to make it easier for a novice at writing Java Encryption software to use the library.

NOTE2: getInstance() does not follow the same pattern regarding exceptional conditions as that used in javax.crypto.Cipher. Instead, it only throws an XMLEncryptionException which wraps an underlying exception. The stack trace from the exception should be self explanitory.

param
transformation the name of the transformation, e.g., XMLCipher.TRIPLEDES which is shorthand for "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
throws
XMLEncryptionException
return
the XMLCipher
see
javax.crypto.Cipher#getInstance(java.lang.String)

        // sanity checks
        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Getting XMLCipher...");
        if (null == transformation)
            logger.log(java.util.logging.Level.SEVERE, "Transformation unexpectedly null...");
        if(!isValidEncryptionAlgorithm(transformation))
            logger.log(java.util.logging.Level.WARNING, "Algorithm non-standard, expected one of " + ENC_ALGORITHMS);

		XMLCipher instance = new XMLCipher();

        instance._algorithm = transformation;
		instance._key = null;
		instance._kek = null;


		/* Create a canonicaliser - used when serialising DOM to octets
		 * prior to encryption (and for the reverse) */

		try {
			instance._canon = Canonicalizer.getInstance
				(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
            
		} catch (InvalidCanonicalizerException ice) {
			throw new XMLEncryptionException("empty", ice);
		}

		String jceAlgorithm = JCEMapper.translateURItoJCEID(transformation);

		try {
            instance._contextCipher = Cipher.getInstance(jceAlgorithm);
            if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "cihper.algoritm = " +
                instance._contextCipher.getAlgorithm());
        } catch (NoSuchAlgorithmException nsae) {
            throw new XMLEncryptionException("empty", nsae);
        } catch (NoSuchPaddingException nspe) {
            throw new XMLEncryptionException("empty", nspe);
        }

        return (instance);
    
public static com.sun.org.apache.xml.internal.security.encryption.XMLCiphergetInstance(java.lang.String transformation, javax.crypto.Cipher cipher)

        // sanity checks
        logger.log(java.util.logging.Level.FINE, "Getting XMLCipher...");
        if (null == transformation)
            logger.log(java.util.logging.Level.SEVERE, "Transformation unexpectedly null...");
        if(!isValidEncryptionAlgorithm(transformation))
            logger.log(java.util.logging.Level.WARNING, "Algorithm non-standard, expected one of " + ENC_ALGORITHMS);
        
        XMLCipher instance = new XMLCipher();
        
        instance._algorithm = transformation;
        instance._key = null;
        instance._kek = null;
        
        
                /* Create a canonicaliser - used when serialising DOM to octets
                 * prior to encryption (and for the reverse) */
        
        try {
            instance._canon = Canonicalizer.getInstance
                    (Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
            
        } catch (InvalidCanonicalizerException ice) {
            throw new XMLEncryptionException("empty", ice);
        }
        
        String jceAlgorithm = JCEMapper.translateURItoJCEID(transformation);
        
        try {
            instance._contextCipher = cipher;
            //Cipher.getInstance(jceAlgorithm);
            logger.log(java.util.logging.Level.FINE, "cihper.algoritm = " +
                    instance._contextCipher.getAlgorithm());
        }catch(Exception ex) {
            throw new XMLEncryptionException("empty", ex);
        }
        
        return (instance);
    
public static com.sun.org.apache.xml.internal.security.encryption.XMLCiphergetInstance(java.lang.String transformation, java.lang.String canon)
Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.

param
transformation the name of the transformation, e.g., XMLCipher.TRIPLEDES which is shorthand for "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
param
canon the name of the c14n algorithm, if null use standard serializer
return
throws
XMLEncryptionException

		XMLCipher instance = XMLCipher.getInstance(transformation);

		if (canon != null) {
			try {
				instance._canon = Canonicalizer.getInstance(canon);
			} catch (InvalidCanonicalizerException ice) {
				throw new XMLEncryptionException("empty", ice);
			}
		}

		return instance;
	
public static com.sun.org.apache.xml.internal.security.encryption.XMLCiphergetInstance()
Returns an XMLCipher that implements no specific transformation, and can therefore only be used for decrypt or unwrap operations where the encryption method is defined in the EncryptionMethod element.

