org.apache.wss4j.dom.message

Class WSSecEncryptedKey

java.lang.Object

org.apache.wss4j.dom.message.WSSecBase

org.apache.wss4j.dom.message.WSSecEncryptedKey

Direct Known Subclasses:

WSSecEncrypt

public class WSSecEncryptedKey
extends WSSecBase

Builder class to build an EncryptedKey. This is especially useful in the case where the same EncryptedKey has to be used to sign and encrypt the message In such a situation this builder will add the EncryptedKey to the security header and we can use the information form the builder to provide to other builders to reference to the token

Field Summary

Fields

Modifier and Type	Field and Description
protected Document	document
protected byte[]	encryptedEphemeralKey Encrypted bytes of the ephemeral key
protected SecretKey	symmetricKey Symmetric key used in the EncryptedKey.

Fields inherited from class org.apache.wss4j.dom.message.WSSecBase

attachmentCallbackHandler, callbackLookup, doDebug, keyIdentifierType, password, storeBytesInAttachment, user

Constructor Summary

Constructors

Constructor and Description
WSSecEncryptedKey()

Method Summary

Modifier and Type	Method and Description
void	appendBSTElementToHeader(WSSecHeader secHeader) Append the BinarySecurityToken to the elements already in the Security header.
void	appendToHeader(WSSecHeader secHeader) Append the EncryptedKey element to the elements already in the Security header.
void	clean()
protected Element	createCipherValue(Document doc, Element encryptedKey)
protected Element	createEncryptedKey(Document doc, String keyTransportAlgo) Create DOM subtree for xenc:EncryptedKey
Element	getBinarySecurityTokenElement()
String	getBSTTokenId() Get the id of the BSt generated during prepare().
Element	getCustomEKKeyInfoElement()
String	getDigestAlgorithm() Get the digest algorithm to use with the RSA-OAEP key transport algorithm.
byte[]	getEncryptedEphemeralKey()
Element	getEncryptedKeyElement()
byte[]	getEphemeralKey()
String	getId() Get the id generated during prepare().
String	getKeyEncAlgo()
String	getMGFAlgorithm() Get the MGF algorithm to use with the RSA-OAEP key transport algorithm.
String	getSymmetricEncAlgorithm() Get the name of symmetric encryption algorithm to use.
SecretKey	getSymmetricKey()
X509Certificate	getUseThisCert()
boolean	isCertSet()
boolean	isIncludeEncryptionToken()
void	prepare(Document doc, Crypto crypto) Prepare the ephemeralKey and the tokens required to be added to the security header
protected void	prepareInternal(SecretKey secretKey)
protected void	prepareInternal(SecretKey secretKey, X509Certificate remoteCert, Crypto crypto) Encrypt the symmetric key data and prepare the EncryptedKey element This method does the most work for to prepare the EncryptedKey element.
void	prependBSTElementToHeader(WSSecHeader secHeader) Prepend the BinarySecurityToken to the elements already in the Security header.
void	prependToHeader(WSSecHeader secHeader) Prepend the EncryptedKey element to the elements already in the Security header.
void	setCustomEKKeyInfoElement(Element customEKKeyInfoElement)
void	setCustomEKTokenId(String customEKTokenId)
void	setCustomEKTokenValueType(String customEKTokenValueType)
void	setDigestAlgorithm(String digestAlgorithm) Set the digest algorithm to use with the RSA-OAEP key transport algorithm.
void	setDocument(Document document)
void	setEncKeyId(String encKeyId)
void	setEncryptedEphemeralKey(byte[] encryptedKey)
void	setEncryptedKeyElement(Element encryptedKeyElement) Set the encrypted key element when a pre prepared encrypted key is used
void	setEphemeralKey(byte[] ephemeralKey)
void	setIncludeEncryptionToken(boolean includeEncryptionToken)
void	setKeyEncAlgo(String keyEncAlgo)
void	setMGFAlgorithm(String mgfAlgorithm) Set the MGF algorithm to use with the RSA-OAEP key transport algorithm.
void	setSymmetricEncAlgorithm(String algo) Set the name of the symmetric encryption algorithm to use.
void	setSymmetricKey(SecretKey key) Set the symmetric key to be used for encryption
void	setUserInfo(String user) Set the user name to get the encryption certificate.
void	setUseThisCert(X509Certificate cert) Set the X509 Certificate to use for encryption.

