programing language

Huan Meng

XML Encryption and Decryption for Element

1. Encryption function

public static org.w3c.dom.Element EncryptElement(
final String strTagNameOfElementToEncrypt,
final org.w3c.dom.Element elemParent) throws Exception {
org.apache.xml.security.Init.init();

String strEncryptionAlgorithm = org.apache.xml.security.encryption.XMLCipher.AES_128;

String strEncryptionAlgorithmProvider = null;

String strEncryptionDigestAlgorithm = org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1;

String strEncryptionKeyGeneratorAlgorithm = “AES”;

String strEncryptionKeyGeneratorAlgorithmProvider = null;

int nEncryptionKeyGeneratorSize = 128;

String strEncryptionKeyWrapAlgorithm = org.apache.xml.security.encryption.XMLCipher.RSA_OAEP;

String strEncryptionKeyWrapAlgorithmProvider = null;

final org.w3c.dom.Element domParent =elemParent;
final org.w3c.dom.Document domDocument = domParent.getOwnerDocument();
final org.w3c.dom.NodeList nlToEncrypts = domParent
.getElementsByTagName(strTagNameOfElementToEncrypt);
if (null == nlToEncrypts) {
final String strErrorMessage = “org.w3c.dom.Element.getElementsByTagNameNS unexpectedly returned null”;
// XMLSecurityApacheExtension.log.error(strErrorMessage);
return null;
}

if (1 != nlToEncrypts.getLength()) {
final String strErrorMessage = “org.w3c.dom.Element.getElementsByTagNameNS unexpectedly returned “
+ nlToEncrypts.getLength() + ” nodes”;
// XMLSecurityApacheExtension.log.error(strErrorMessage);
return null;
}
final org.w3c.dom.Element domToEncrypt = (org.w3c.dom.Element) nlToEncrypts
.item(0);
final org.w3c.dom.Element domTempParent = domDocument
.createElement(“Parent”);
final org.w3c.dom.Element domTempToEncrypt = (org.w3c.dom.Element) domTempParent
.appendChild(domToEncrypt.cloneNode(true));

String pass=”123456″;
FileInputStream in=new FileInputStream(“C:\\Users\\mina\\tomcat.keystore”);
KeyStore ks=KeyStore.getInstance(“JKS”);
ks.load(in,pass.toCharArray());
java.security.cert.Certificate cert=ks.getCertificate(“tomcat”);

final X509Certificate certificate = (X509Certificate)cert;
// final String certificate = “MIIEsjCCApoCAQAwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNV

BAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gxDzANBgNVBAcTBlp1

cmljaDEhMB8GA1UEChMYQWJoaUNlcnRpZmljYXRlQXV0aG9ya

XR5MRUwEwYDVQQLEwxGaXJzdFR5cGUgQ0ExITAfBgNVBAMT

GEFiaGlDZXJ0aWZpY2F0ZUF1dGhvcml0eTEhMB8GCSqGSIb3DQ

EJARYSYWJzQHp1cmljaC5pYm0uY29tMB4XDTA3MDUwNzEzMD

AwNloXDTA3MDgxNTEzMDAwNlowgY0xCzAJBgNVBAYTAkNIMQ

8wDQYDVQQIEwZadXJpY2gxDzANBgNVBAcTBlp1cmljaDEQMA4G

A1UEChMHSUJNIFpSTDESMBAGA1UECxMJYWJoaSB0ZXN0MRM

wEQYDVQQDEwphYmhpbGFwdG9wMSEwHwYJKoZIhvcNAQkBFhJ

hYmhpQGNzYWlsLm1pdC5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA

4IBDwAwggEKAoIBAQCskkmbBSXMRT9FuoE+hn0XvSKCJhedXG6kt

gnjqODbDXlWHqDW+Jxj/N7CD1Nxry0lIsKNVcgJ8QXpX21aTDH3lMg

dAZVyQYkVA24fGolV6fRFSybwaZ5/IxTW3H29wiZJhSKii5jSFfA/XPDTE

FucT6u4VWR81dXCtd528T4vMXbF+QuWhfn5u5MZBncsWZr9YC5cKeV

5Z6/qx9LpnfjHKeTNAlscv93YDYavkKt6kJX6hV/zZ3bIiJ90RxUE8UiVbY

5PORRfY7uHU+Ga0MTbOj0Y0VGr++DQfrYDm1Prm0IRWFm4pjkNRZT

mEZRxDtJ+IbNFfQC/SrcCSwO+e+odAgMBAAEwDQYJKoZIhvcNAQEEB

QADggIBAMVyOhAHcw4iZnsjneSFWLSveEutSicl6nzjL7rRm9vQjZYna4V

CYlUnnoCQoqms82KKxYohlvU1zFS90x7xKE5Of20NPIfzFSuUsxBQOtsDt

o+DCPoAAk3HmXcUQS/l2ZGJPeL4W6FEJrx4ewwMdN5LnrtqbaBMGJP

onDWYqQHv+kPyc0a8djq3C3vFN1MfYIVSMDser7NLqgdqKjNKP00Keui

WoN72c5bgsRl+/S+QuVaZAgLkOVzN4r3RX+jIZe2TJgYzOlCuUC8/PFnF

LGcukpIv2aUzGXx8mc7yhboInwbBlleN6xJnDWLwRivA9Tf6WrymH1L6K

jPBBIFq9S17dXQyFRGy0BNVHaLEu3jBk8nv0cnrjI2bCBiH9rxnmqrq5VU

y0gCHxlnNNKDx7cyf98/BlbtKh43t9gb3goaKUSYWO8mkA6eT6AAIpjCW

FP+K8Y3R4T9jhXBfCROTa/fpzKtN9uIMMgV6oKTwnB+ATEhGhkzkSfny

mz5H0orYA2gkU8OimcZCQTAtSLkXyiyE8u3O61vR5SEyb2diVIdCkqwK8

dQT4NMX2LZwsXULUV7z8fclKlvImC++r1DwBDsVtbwwlE9DxviL9sBtS2

MG+oZmYA0YwrIOqOvnjI7avxFV7MzzOWRC+06WNJAnHVlFCdiR1b9

Q7kteqDZ0RxzC”;

//org.eclipse.higgins.sts.utilities.CertificateHelper
//.fromString(strCertificate);