return
The XMLCipher
throws
XMLEncryptionException

        // sanity checks
        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Getting XMLCipher for no transformation...");

		XMLCipher instance = new XMLCipher();

        instance._algorithm = null;
		instance._requestedJCEProvider = null;
		instance._key = null;
		instance._kek = null;
		instance._contextCipher = null;

		/* Create a canonicaliser - used when serialising DOM to octets
		 * prior to encryption (and for the reverse) */

		try {
			instance._canon = Canonicalizer.getInstance
				(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
		} catch (InvalidCanonicalizerException ice) {
			throw new XMLEncryptionException("empty", ice);
		}

        return (instance);
    
public static com.sun.org.apache.xml.internal.security.encryption.XMLCiphergetProviderInstance(java.lang.String transformation, java.lang.String provider)
Returns an XMLCipher that implements the specified transformation and operates on the specified context document.

param
transformation the name of the transformation, e.g., XMLCipher.TRIPLEDES which is shorthand for "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
param
provider the JCE provider that supplies the transformation
return
the XMLCipher
throws
XMLEncryptionException

        // sanity checks
        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Getting XMLCipher...");
        if (null == transformation)
            logger.log(java.util.logging.Level.SEVERE, "Transformation unexpectedly null...");
        if(null == provider)
            logger.log(java.util.logging.Level.SEVERE, "Provider unexpectedly null..");
        if("" == provider)
            logger.log(java.util.logging.Level.SEVERE, "Provider's value unexpectedly not specified...");
        if(!isValidEncryptionAlgorithm(transformation))
            logger.log(java.util.logging.Level.WARNING, "Algorithm non-standard, expected one of " + ENC_ALGORITHMS);

		XMLCipher instance = new XMLCipher();

        instance._algorithm = transformation;
		instance._requestedJCEProvider = provider;
		instance._key = null;
		instance._kek = null;

		/* Create a canonicaliser - used when serialising DOM to octets
		 * prior to encryption (and for the reverse) */

		try {
			instance._canon = Canonicalizer.getInstance
				(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
		} catch (InvalidCanonicalizerException ice) {
			throw new XMLEncryptionException("empty", ice);
		}

        try {
			String jceAlgorithm =
				JCEMapper.translateURItoJCEID(transformation);

            instance._contextCipher = Cipher.getInstance(jceAlgorithm, provider);

            if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "cipher._algorithm = " +
                instance._contextCipher.getAlgorithm());
            if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "provider.name = " + provider);
        } catch (NoSuchAlgorithmException nsae) {
            throw new XMLEncryptionException("empty", nsae);
        } catch (NoSuchProviderException nspre) {
            throw new XMLEncryptionException("empty", nspre);
        } catch (NoSuchPaddingException nspe) {
            throw new XMLEncryptionException("empty", nspe);
        }

        return (instance);
    
public static com.sun.org.apache.xml.internal.security.encryption.XMLCiphergetProviderInstance(java.lang.String transformation, java.lang.String provider, java.lang.String canon)
Returns an XMLCipher that implements the specified transformation, operates on the specified context document and serializes the document with the specified canonicalization algorithm before it encrypts the document.

param
transformation the name of the transformation, e.g., XMLCipher.TRIPLEDES which is shorthand for "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
param
provider the JCE provider that supplies the transformation
param
canon the name of the c14n algorithm, if null use standard serializer
return
throws
XMLEncryptionException


		XMLCipher instance = XMLCipher.getProviderInstance(transformation, provider);
		if (canon != null) {
			try {
				instance._canon = Canonicalizer.getInstance(canon);
			} catch (InvalidCanonicalizerException ice) {
				throw new XMLEncryptionException("empty", ice);
			}
		}
		return instance;
	
public static com.sun.org.apache.xml.internal.security.encryption.XMLCiphergetProviderInstance(java.lang.String provider)
Returns an XMLCipher that implements no specific transformation, and can therefore only be used for decrypt or unwrap operations where the encryption method is defined in the EncryptionMethod element. Allows the caller to specify a provider that will be used for cryptographic operations.