Methods inherited from class org.apache.wss4j.dom.message.WSSecBase

getIdAllocator, getKeyIdentifierType, getParts, setAttachmentCallbackHandler, setBodyID, setCallbackLookup, setIdAllocator, setKeyIdentifierType, setStoreBytesInAttachment, setUserInfo, setWsuId

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

document

protected Document document

encryptedEphemeralKey

protected byte[] encryptedEphemeralKey

Encrypted bytes of the ephemeral key

symmetricKey

protected SecretKey symmetricKey

Symmetric key used in the EncryptedKey.

Constructor Detail

WSSecEncryptedKey

public WSSecEncryptedKey()

Method Detail

setUserInfo

public void setUserInfo(String user)

Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.

Parameters:

user -

getId

public String getId()

Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the EncryptedKey element.

Returns:

Return the wsu:Id of this token or null if prepare() was not called before.

clean

public void clean()

prepare

public void prepare(Document doc,
                    Crypto crypto)
             throws WSSecurityException

Prepare the ephemeralKey and the tokens required to be added to the security header

Parameters:

doc - The SOAP envelope as Document

crypto - An instance of the Crypto API to handle keystore and certificates

Throws:

WSSecurityException

prepareInternal

protected void prepareInternal(SecretKey secretKey,
                               X509Certificate remoteCert,
                               Crypto crypto)
                        throws WSSecurityException

Encrypt the symmetric key data and prepare the EncryptedKey element This method does the most work for to prepare the EncryptedKey element. It is also used by the WSSecEncrypt sub-class.

Parameters:

secretKey - The symmetric key

remoteCert - The certificate that contains the public key to encrypt the symmetric key data

crypto - An instance of the Crypto API to handle keystore and certificates

Throws:

WSSecurityException

prepareInternal

protected void prepareInternal(SecretKey secretKey)
                        throws WSSecurityException

Throws:

WSSecurityException

createEncryptedKey

protected Element createEncryptedKey(Document doc,
                                     String keyTransportAlgo)

Create DOM subtree for xenc:EncryptedKey

Parameters:

doc - the SOAP envelope parent document

keyTransportAlgo - specifies which algorithm to use to encrypt the symmetric key

Returns:

an xenc:EncryptedKey element

createCipherValue

protected Element createCipherValue(Document doc,
                                    Element encryptedKey)

prependToHeader

public void prependToHeader(WSSecHeader secHeader)

Prepend the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.

Parameters:

secHeader - The security header that holds the Signature element.

appendToHeader

public void appendToHeader(WSSecHeader secHeader)

Append the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.

Parameters:

secHeader - The security header that holds the Signature element.

prependBSTElementToHeader

public void prependBSTElementToHeader(WSSecHeader secHeader)

Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

Parameters:

secHeader - The security header that holds the BST element.

appendBSTElementToHeader

public void appendBSTElementToHeader(WSSecHeader secHeader)

Append the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

Parameters:

secHeader - The security header that holds the BST element.

getEphemeralKey

public byte[] getEphemeralKey()

Returns:

Returns the ephemeralKey.

setUseThisCert

public void setUseThisCert(X509Certificate cert)

Set the X509 Certificate to use for encryption. If this is set and the key identifier is set to DirectReference then use this certificate to get the public key for encryption.

