org.apache.ws.security.message
Class WSSecEncryptedKey

java.lang.Object
  extended by org.apache.ws.security.message.WSSecBase
      extended by org.apache.ws.security.message.WSSecEncryptedKey
Direct Known Subclasses:
WSSecEncrypt

public class WSSecEncryptedKey
extends WSSecBase

Builder class to build an EncryptedKey. This is especially useful in the case where the same EncryptedKey has to be used to sign and encrypt the message In such a situation this builder will add the EncryptedKey to the security header and we can use the information form the builder to provide to other builders to reference to the token


Field Summary
protected  BinarySecurity bstToken
          BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE is used to refer to the asymmetric encryption cert
protected  String customEKTokenId
          Custom token id
protected  String customEKTokenValueType
          Custom token value
protected  Document document
           
protected  String encKeyId
          The Token identifier of the token that the DerivedKeyToken is (or to be) derived from.
protected  String encrUser
          Remote user's alias to obtain the cert to encrypt the ephemeral key
protected  byte[] encryptedEphemeralKey
          Encrypted bytes of the ephemeral key
protected  Element encryptedKeyElement
          xenc:EncryptedKey element
protected  Element envelope
          soap:Envelope element
protected  byte[] ephemeralKey
          Session key used as the secret in key derivation
protected  String keyEncAlgo
          Algorithm used to encrypt the ephemeral key
protected  String symEncAlgo
          Algorithm to be used with the ephemeral key
protected  SecretKey symmetricKey
          Symmetric key used in the EncryptedKey.
protected  X509Certificate useThisCert
           
 
Fields inherited from class org.apache.ws.security.message.WSSecBase
callbackLookup, doDebug, keyIdentifierType, parts, password, user
 
Constructor Summary
WSSecEncryptedKey()
           
WSSecEncryptedKey(WSSConfig config)
           
 
Method Summary
 void appendBSTElementToHeader(WSSecHeader secHeader)
          Append the BinarySecurityToken to the elements already in the Security header.
 void appendToHeader(WSSecHeader secHeader)
          Append the EncryptedKey element to the elements already in the Security header.
protected  Element createCipherValue(Document doc, Element encryptedKey)
           
protected  Element createEncryptedKey(Document doc, String keyTransportAlgo)
          Create DOM subtree for xenc:EncryptedKey
 Element getBinarySecurityTokenElement()
           
 String getBSTTokenId()
          Get the id of the BSt generated during prepare().
 byte[] getEncryptedEphemeralKey()
           
 Element getEncryptedKeyElement()
           
 byte[] getEphemeralKey()
           
 String getId()
          Get the id generated during prepare().
protected  KeyGenerator getKeyGenerator()
           
 String getSymmetricEncAlgorithm()
          Get the name of symmetric encryption algorithm to use.
 SecretKey getSymmetricKey()
           
 boolean isCertSet()
           
 void prepare(Document doc, Crypto crypto)
          Prepare the ephemeralKey and the tokens required to be added to the security header
protected  void prepareInternal(SecretKey secretKey, X509Certificate remoteCert, Crypto crypto)
          Encrypt the symmetric key data and prepare the EncryptedKey element This method does the most work for to prepare the EncryptedKey element.
 void prependBSTElementToHeader(WSSecHeader secHeader)
          Prepend the BinarySecurityToken to the elements already in the Security header.
 void prependToHeader(WSSecHeader secHeader)
          Prepend the EncryptedKey element to the elements already in the Security header.
 void setCustomEKTokenId(String customEKTokenId)
           
 void setCustomEKTokenValueType(String customEKTokenValueType)
           
 void setDocument(Document document)
           
 void setEncKeyId(String encKeyId)
           
 void setEncryptedKeyElement(Element encryptedKeyElement)
          Set the encrypted key element when a pre prepared encrypted key is used
 void setEphemeralKey(byte[] ephemeralKey)
           
 void setKeyEncAlgo(String keyEncAlgo)
           
 void setSymmetricEncAlgorithm(String algo)
          Set the name of the symmetric encryption algorithm to use.
 void setSymmetricKey(SecretKey key)
          Set the symmetric key to be used for encryption
 void setUserInfo(String user)
          Set the user name to get the encryption certificate.
 void setUseThisCert(X509Certificate cert)
          Set the X509 Certificate to use for encryption.
 
Methods inherited from class org.apache.ws.security.message.WSSecBase
getKeyIdentifierType, getWsConfig, setBodyID, setCallbackLookup, setKeyIdentifierType, setParts, setUserInfo, setWsConfig, setWsuId
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

document

protected Document document

envelope

protected Element envelope
soap:Envelope element


ephemeralKey

protected byte[] ephemeralKey
Session key used as the secret in key derivation


symmetricKey

protected SecretKey symmetricKey
Symmetric key used in the EncryptedKey.


encryptedEphemeralKey

protected byte[] encryptedEphemeralKey
Encrypted bytes of the ephemeral key


encrUser

protected String encrUser
Remote user's alias to obtain the cert to encrypt the ephemeral key


keyEncAlgo

protected String keyEncAlgo
Algorithm used to encrypt the ephemeral key


symEncAlgo

protected String symEncAlgo
Algorithm to be used with the ephemeral key


encryptedKeyElement

protected Element encryptedKeyElement
xenc:EncryptedKey element


encKeyId

protected String encKeyId
The Token identifier of the token that the DerivedKeyToken is (or to be) derived from.


customEKTokenValueType

protected String customEKTokenValueType
Custom token value


customEKTokenId

protected String customEKTokenId
Custom token id


bstToken

protected BinarySecurity bstToken
BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE is used to refer to the asymmetric encryption cert


useThisCert

protected X509Certificate useThisCert
Constructor Detail

WSSecEncryptedKey

public WSSecEncryptedKey()

WSSecEncryptedKey

public WSSecEncryptedKey(WSSConfig config)
Method Detail

setUserInfo

public void setUserInfo(String user)
Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.

