protected void marshallEncryptionDocument(EncryptionDocument ed, LittleEndianByteArrayOutputStream os)
{
//XmlOptions xo = new XmlOptions();
//xo.SetCharacterEncoding("UTF-8");
Dictionary <String, String> nsMap = new Dictionary <String, String>();
nsMap.Add(passwordUri.ToString(), "p");
nsMap.Add(certificateUri.ToString(), "c");
//xo.UseDefaultNamespace();
//xo.SaveSuggestedPrefixes(nsMap);
//xo.SaveNamespacesFirst();
//xo.SaveAggressiveNamespaces();
// Setting standalone doesn't work with xmlbeans-2.3 & 2.6
// ed.DocumentProperties().Standalone=(/*setter*/true);
//xo.SaveNoXmlDecl();
MemoryStream bos = new MemoryStream();
try {
byte[] buf = Encoding.UTF8.GetBytes("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n");
bos.Write(buf, 0, buf.Length);
ed.Save(bos);
os.Write(bos.ToArray());
} catch (IOException e) {
throw new EncryptedDocumentException("error marshalling encryption info document", e);
}
}
public static EncryptionDocument ParseDescriptor(String descriptor)
{
try
{
return(EncryptionDocument.Parse(descriptor));
}
catch (XmlException e)
{
throw new EncryptedDocumentException("Unable to parse encryption descriptor", e);
}
}
public void Initialize(EncryptionInfo info, ILittleEndianInput dis)
{
this.info = info;
EncryptionDocument ed = ParseDescriptor((DocumentInputStream)dis);
header = new AgileEncryptionHeader(ed);
verifier = new AgileEncryptionVerifier(ed);
if (info.VersionMajor == EncryptionMode.Agile.VersionMajor &&
info.VersionMinor == EncryptionMode.Agile.VersionMinor)
{
decryptor = new AgileDecryptor(this);
encryptor = new AgileEncryptor(this);
}
}
protected static EncryptionDocument ParseDescriptor(DocumentInputStream descriptor)
{
try
{
XmlDocument xmlDoc = new XmlDocument();
byte[] buf = new byte[descriptor.Length - descriptor.Position];
descriptor.ReadFully(buf);
string xml = Encoding.UTF8.GetString(buf);
OpenXml4Net.Util.XmlHelper.LoadXmlSafe(xmlDoc, xml, Encoding.UTF8);
return(EncryptionDocument.Parse(xmlDoc));
}
catch (Exception e)
{
throw new EncryptedDocumentException("Unable to parse encryption descriptor", e);
}
}
protected internal AgileEncryptionHeader(EncryptionDocument ed)
{
CT_KeyData keyData;
try
{
keyData = ed.GetEncryption().keyData;
if (keyData == null)
{
throw new NullReferenceException("keyData not Set");
}
}
catch (Exception e)
{
throw new EncryptedDocumentException("Unable to parse keyData");
}
KeySize = ((int)keyData.keyBits);
Flags = (0);
SizeExtra = (0);
CspName = (null);
BlockSize = (int)(keyData.blockSize);
int keyBits = (int)keyData.keyBits;
CipherAlgorithm ca = CipherAlgorithm.FromXmlId(keyData.cipherAlgorithm.ToString(), keyBits);
CipherAlgorithm = (ca);
CipherProvider = (ca.provider);
switch (keyData.cipherChaining)
{
case ST_CipherChaining.ChainingModeCBC:
ChainingMode = (ChainingMode.cbc);
break;
case ST_CipherChaining.ChainingModeCFB:
ChainingMode = (ChainingMode.cfb);
break;
default:
throw new EncryptedDocumentException("Unsupported chaining mode - " + keyData.cipherChaining.ToString());
}
