74.3. Enveloped Data

请注意，crypto-cms:encypt 端点通常在一个路由中定义，而自由的 crypto-cms:decrypt 在另一个路由中被定义，尽管在它们后出现的一个示例中简单性。

以下示例演示了如何创建 Enveloped Data 消息，以及如何解密 Enveloped Data 消息。

Java DSL 中的基本示例

import org.apache.camel.util.jsse.KeyStoreParameters;
import org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo;
...
KeyStoreParameters keystore  = new KeyStoreParameters();
keystore.setType("JCEKS");
keystore.setResource("keystore/keystore.jceks);
keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the crypto-cms:decrypt endpoint

DefaultKeyTransRecipientInfo recipient1 = new DefaultKeyTransRecipientInfo();
recipient1.setCertificateAlias("rsa"); // alias of the public key used for the encryption
recipient1.setKeyStoreParameters(keystore);

simpleReg.put("keyStoreParameters", keystore); // register keystore in the registry
simpleReg.put("recipient1", recipient1); // register recipient info in the registry

from("direct:start")
    .to("crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128")
    .to("crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters")
    .to("mock:result");

Spring XML 中的基本示例

   <keyStoreParameters xmlns="http://camel.apache.org/schema/spring"
        id="keyStoreParameters1" resource="./keystore/keystore.jceks"
        password="some_password" type="JCEKS" />
    <bean id="recipient1"
        class="org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo">
        <property name="keyStoreParameters" ref="keyStoreParameters1" />
        <property name="certificateAlias" value="rsa" />
    </bean>
...
    <route>
        <from uri="direct:start" />
        <to uri="crypto-cms:encrypt://testencrpyt?toBase64=true&amp;recipient=#recipient1&amp;contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&amp;secretKeyLength=128" />
        <to uri="crypto-cms:decrypt://testdecrypt?fromBase64=true&amp;keyStoreParameters=#keyStoreParameters1" />
         <to uri="mock:result" />
    </route>

Java DSL 中的两个 Recipients

import org.apache.camel.util.jsse.KeyStoreParameters;
import org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo;
...
KeyStoreParameters keystore  = new KeyStoreParameters();
keystore.setType("JCEKS");
keystore.setResource("keystore/keystore.jceks);
keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the crypto-cms:decrypt endpoint

DefaultKeyTransRecipientInfo recipient1 = new DefaultKeyTransRecipientInfo();
recipient1.setCertificateAlias("rsa"); // alias of the public key used for the encryption
recipient1.setKeyStoreParameters(keystore);

DefaultKeyTransRecipientInfo recipient2 = new DefaultKeyTransRecipientInfo();
recipient2.setCertificateAlias("dsa");
recipient2.setKeyStoreParameters(keystore);

simpleReg.put("keyStoreParameters", keystore); // register keystore in the registry
simpleReg.put("recipient1", recipient1); // register recipient info in the registry

from("direct:start")
    .to("crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&recipient=#recipient2&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128")
    //the decryptor will automatically choose one of the two private keys depending which one is in the decryptor keystore
    .to("crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters")
    .to("mock:result");

Spring XML 中的两个 Recipients

   <keyStoreParameters xmlns="http://camel.apache.org/schema/spring"
        id="keyStoreParameters1" resource="./keystore/keystore.jceks"
        password="some_password" type="JCEKS" />
    <bean id="recipient1"
        class="org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo">
        <property name="keyStoreParameters" ref="keyStoreParameters1" />
        <property name="certificateAlias" value="rsa" />
    </bean>
    <bean id="recipient2"
        class="org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo">
        <property name="keyStoreParameters" ref="keyStoreParameters1" />
        <property name="certificateAlias" value="dsa" />
    </bean>
...
    <route>
        <from uri="direct:start" />
        <to uri="crypto-cms:encrypt://testencrpyt?toBase64=true&amp;recipient=#recipient1&amp;recipient=#recipient2&amp;contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&amp;secretKeyLength=128" />
        <!-- the decryptor will automatically choose one of the two private keys depending which one is in the decryptor keystore -->
        <to uri="crypto-cms:decrypt://testdecrypt?fromBase64=true&amp;keyStoreParameters=#keyStoreParameters1" />
         <to uri="mock:result" />
    </route>

Select Your Language

74.3. Enveloped Data

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Language and Page Formatting Options

74.3. Enveloped Data

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links