org.apache.ws.security.message

Class WSSecDerivedKeyBase

java.lang.Object

org.apache.ws.security.message.WSSecBase

org.apache.ws.security.message.WSSecSignatureBase

org.apache.ws.security.message.WSSecDerivedKeyBase

Direct Known Subclasses:

WSSecDKEncrypt, WSSecDKSign

public abstract class WSSecDerivedKeyBase
extends WSSecSignatureBase

Base class for DerivedKey encryption and signature

Author:

Ruchith Fernando (ruchith.fernando@gmail.com), Davanum Srinivas (dims@yahoo.com), Werner Dittmann (werner@apache.org)

Field Summary

Fields

Modifier and Type	Field and Description
protected String	clientLabel Client's label value
protected byte[]	derivedKeyBytes Raw bytes of the derived key
protected int	derivedKeyLength
protected DerivedKeyToken	dkt DerivedKeyToken of this builder
protected String	dktId wsu:Id of the wsc:DerivedKeyToken
protected Document	document
protected Element	envelope soap:Envelope element
protected byte[]	ephemeralKey Session key used as the secret in key derivation
protected String	serviceLabel Service's label value
protected Element	strElem The wsse:SecurityTokenReference element to be used
protected boolean	tokenIdDirectId True if the tokenIdentifier is a direct reference to a key identifier instead of a URI to a key
protected String	tokenIdentifier The Token identifier of the token that the DerivedKeyToken is (or to be) derived from.

Fields inherited from class org.apache.ws.security.message.WSSecBase

callbackLookup, doDebug, keyIdentifierType, parts, password, user

Constructor Summary

Constructors

Constructor and Description
WSSecDerivedKeyBase()
WSSecDerivedKeyBase(WSSConfig config)

Method Summary

Methods

Modifier and Type	Method and Description
void	appendDKElementToHeader(WSSecHeader secHeader)
protected abstract int	getDerivedKeyLength() The derived key will change depending on the sig/encr algorithm.
Element	getdktElement()
String	getId() Get the id generated during prepare().
String	getTokenIdentifier()
int	getWscVersion()
void	prepare(Document doc) Initialize a WSSec Derived key.
void	prependDKElementToHeader(WSSecHeader secHeader) Prepend the DerivedKey element to the elements already in the Security header.
void	setClientLabel(String clientLabel) Set the label value of the client.
void	setCustomValueType(String customValueType)
void	setDerivedKeyLength(int keyLength)
void	setExternalKey(byte[] ephemeralKey, Element strElem)
void	setExternalKey(byte[] ephemeralKey, String tokenIdentifier)
void	setServiceLabel(String serviceLabel) Set the label value of the service.
void	setTokenIdDirectId(boolean b)
void	setWscVersion(int wscVersion)

Methods inherited from class org.apache.ws.security.message.WSSecSignatureBase

addReferencesToSign, createSTRParameter, getInclusivePrefixes, getInclusivePrefixes

Methods inherited from class org.apache.ws.security.message.WSSecBase

getKeyIdentifierType, getWsConfig, setBodyID, setCallbackLookup, setKeyIdentifierType, setParts, setUserInfo, setWsConfig, setWsuId

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

document

protected Document document

ephemeralKey

protected byte[] ephemeralKey

Session key used as the secret in key derivation

dkt

protected DerivedKeyToken dkt

DerivedKeyToken of this builder

derivedKeyBytes

protected byte[] derivedKeyBytes

Raw bytes of the derived key

dktId

protected String dktId

wsu:Id of the wsc:DerivedKeyToken

clientLabel

protected String clientLabel

Client's label value

serviceLabel

protected String serviceLabel

Service's label value

envelope

protected Element envelope

soap:Envelope element

tokenIdentifier

protected String tokenIdentifier

The Token identifier of the token that the DerivedKeyToken is (or to be) derived from.

tokenIdDirectId

protected boolean tokenIdDirectId

True if the tokenIdentifier is a direct reference to a key identifier instead of a URI to a key

strElem

protected Element strElem

The wsse:SecurityTokenReference element to be used

derivedKeyLength

protected int derivedKeyLength

Constructor Detail

WSSecDerivedKeyBase

public WSSecDerivedKeyBase()

WSSecDerivedKeyBase

public WSSecDerivedKeyBase(WSSConfig config)

Method Detail

getDerivedKeyLength

protected abstract int getDerivedKeyLength()
                                    throws WSSecurityException

The derived key will change depending on the sig/encr algorithm. Therefore the child classes are expected to provide this value.

Returns:

the derived key length

Throws:

WSSecurityException

setExternalKey

public void setExternalKey(byte[] ephemeralKey,
                  String tokenIdentifier)

Parameters:

ephemeralKey - The ephemeralKey to set.

setExternalKey

public void setExternalKey(byte[] ephemeralKey,
                  Element strElem)

Parameters:

ephemeralKey - The ephemeralKey to set.

getTokenIdentifier

public String getTokenIdentifier()

Returns:

Returns the tokenIdentifier.

getId

public String getId()

Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the DerivedKeyToken element.

Returns:

Return the wsu:Id of this token or null if prepare() was not called before.

setClientLabel

public void setClientLabel(String clientLabel)

Set the label value of the client.

Parameters:

clientLabel -

setServiceLabel

public void setServiceLabel(String serviceLabel)

Set the label value of the service.

Parameters:

serviceLabel -

prepare

public void prepare(Document doc)
             throws WSSecurityException,
                    ConversationException

Initialize a WSSec Derived key. The method prepares and initializes a WSSec derived key structure after the relevant information was set. This method also creates and initializes the derived token using the ephemeral key. After preparation references can be added, encrypted and signed as required. This method does not add any element to the security header. This must be done explicitly.

Parameters:

doc - The unsigned SOAP envelope as Document

Throws:

WSSecurityException

ConversationException

prependDKElementToHeader

public void prependDKElementToHeader(WSSecHeader secHeader)

Prepend the DerivedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the DerivedKey element at any position in the Security header.

Parameters:

secHeader - The security header that holds the Signature element.

appendDKElementToHeader

public void appendDKElementToHeader(WSSecHeader secHeader)

setWscVersion

public void setWscVersion(int wscVersion)

Parameters:

wscVersion - The wscVersion to set.

getWscVersion

public int getWscVersion()

getdktElement

public Element getdktElement()

setDerivedKeyLength

public void setDerivedKeyLength(int keyLength)

setCustomValueType

public void setCustomValueType(String customValueType)

setTokenIdDirectId

public void setTokenIdDirectId(boolean b)