int hashSize = (int)keyData.hashSize;
HashAlgorithm ha = HashAlgorithm.FromEcmaId(keyData.hashAlgorithm.ToString());
HashAlgorithm = (ha);
if (HashAlgorithm.hashSize != hashSize)
{
throw new EncryptedDocumentException("Unsupported hash algorithm: " +
keyData.hashAlgorithm + " @ " + hashSize + " bytes");
}
int saltLength = (int)keyData.saltSize;
SetKeySalt(keyData.saltValue);
if (KeySalt.Length != saltLength)
{
throw new EncryptedDocumentException("Invalid salt length");
}
CT_DataIntegrity di = ed.GetEncryption().dataIntegrity;
SetEncryptedHmacKey(di.encryptedHmacKey);
SetEncryptedHmacValue(di.encryptedHmacValue);
}
protected internal AgileEncryptionVerifier(EncryptionDocument ed)
{
IEnumerator <CT_KeyEncryptor> encList = ed.GetEncryption().keyEncryptors.keyEncryptor.GetEnumerator();
CT_PasswordKeyEncryptor keyData;
try
{
//keyData = encList.Next().EncryptedPasswordKey;
encList.MoveNext();
keyData = encList.Current.Item as CT_PasswordKeyEncryptor;
if (keyData == null)
{
throw new NullReferenceException("encryptedKey not Set");
}
}
catch (Exception e)
{
throw new EncryptedDocumentException("Unable to parse keyData", e);
}
int keyBits = (int)keyData.keyBits;
CipherAlgorithm ca = CipherAlgorithm.FromXmlId(keyData.cipherAlgorithm.ToString(), keyBits);
CipherAlgorithm = (ca);
int hashSize = (int)keyData.hashSize;
HashAlgorithm ha = HashAlgorithm.FromEcmaId(keyData.hashAlgorithm.ToString());
HashAlgorithm = (ha);
if (HashAlgorithm.hashSize != hashSize)
{
throw new EncryptedDocumentException("Unsupported hash algorithm: " +
keyData.hashAlgorithm + " @ " + hashSize + " bytes");
}
SpinCount = (int)(keyData.spinCount);
EncryptedVerifier = (keyData.encryptedVerifierHashInput);
Salt = (keyData.saltValue);
EncryptedKey = (keyData.encryptedKeyValue);
EncryptedVerifierHash = (keyData.encryptedVerifierHashValue);
int saltSize = (int)keyData.saltSize;
if (saltSize != Salt.Length)
{
throw new EncryptedDocumentException("Invalid salt size");
}
switch (keyData.cipherChaining)
{
case ST_CipherChaining.ChainingModeCBC:
ChainingMode = (ChainingMode.cbc);
break;
case ST_CipherChaining.ChainingModeCFB:
ChainingMode = (ChainingMode.cfb);
break;
default:
throw new EncryptedDocumentException("Unsupported chaining mode - " + keyData.cipherChaining.ToString());
}
//if (!encList.HasNext()) return;
try
{
//CertificateFactory cf = CertificateFactory.GetInstance("X.509");
while (encList.MoveNext())
{
CT_CertificateKeyEncryptor certKey = encList.Current.Item as CT_CertificateKeyEncryptor;
AgileCertificateEntry ace = new AgileCertificateEntry();
ace.certVerifier = certKey.certVerifier;
ace.encryptedKey = certKey.encryptedKeyValue;
ace.x509 = new X509Certificate(X509CertificateStructure.GetInstance(certKey.X509Certificate));
certList.Add(ace);
}
}
catch (Exception e)
{
throw new EncryptedDocumentException("can't parse X509 certificate", e);
}
}
protected EncryptionDocument CreateEncryptionDocument()
{
AgileEncryptionVerifier ver = builder.GetVerifier();
AgileEncryptionHeader header = builder.GetHeader();