javax.crypto.KeyGenerator keyGenerator = null;
if (null == strEncryptionKeyGeneratorAlgorithmProvider)
keyGenerator = javax.crypto.KeyGenerator.getInstance(“AES”);
//.getInstance(“strEncryptionKeyGeneratorAlgorithm”);
else
keyGenerator = javax.crypto.KeyGenerator.getInstance(
“strEncryptionKeyGeneratorAlgorithm”,
strEncryptionKeyGeneratorAlgorithmProvider);
keyGenerator.init(nEncryptionKeyGeneratorSize);
final javax.crypto.SecretKey secretKey = keyGenerator.generateKey();
final java.security.PublicKey publicKeyRP = certificate.getPublicKey();
org.apache.xml.security.encryption.XMLCipher keyCipher = null;
if (null == strEncryptionKeyWrapAlgorithmProvider)
keyCipher = org.apache.xml.security.encryption.XMLCipher
.getInstance(strEncryptionKeyWrapAlgorithm);
else
keyCipher = org.apache.xml.security.encryption.XMLCipher
.getProviderInstance(strEncryptionKeyWrapAlgorithm,
strEncryptionKeyWrapAlgorithmProvider);
keyCipher.init(org.apache.xml.security.encryption.XMLCipher.WRAP_MODE,
publicKeyRP);
final org.apache.xml.security.keys.KeyInfo keyInfoKey = new org.apache.xml.security.keys.KeyInfo(
domDocument);
final java.security.MessageDigest mdSha1 = java.security.MessageDigest
.getInstance(“SHA-1”);
final byte[] byteThumbPrint = mdSha1.digest(certificate.getEncoded());
final org.w3c.dom.Document domParentDocument = domParent
.getOwnerDocument();
final org.w3c.dom.Element domSTR = domParentDocument
.createElementNS(
“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd“,
“SecurityTokenReference”);
final org.w3c.dom.Element domKeyIdentifier = domParentDocument
.createElementNS(
“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd“,
“KeyIdentifier”);
domKeyIdentifier
.setAttribute(
“ValueType”,
“http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1“);
domKeyIdentifier
.setAttribute(
“EncodingType”,
“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary“);
String strThumbprint = org.apache.xml.security.utils.Base64
.encode(byteThumbPrint);
// org.eclipse.higgins.sts.utilities.XMLHelper.setTextContent(
// domKeyIdentifier, strThumbprint);
domKeyIdentifier.setTextContent(strThumbprint);
domSTR.appendChild(domKeyIdentifier);
keyInfoKey.addUnknownElement(domSTR);
final org.apache.xml.security.encryption.EncryptedKey encryptedKey = keyCipher
.encryptKey(domDocument, secretKey);
encryptedKey.setKeyInfo(keyInfoKey);
final org.apache.xml.security.encryption.EncryptionMethod encryptionMethod = encryptedKey
.getEncryptionMethod();
final org.w3c.dom.Element elemDigestMethod = domDocument
.createElementNS(
org.apache.xml.security.utils.Constants.SignatureSpecNS,
“DigestMethod”);
elemDigestMethod
.setAttribute(“Algorithm”, strEncryptionDigestAlgorithm);
encryptionMethod.addEncryptionMethodInformation(elemDigestMethod);
org.apache.xml.security.encryption.XMLCipher xmlCipher = null;
if (null == strEncryptionAlgorithmProvider)
xmlCipher = org.apache.xml.security.encryption.XMLCipher
.getInstance(strEncryptionAlgorithm);
else
xmlCipher = org.apache.xml.security.encryption.XMLCipher
.getProviderInstance(strEncryptionAlgorithm,
strEncryptionAlgorithmProvider);
xmlCipher.init(
org.apache.xml.security.encryption.XMLCipher.ENCRYPT_MODE,
secretKey);
final org.apache.xml.security.encryption.EncryptedData encryptedData = xmlCipher
.getEncryptedData();
final org.apache.xml.security.keys.KeyInfo keyInfoEncryption = new org.apache.xml.security.keys.KeyInfo(
domDocument);
keyInfoEncryption.add(encryptedKey);
encryptedData.setKeyInfo(keyInfoEncryption);
System.out.println(“do final, encrypt the Element”);
//xmlCipher.doFinal(domDocument, domTempToEncrypt, false);
xmlCipher.doFinal(domDocument, domTempToEncrypt,false);
final org.w3c.dom.NodeList nlEncryptedData = domTempParent
.getElementsByTagNameNS(
org.apache.xml.security.utils.EncryptionConstants.EncryptionSpecNS,
“EncryptedData”);
if (1 != nlEncryptedData.getLength()) {
throw new Exception(“One EncryptedData Not Found!”);
}
org.w3c.dom.Element domEncryptedData = (org.w3c.dom.Element) nlEncryptedData
.item(0);
System.out.println(“********************”+domEncryptedData.getNodeType());
// org.eclipse.higgins.sts.utilities.XMLHelper
// .stripNewLinesFromElement((org.w3c.dom.Element) nlEncryptedData
// .item(0));
domParent.replaceChild(domEncryptedData, domToEncrypt);

System.out.println(“encrypt:”+domEncryptedData);
// org.w3c.dom.Element elemResult = null;
// elemResult.set(domParent);
return domParent;
//return domEncryptedData;
}
//**************

2. Decryption function

public static org.w3c.dom.Element DecryptElement
(final org.w3c.dom.Element elemEncryptedData,
final PrivateKey privateKey) throws Exception
{
String strEncryptionAlgorithm = org.apache.xml.security.encryption.XMLCipher.AES_128;

String strEncryptionAlgorithmProvider = null;

String strEncryptionKeyGeneratorAlgorithm = “AES”;

// int nEncryptionKeyGeneratorSize = 128;

String strEncryptionKeyWrapAlgorithm = org.apache.xml.security.encryption.XMLCipher.RSA_OAEP;

String strEncryptionKeyWrapAlgorithmProvider = null;

