8-10 Oracle Fusion Middleware Reference for Oracle Security Developer Tools If the data was encrypted with a simple encryption in place, locate the EncryptedData element and look at its KeyInfo. If it is directly encrypted with a known symmetric key, decrypt it. Otherwise if it is encrypted with a random symmetric key: ■ locate the corresponding EncryptedKey, ■ decrypt it first, and ■ use this decrypted random symmetric key to decrypt the EncryptedData.

8.7 About Element Wrappers in the Oracle Security Developer Tools XML APIs

All the XML-based Oracle Security Developer Tools APIs like Oracle XML Security, Oracle Web Services Security, Oracle SAML, Oracle XKMS, and Oracle Liberty SDK use a wrapper concept. For each XML element, there is a corresponding Java wrapper class. For example, the dsig:Signature XML element corresponds to the XSSignature class. All these wrapper classes inherit from XMLElement, and they contain only one data member, which is the pointer to the corresponding DOM element. This section shows how to work with wrapper objects in the Oracle Security Developer Tools APIs.

8.7.1 Construct the Wrapper Object

To construct a wrapper object from the DOM element, simply invoke the constructor. For example: Element sigElem = Elementdoc.getElementsByTagNameNSXMLURI.ns_dsig, Signature.item0; XSSignature sig = new XSSignaturesigElem; To construct a Wrapper object when the DOM element does not exist, you can either: ■ create a DOM element, and use the above method, or ■ use a newInstance method XSSignature sig = XSSignature.newInstancedoc, null; This internally achieves the same ends, that is, it creates a dsig:Signature DOM element, without appending it anywhere, then creates a wrapper object on top of the element. You will need to append this element somewhere in your document. For some wrapper classes, there is no newInstance method and you need to call a constructor that takes the document object. XSSignedInfo sigInfo = new XSSignedInfodoc, null; Another way to create the wrapper object from the element is to call the XMLUtils.getInstance method: XSSignature sig = XSSignatureXMLUtils.getInstancesigElem; See Also: For details of data decryption with the Oracle XML Security APIs, see Oracle XML Security 8-11 The Oracle Security Developer Tools APIs internally maintain a table associating element names to wrapper class names. The XMLUtils.getInstance uses this table to invoke the appropriate constructor and return an instance of that wrapper class.

8.7.2 Obtain the DOM Element from the Wrapper Object

The underlying DOM element is readily available. All wrapper classes extend from XMLElement which provides a method, XMLElement.getElement, to get the underlying DOM element.

8.7.3 Parse Complex Elements

Whenever there are complex elements containing a hierarchy of subelements, there will also be an equivalent hierarchy of wrapper objects. For example, suppose you have an incoming document containing a signature: dsig:Signature dsig:SignedInfo dsig:CanonicalizationMethod ... ... dsig:SignedInfo dsig:SignatureValue..dsig:SignatureValue ... dsig:Signature Most of these elements have a corresponding wrapper class, such as dsig:Signature - XSSignature, dsig:SignedInfo - XSSignedInfo, dsig:SignatureValue - XSSignatureValue and so on. But when you construct the XSSignedInfo object from the dsig:Signature DOM element, it does not construct any of the child objects, in fact it does not even look at any of the child elements. The new XSSignaturesigElem is a quick call which simply creates an object with the data member pointing to the sigElem. The child objects are created every time. So when you call XSSignature.getSignedInfo it searches the child elements of dsig:Signature to find the dsig:SignedInfo element, constructs a wrapper object on that element, and returns it. This wrapper object is not stored anywhere. So if you invoke XSSignature.getSignedInfo again, it does the same thing, returning a different instance of the SignedInfo object; however both these objects point to the same DOM element, so they behave exactly the same way even though they are different instances.

8.7.4 Construct Complex Elements