EncryptionDocument ed = EncryptionDocument.NewInstance();
CT_Encryption edRoot = ed.AddNewEncryption();
CT_KeyData keyData = edRoot.AddNewKeyData();
CT_KeyEncryptors keyEncList = edRoot.AddNewKeyEncryptors();
CT_KeyEncryptor keyEnc = keyEncList.AddNewKeyEncryptor();
keyEnc.uri = (/*setter*/ passwordUri);
CT_PasswordKeyEncryptor keyPass = keyEnc.AddNewEncryptedPasswordKey();
keyPass.spinCount = (uint)ver.SpinCount;
keyData.saltSize = (uint)header.BlockSize;
keyPass.saltSize = (uint)header.BlockSize;
keyData.blockSize = (uint)header.BlockSize;
keyPass.blockSize = (uint)header.BlockSize;
keyData.keyBits = (uint)header.KeySize;
keyPass.keyBits = (uint)header.KeySize;
HashAlgorithm hashAlgo = header.HashAlgorithm;
keyData.hashSize = (uint)hashAlgo.hashSize;
keyPass.hashSize = (uint)hashAlgo.hashSize;
ST_CipherAlgorithm?xmlCipherAlgo = (ST_CipherAlgorithm?)Enum.Parse(typeof(ST_CipherAlgorithm), header.CipherAlgorithm.xmlId);
if (xmlCipherAlgo == null)
{
throw new EncryptedDocumentException("CipherAlgorithm " + header.CipherAlgorithm + " not supported.");
}
keyData.cipherAlgorithm = (/*setter*/ xmlCipherAlgo.Value);
keyPass.cipherAlgorithm = (/*setter*/ xmlCipherAlgo.Value);
switch (header.ChainingMode.jceId)
{
case "cbc":
keyData.cipherChaining = (/*setter*/ ST_CipherChaining.ChainingModeCBC);
keyPass.cipherChaining = (/*setter*/ ST_CipherChaining.ChainingModeCBC);
break;
case "cfb":
keyData.cipherChaining = (/*setter*/ ST_CipherChaining.ChainingModeCFB);
keyPass.cipherChaining = (/*setter*/ ST_CipherChaining.ChainingModeCFB);
break;
default:
throw new EncryptedDocumentException("ChainingMode " + header.ChainingMode + " not supported.");
}
ST_HashAlgorithm?xmlHashAlgo = (ST_HashAlgorithm?)Enum.Parse(typeof(ST_HashAlgorithm), hashAlgo.ecmaString);
if (xmlHashAlgo == null)
{
throw new EncryptedDocumentException("HashAlgorithm " + hashAlgo + " not supported.");
}
keyData.hashAlgorithm = (/*setter*/ xmlHashAlgo.Value);
keyPass.hashAlgorithm = (/*setter*/ xmlHashAlgo.Value);
keyData.saltValue = (/*setter*/ header.KeySalt);
keyPass.saltValue = (/*setter*/ ver.Salt);
keyPass.encryptedVerifierHashInput = (/*setter*/ ver.EncryptedVerifier);
keyPass.encryptedVerifierHashValue = (/*setter*/ ver.EncryptedVerifierHash);
keyPass.encryptedKeyValue = (/*setter*/ ver.EncryptedKey);
CT_DataIntegrity hmacData = edRoot.AddNewDataIntegrity();
hmacData.encryptedHmacKey = (/*setter*/ header.GetEncryptedHmacKey());
hmacData.encryptedHmacValue = (/*setter*/ header.GetEncryptedHmacValue());
foreach (AgileCertificateEntry ace in ver.GetCertificates())
{
keyEnc = keyEncList.AddNewKeyEncryptor();
keyEnc.uri = (/*setter*/ certificateUri);
CT_CertificateKeyEncryptor certData = keyEnc.AddNewEncryptedCertificateKey();
try {
certData.X509Certificate = ace.x509.GetEncoded();
} catch (Exception e) {
throw new EncryptedDocumentException(e);
}
certData.encryptedKeyValue = (/*setter*/ ace.encryptedKey);
certData.certVerifier = (/*setter*/ ace.certVerifier);
}
return(ed);
}
