Hello,
I've found 2 things which make working with encrypted xml a little bit
difficult (and tricky). Both items are related:
1. I use the following code to encrypt some part of the xml document:
XMLCipher clipper =
XMLCipher.getInstance(algorithmSuiteProvider.getEncryption());
clipper.init(XMLCipher.ENCRYPT_MODE,context.EncryptionKey.key);
clipper.setKEK(key);
EncryptedData encryptedBody=clipper.getEncryptedData();
String encryptedBodyId=IDGenerator.generate();
encryptedBody.setId(encryptedBodyId);
encryptedBody.setKeyInfo(keyInfo);
clipper.doFinal(doc,elementToEncrypt.Element);
First small thing is that when I create a EncryptedData and set Id then I
would assume that in XML DOM element, this Id attribute has isId=true. For
now generated Id attribute is not marked as Id so it cannot be used for
calculate a signature for this EncryptedData.
So before I can sign this EncryptedData, I have to manually find Element in
DOM represents this EncryptedData part and mark Id property as identifier
like this;
encryptedDataElement.setIdAttribute( "Id", true);
Can you tell me why this setIdAttribute is not set by default for encrypted
data?
2. Second problem is related with the first one. There is no easy way to
get Element object for EncryptedData. In the previous example to retrieve
encryptedDataElement and invoke setIdAttribute method, I need to invoke the
following code:
Element getEncryptedDataElement(EncryptedData encryptedData,Document
document) throws XPathExpressionException {
XPath xpath = XPathFactory.newInstance().newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
NodeList assertionNodes = (NodeList)
xpath.evaluate("//enc:EncryptedData[@Id='" + encryptedData.getId() + "']",
document, XPathConstants.NODESET);
return (Element) assertionNodes.item(0);
}
So basically I'm using XPath to retrieve Element for the given
EncryptedData object (by Id value). This is not very efficient. It would be
better to have a method getElement in EncryptedData which returns correct
XML Element. Similar to KeyInfo class or XMLSignature like:
KeyInfo key=new KeyInfo();
Element keyInfoElement=key.getElement();
There is another way to solve this problem. In EncryptedKey there is the
following way to get XML Element:
EncryptedKey encryptedKey=clipper.encryptKey(doc,secretKey.key);
Element encryptedKeyElement=clipper.martial(encryptedKey);
so for EncryptedData xml element could be returned by doFinal method like
this:
Element
encryptedDataElement=clipper.doFinal(doc,elementToEncrypt.Element);
Having getElement method for EncryptedData object would simplify a code and
make it much faster. Is there a chance to add a easy way to get xml element
for EncryptedData object in the future release?
Thanks a lot!
Romek