//XMLSecurityApacheExtension.log.trace(“DecryptElement”);

final org.w3c.dom.Element domEncryptedData = elemEncryptedData;
final org.w3c.dom.NodeList nlEncryptedKey = domEncryptedData.getElementsByTagNameNS
(org.apache.xml.security.utils.EncryptionConstants.EncryptionSpecNS,
org.apache.xml.security.utils.EncryptionConstants._TAG_ENCRYPTEDKEY);
if (null == nlEncryptedKey)
{
//XMLSecurityApacheExtension.log.trace(“No EncryptedKey found (getElementsByTagName returned null)”);
}
else if (0 == nlEncryptedKey.getLength())
{
//XMLSecurityApacheExtension.log.trace(“No EncryptedKey found (0 == getLength())”);
}
else
{
final org.w3c.dom.Document domDocument = domEncryptedData.getOwnerDocument();
final org.w3c.dom.Element elemEncryptedKey = (org.w3c.dom.Element)nlEncryptedKey.item(0);
final org.w3c.dom.NodeList nlKeyEncryptionMethod = elemEncryptedKey.getElementsByTagNameNS
(org.apache.xml.security.utils.EncryptionConstants.EncryptionSpecNS,
org.apache.xml.security.utils.EncryptionConstants._TAG_ENCRYPTIONMETHOD);
String strKeyEncryptionMethod = null;
if (null == nlKeyEncryptionMethod)
{
//XMLSecurityApacheExtension.log.trace(“No EncryptionMethod found”);
strKeyEncryptionMethod = strEncryptionKeyWrapAlgorithm;
}
else if (0 == nlKeyEncryptionMethod.getLength())
{
//XMLSecurityApacheExtension.log.trace(“No EncryptionMethod found”);
strKeyEncryptionMethod = strEncryptionKeyWrapAlgorithm;
}
else
{
final org.w3c.dom.Element elemKeyEncryptionMethod = (org.w3c.dom.Element)nlKeyEncryptionMethod.item(0);
strKeyEncryptionMethod = elemKeyEncryptionMethod.getAttribute(org.apache.xml.security.utils.EncryptionConstants._ATT_ALGORITHM);
}
org.apache.xml.security.encryption.XMLCipher keyCipher = null;
if (null == strEncryptionKeyWrapAlgorithmProvider)
keyCipher = org.apache.xml.security.encryption.XMLCipher.getInstance
(strKeyEncryptionMethod);
else
keyCipher = org.apache.xml.security.encryption.XMLCipher.getProviderInstance
(strKeyEncryptionMethod,
strEncryptionKeyWrapAlgorithmProvider);
keyCipher.init
(org.apache.xml.security.encryption.XMLCipher.UNWRAP_MODE,
privateKey);
final org.apache.xml.security.encryption.EncryptedKey encryptedKey = keyCipher.loadEncryptedKey
(domDocument,
elemEncryptedKey);
final java.security.Key keySecret = keyCipher.decryptKey
(encryptedKey,
strEncryptionKeyWrapAlgorithm);//用私钥去解密出对称密钥

final javax.crypto.SecretKey secretKey = (javax.crypto.SecretKey)keySecret;//对称密钥
final byte [] encodedSecretKey = secretKey.getEncoded();
final javax.crypto.spec.SecretKeySpec secretKeySpec = new javax.crypto.spec.SecretKeySpec
(encodedSecretKey, strEncryptionKeyGeneratorAlgorithm);//AES类型的密钥
org.apache.xml.security.encryption.XMLCipher xmlCipher = null;
if (null == strEncryptionAlgorithmProvider)
xmlCipher = org.apache.xml.security.encryption.XMLCipher.getInstance
(strEncryptionAlgorithm);
else
xmlCipher = org.apache.xml.security.encryption.XMLCipher.getProviderInstance
(strEncryptionAlgorithm,
strEncryptionAlgorithmProvider);
xmlCipher.init
(org.apache.xml.security.encryption.XMLCipher.DECRYPT_MODE,
secretKeySpec);
final org.w3c.dom.Document domResultDocument = xmlCipher.doFinal
(domDocument,
domEncryptedData,
false);
// final org.eclipse.higgins.sts.api.IElement elemResult = new org.eclipse.higgins.sts.common.Element();
// elemResult.set
// (domResultDocument.getDocumentElement());
return domResultDocument.getDocumentElement();
}
return null;
}