param
provider the JCE provider that supplies the cryptographic needs.
return
the XMLCipher
throws
XMLEncryptionException

        // sanity checks

        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Getting XMLCipher, provider but no transformation");
        if(null == provider)
            logger.log(java.util.logging.Level.SEVERE, "Provider unexpectedly null..");
        if("" == provider)
            logger.log(java.util.logging.Level.SEVERE, "Provider's value unexpectedly not specified...");

		XMLCipher instance = new XMLCipher();

        instance._algorithm = null;
		instance._requestedJCEProvider = provider;
		instance._key = null;
		instance._kek = null;
		instance._contextCipher = null;

		try {
			instance._canon = Canonicalizer.getInstance
				(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
		} catch (InvalidCanonicalizerException ice) {
			throw new XMLEncryptionException("empty", ice);
		}

        return (instance);
    
public voidinit(int opmode, java.security.Key key)
Initializes this cipher with a key.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode. For WRAP and ENCRYPT modes, this also initialises the internal EncryptedKey or EncryptedData (with a CipherValue) structure that will be used during the ensuing operations. This can be obtained (in order to modify KeyInfo elements etc. prior to finalising the encryption) by calling {@link #getEncryptedData} or {@link #getEncryptedKey}.

param
opmode the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
param
key
see
javax.crypto.Cipher#init(int, java.security.Key)
throws
XMLEncryptionException

        // sanity checks
        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Initializing XMLCipher...");

		_ek = null;
		_ed = null;

		switch (opmode) {

		case ENCRYPT_MODE :
			if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "opmode = ENCRYPT_MODE");
			_ed = createEncryptedData(CipherData.VALUE_TYPE, "NO VALUE YET");
			break;
		case DECRYPT_MODE :
			if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "opmode = DECRYPT_MODE");
			break;
		case WRAP_MODE :
			if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "opmode = WRAP_MODE");
			_ek = createEncryptedKey(CipherData.VALUE_TYPE, "NO VALUE YET");
			break;
		case UNWRAP_MODE :
			if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "opmode = UNWRAP_MODE");
			break;
		default :
			logger.log(java.util.logging.Level.SEVERE, "Mode unexpectedly invalid");
			throw new XMLEncryptionException("Invalid mode in init");
		}

        _cipherMode = opmode;
		_key = key;

    
private static booleanisValidEncryptionAlgorithm(java.lang.String algorithm)
Checks to ensure that the supplied algorithm is valid.

param
algorithm the algorithm to check.
return
true if the algorithm is valid, otherwise false.
since
1.0.

        boolean result = (
            algorithm.equals(TRIPLEDES) ||
            algorithm.equals(AES_128) ||
            algorithm.equals(AES_256) ||
            algorithm.equals(AES_192) ||
            algorithm.equals(RSA_v1dot5) ||
            algorithm.equals(RSA_OAEP) ||
            algorithm.equals(TRIPLEDES_KeyWrap) ||
            algorithm.equals(AES_128_KeyWrap) ||
            algorithm.equals(AES_256_KeyWrap) ||
            algorithm.equals(AES_192_KeyWrap)
        );

        return (result);
    
public com.sun.org.apache.xml.internal.security.encryption.EncryptedDataloadEncryptedData(org.w3c.dom.Document context, org.w3c.dom.Element element)
Returns an EncryptedData interface. Use this operation if you want to load an EncryptedData structure from a DOM structure and manipulate the contents

param
context the context Document.
param
element the Element that will be loaded
throws
XMLEncryptionException
return

        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Loading encrypted element...");
        if(null == context)
            logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
        if(null == element)
            logger.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
        if(_cipherMode != DECRYPT_MODE)
            logger.log(java.util.logging.Level.SEVERE, "XMLCipher unexpectedly not in DECRYPT_MODE...");