Parameters:

cert - is the X509 certificate to use for encryption

getUseThisCert

public X509Certificate getUseThisCert()

getEncryptedKeyElement

public Element getEncryptedKeyElement()

Returns:

Returns the encryptedKeyElement.

setEncryptedKeyElement

public void setEncryptedKeyElement(Element encryptedKeyElement)

Set the encrypted key element when a pre prepared encrypted key is used

Parameters:

encryptedKeyElement - EncryptedKey element of the encrypted key used

getBinarySecurityTokenElement

public Element getBinarySecurityTokenElement()

Returns:

Returns the BinarySecurityToken element.

setKeyEncAlgo

public void setKeyEncAlgo(String keyEncAlgo)

getKeyEncAlgo

public String getKeyEncAlgo()

setEphemeralKey

public void setEphemeralKey(byte[] ephemeralKey)

Parameters:

ephemeralKey - The ephemeralKey to set.

getBSTTokenId

public String getBSTTokenId()

Get the id of the BSt generated during prepare().

Returns:

Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.

setDocument

public void setDocument(Document document)

Parameters:

document - The document to set.

setEncKeyId

public void setEncKeyId(String encKeyId)

Parameters:

encKeyId - The encKeyId to set.

isCertSet

public boolean isCertSet()

getEncryptedEphemeralKey

public byte[] getEncryptedEphemeralKey()

setEncryptedEphemeralKey

public void setEncryptedEphemeralKey(byte[] encryptedKey)

setCustomEKTokenValueType

public void setCustomEKTokenValueType(String customEKTokenValueType)

setCustomEKTokenId

public void setCustomEKTokenId(String customEKTokenId)

setSymmetricEncAlgorithm

public void setSymmetricEncAlgorithm(String algo)

Set the name of the symmetric encryption algorithm to use. This encryption algorithm is used to encrypt the data. If the algorithm is not set then AES128 is used. Refer to WSConstants which algorithms are supported.

Parameters:

algo - Is the name of the encryption algorithm

See Also:

WSS4JConstants.TRIPLE_DES, WSS4JConstants.AES_128, WSS4JConstants.AES_192, WSS4JConstants.AES_256

getSymmetricEncAlgorithm

public String getSymmetricEncAlgorithm()

Get the name of symmetric encryption algorithm to use. The name of the encryption algorithm to encrypt the data, i.e. the SOAP Body. Refer to WSConstants which algorithms are supported.

Returns:

the name of the currently selected symmetric encryption algorithm

See Also:

WSS4JConstants.TRIPLE_DES, WSS4JConstants.AES_128, WSS4JConstants.AES_192, WSS4JConstants.AES_256

setDigestAlgorithm

public void setDigestAlgorithm(String digestAlgorithm)

Set the digest algorithm to use with the RSA-OAEP key transport algorithm. The default is SHA-1.

Parameters:

digestAlgorithm - the digest algorithm to use with the RSA-OAEP key transport algorithm

getDigestAlgorithm

public String getDigestAlgorithm()

Get the digest algorithm to use with the RSA-OAEP key transport algorithm. The default is SHA-1.

setMGFAlgorithm

public void setMGFAlgorithm(String mgfAlgorithm)

Set the MGF algorithm to use with the RSA-OAEP key transport algorithm. The default is MGF-SHA-1.

Parameters:

mgfAlgorithm - the MGF algorithm to use with the RSA-OAEP key transport algorithm

getMGFAlgorithm

public String getMGFAlgorithm()

Get the MGF algorithm to use with the RSA-OAEP key transport algorithm. The default is MGF-SHA-1.

getSymmetricKey

public SecretKey getSymmetricKey()

Returns:

The symmetric key

setSymmetricKey

public void setSymmetricKey(SecretKey key)

Set the symmetric key to be used for encryption

Parameters:

key -

isIncludeEncryptionToken

public boolean isIncludeEncryptionToken()

setIncludeEncryptionToken

public void setIncludeEncryptionToken(boolean includeEncryptionToken)

getCustomEKKeyInfoElement

public Element getCustomEKKeyInfoElement()

setCustomEKKeyInfoElement

public void setCustomEKKeyInfoElement(Element customEKKeyInfoElement)