Parameters:
user -

getId

public String getId()
Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the EncryptedKey element.

Returns:
Return the wsu:Id of this token or null if prepare() was not called before.

prepare

public void prepare(Document doc,
                    Crypto crypto)
             throws WSSecurityException
Prepare the ephemeralKey and the tokens required to be added to the security header

Parameters:
doc - The SOAP envelope as Document
crypto - An instance of the Crypto API to handle keystore and certificates
Throws:
WSSecurityException

prepareInternal

protected void prepareInternal(SecretKey secretKey,
                               X509Certificate remoteCert,
                               Crypto crypto)
                        throws WSSecurityException
Encrypt the symmetric key data and prepare the EncryptedKey element This method does the most work for to prepare the EncryptedKey element. It is also used by the WSSecEncrypt sub-class.

Parameters:
secretKey - The symmetric key
remoteCert - The certificate that contains the public key to encrypt the symmetric key data
crypto - An instance of the Crypto API to handle keystore and certificates
Throws:
WSSecurityException

getKeyGenerator

protected KeyGenerator getKeyGenerator()
                                throws WSSecurityException
Throws:
WSSecurityException

createEncryptedKey

protected Element createEncryptedKey(Document doc,
                                     String keyTransportAlgo)
Create DOM subtree for xenc:EncryptedKey

Parameters:
doc - the SOAP envelope parent document
keyTransportAlgo - specifies which algorithm to use to encrypt the symmetric key
Returns:
an xenc:EncryptedKey element

createCipherValue

protected Element createCipherValue(Document doc,
                                    Element encryptedKey)

prependToHeader

public void prependToHeader(WSSecHeader secHeader)
Prepend the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.

Parameters:
secHeader - The security header that holds the Signature element.

appendToHeader

public void appendToHeader(WSSecHeader secHeader)
Append the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.

Parameters:
secHeader - The security header that holds the Signature element.

prependBSTElementToHeader

public void prependBSTElementToHeader(WSSecHeader secHeader)
Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

Parameters:
secHeader - The security header that holds the BST element.

appendBSTElementToHeader

public void appendBSTElementToHeader(WSSecHeader secHeader)
Append the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

Parameters:
secHeader - The security header that holds the BST element.

getEphemeralKey

public byte[] getEphemeralKey()
Returns:
Returns the ephemeralKey.

setUseThisCert

public void setUseThisCert(X509Certificate cert)
Set the X509 Certificate to use for encryption. If this is set and the key identifier is set to DirectReference then use this certificate to get the public key for encryption.

Parameters:
cert - is the X509 certificate to use for encryption

getEncryptedKeyElement

public Element getEncryptedKeyElement()
Returns:
Returns the encryptedKeyElement.

setEncryptedKeyElement

public void setEncryptedKeyElement(Element encryptedKeyElement)
Set the encrypted key element when a pre prepared encrypted key is used

Parameters:
encryptedKeyElement - EncryptedKey element of the encrypted key used

getBinarySecurityTokenElement

public Element getBinarySecurityTokenElement()
Returns:
Returns the BinarySecurityToken element.

setKeyEncAlgo

public void setKeyEncAlgo(String keyEncAlgo)

setEphemeralKey

public void setEphemeralKey(byte[] ephemeralKey)
Parameters:
ephemeralKey - The ephemeralKey to set.

getBSTTokenId

public String getBSTTokenId()
Get the id of the BSt generated during prepare().

Returns:
Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.

setDocument

public void setDocument(Document document)
Parameters:
document - The document to set.

setEncKeyId

public void setEncKeyId(String encKeyId)
Parameters:
encKeyId - The encKeyId to set.

isCertSet

public boolean isCertSet()

getEncryptedEphemeralKey

public byte[] getEncryptedEphemeralKey()

setCustomEKTokenValueType

public void setCustomEKTokenValueType(String customEKTokenValueType)

setCustomEKTokenId

public void setCustomEKTokenId(String customEKTokenId)

setSymmetricEncAlgorithm

public void setSymmetricEncAlgorithm(String algo)
Set the name of the symmetric encryption algorithm to use. This encryption algorithm is used to encrypt the data. If the algorithm is not set then AES128 is used. Refer to WSConstants which algorithms are supported.

Parameters:
algo - Is the name of the encryption algorithm
See Also:
WSConstants.TRIPLE_DES, WSConstants.AES_128, WSConstants.AES_192, WSConstants.AES_256

getSymmetricEncAlgorithm

public String getSymmetricEncAlgorithm()
Get the name of symmetric encryption algorithm to use. The name of the encryption algorithm to encrypt the data, i.e. the SOAP Body. Refer to WSConstants which algorithms are supported.

Returns:
the name of the currently selected symmetric encryption algorithm
See Also:
WSConstants.TRIPLE_DES, WSConstants.AES_128, WSConstants.AES_192, WSConstants.AES_256

getSymmetricKey

public SecretKey getSymmetricKey()
Returns:
The symmetric key

setSymmetricKey

public void setSymmetricKey(SecretKey key)
Set the symmetric key to be used for encryption

Parameters:
key -


Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.