        _contextDocument = context;
        _ed = _factory.newEncryptedData(element);

		return (_ed);
    
public com.sun.org.apache.xml.internal.security.encryption.EncryptedKeyloadEncryptedKey(org.w3c.dom.Document context, org.w3c.dom.Element element)
Returns an EncryptedKey interface. Use this operation if you want to load an EncryptedKey structure from a DOM structure and manipulate the contents.

param
context the context Document.
param
element the Element that will be loaded
return
throws
XMLEncryptionException

        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Loading encrypted key...");
        if(null == context)
            logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
        if(null == element)
            logger.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
        if(_cipherMode != UNWRAP_MODE && _cipherMode != DECRYPT_MODE)
            if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in UNWRAP_MODE or DECRYPT_MODE...");

        _contextDocument = context;
        _ek = _factory.newEncryptedKey(element);
		return (_ek);
    
public com.sun.org.apache.xml.internal.security.encryption.EncryptedKeyloadEncryptedKey(org.w3c.dom.Element element)
Returns an EncryptedKey interface. Use this operation if you want to load an EncryptedKey structure from a DOM structure and manipulate the contents. Assumes that the context document is the document that owns the element

param
element the Element that will be loaded
return
throws
XMLEncryptionException


		return (loadEncryptedKey(element.getOwnerDocument(), element));
    
public org.w3c.dom.Elementmartial(com.sun.org.apache.xml.internal.security.encryption.EncryptedData encryptedData)
Martial an EncryptedData Takes an EncryptedData object and returns a DOM Element that represents the appropriate EncryptedData

Note: This should only be used in cases where the context document has been passed in via a call to doFinal.

param
encryptedData EncryptedData object to martial
return
the DOM Element representing the passed in object


		return (_factory.toElement (encryptedData));

	
public org.w3c.dom.Elementmartial(com.sun.org.apache.xml.internal.security.encryption.EncryptedKey encryptedKey)
Martial an EncryptedKey Takes an EncryptedKey object and returns a DOM Element that represents the appropriate EncryptedKey

Note: This should only be used in cases where the context document has been passed in via a call to doFinal.

param
encryptedKey EncryptedKey object to martial
return
the DOM Element representing the passed in object


		return (_factory.toElement (encryptedKey));

	
public org.w3c.dom.Elementmartial(org.w3c.dom.Document context, com.sun.org.apache.xml.internal.security.encryption.EncryptedData encryptedData)
Martial an EncryptedData Takes an EncryptedData object and returns a DOM Element that represents the appropriate EncryptedData

param
context The document that will own the returned nodes
param
encryptedData EncryptedData object to martial
return
the DOM Element representing the passed in object


		_contextDocument = context;
		return (_factory.toElement (encryptedData));

	
public org.w3c.dom.Elementmartial(org.w3c.dom.Document context, com.sun.org.apache.xml.internal.security.encryption.EncryptedKey encryptedKey)
Martial an EncryptedKey Takes an EncryptedKey object and returns a DOM Element that represents the appropriate EncryptedKey

param
context The document that will own the created nodes
param
encryptedKey EncryptedKey object to martial
return
the DOM Element representing the passed in object


		_contextDocument = context;
		return (_factory.toElement (encryptedKey));

	
private voidremoveContent(org.w3c.dom.Node node)
Removes the contents of a Node.

param
node the Node to clear.

        NodeList list = node.getChildNodes();
        if (list.getLength() > 0) {
            Node n = list.item(0);
            if (null != n) {
                n.getParentNode().removeChild(n);
            }
            removeContent(node);
        }
    
public voidsetKEK(java.security.Key kek)
Set a Key Encryption Key.

The Key Encryption Key (KEK) is used for encrypting/decrypting EncryptedKey elements. By setting this separately, the XMLCipher class can know whether a key applies to the data part or wrapped key part of an encrypted object.

param
kek The key to use for de/encrypting key data


		_kek = kek;