9月6日消息，Tiobe今天发布了2009年9月的编程语言排行榜，PHP在本期榜单中获得历史性突破，以近一个百分点的增幅成功进入前三名，C++下降一位，排名第四。本期编程语言排行榜，我们将回顾PHP的成长，分析PHP的发展前景。

1623020

本期编程榜前二十名榜单

简单之道

1994年，Rasmus Lerdorf并没想到自己为了维护个人网页而发明的脚本语言会在今天的Web开发领域大放异彩。在这早期的版本中，PHP只提供了访客留言本、访客计数器等简单的功能。以后越来越多的网站使用了PHP，并且强烈要且增加一些特性，比如循环语句和数组变量等等。1995年发布的PHP2.0定名为PHP/FI(Form Interpreter)。PHP/FI加入了对MySQL的支持，从此建立了PHP在动态网页开发上的地位。

143452775
PHP之父Rasmus Lerdorf

到了1996年底，已有15000个网站使用 PHP/FI；时间到了1997年，使用PHP/FI的网站数字超过五万个。而在1997年中，开始了第三版的开发计划，开发小组加入了 Zeev Suraski 及 Andi Gutmans，而第三版就定名为PHP3。2000年，PHP4.0问世了，其中增加了许多新的特性，而这些特性都是开发者和当时的项目强烈需要的。

从1.0版本到4.0版本，PHP在开源社区和Zend公司的支持下保持稳定的增长和进步。在这种快速的成长中，PHP并没有像其他语言那样因为日益复杂的需求而盲目增加新的功能特性；它一直保持着简单高效特性，并凭借这个优点吸引新的开发者加入到PHP的阵营。

171237682
PHP近年发展趋势

关于PHP的发展历程推荐阅读这两篇文章《PHP发展历史》《从个人主页到企业级开发：PHP的商业化历程》

Web开发之王

51CTO.com之前曾有一篇报道《PHP成为中国应用最广的Web开发语言》，文章提供的数据显示，截至2008年底，在中国超过160亿个网页中，PHP网页数量最多，占总数的24%。

随着PHP5.0对面向对象功能的增强，PHP吸收了Java， C++， PERL和C语言最优秀的部分，这种集众多优秀语言特性于一身而简单高效的语言成为Web项目开发的首选语言。这些优点成就了PHP在2004年的爆发式增长。

与此同时，Ruby on Rails取得的成功也带动了PHP Web框架的长足发展。Zend Framework、Codeigniter、CakePHP以及国内的Flea、ThinkPHP都使PHP发挥更大的力量。使用框架，PHP项目可以得到更快更简单的部署和更加敏捷的开发效率。

关于PHP开发框架请参考：

◆如何学习一个新的PHP框架

◆国外主流PHP框架对比评测

◆国外十大最流行PHP框架排名

企业级之痛

PHP在Web开发领域的成功吸引了更多开发者的关注，一些人开始拿PHP与.NET和Java进行比较（详细请参考Java和PHP在Web开发方面的比较和PHP与ASP.NET比较）。安全、稳定和可扩展成为对PHP批判的理由；而这一切的背后，是PHP在大型企业级项目的弱势。51CTO.com曾多次关注PHP在企业级开发方面的发展。

PHP开发大型系统的缺点、大型系统上PHP令人不爽的九大原因等文章受到了网友的广泛关注。

无论如何，PHP依然在发展，本期编程榜中PHP的历史性突破说明了PHP5.3版本的成功，在PHP5.3版中多达140项的bug修复和众多的特性更新使我们看到这门语言的发展与活力。有文章指出，PHP已经成长为一门企业级的语言，甚至有人断言PHP将称雄于21世纪、22世纪。

Blog Huan

流光飞舞…Classical is something not fade, but grow more precious with time pass by, so is dream…

标签归档：programing language

XML Encryption and Decryption for Element

9月编程语言排行榜：PHP的历史性突破