Class WSEncryptBody


  • public class WSEncryptBody
    extends WSBaseMessage
    Encrypts a SOAP body inside a SOAP envelope according to WS Specification, X509 profile, and adds the encryption data.

    Author:
    Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@siemens.com).
    • Field Detail

      • symEncAlgo

        protected java.lang.String symEncAlgo
      • keyEncAlgo

        protected java.lang.String keyEncAlgo
      • encCanonAlgo

        protected java.lang.String encCanonAlgo
      • embeddedKey

        protected byte[] embeddedKey
      • embeddedKeyName

        protected java.lang.String embeddedKeyName
      • useThisCert

        protected java.security.cert.X509Certificate useThisCert
      • symmetricKey

        protected javax.crypto.SecretKey symmetricKey
        Symmetric key used in the EncrytpedKey.
      • encryptionKey

        protected javax.crypto.SecretKey encryptionKey
        Symmetric key that's actually used.
      • parentNode

        protected org.w3c.dom.Element parentNode
        Parent node to which the EncryptedKeyElement should be added.
      • securityTokenReference

        protected SecurityTokenReference securityTokenReference
        SecurityTokenReference to be inserted into EncryptedData/keyInfo element.
    • Constructor Detail

      • WSEncryptBody

        public WSEncryptBody()
        Deprecated.
        replaced by WSSecEncrypt()
        Constructor.
      • WSEncryptBody

        public WSEncryptBody​(java.lang.String actor)
        Deprecated.
        replaced by WSSecEncrypt() and WSSecHeader for actor specification.
        Constructor.

        Parameters:
        actor - The actor name of the wsse:Security header
      • WSEncryptBody

        public WSEncryptBody​(java.lang.String actor,
                             boolean mu)
        Deprecated.
        replaced by WSSecEncrypt() and WSSecHeader for actor and mustunderstand specification.
        Constructor.

        Parameters:
        actor - The actor name of the wsse:Security header
        mu - Set mustUnderstand to true or false
    • Method Detail

      • setKey

        public void setKey​(byte[] key)
        Deprecated.
        Sets the key to use during embedded encryption.

        Parameters:
        key - to use during encryption. The key must fit the selected symmetrical encryption algorithm
      • setUserInfo

        public void setUserInfo​(java.lang.String user)
        Deprecated.
        Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.

        Parameters:
        user -
      • setEmbeddedKeyName

        public void setEmbeddedKeyName​(java.lang.String embeddedKeyName)
        Set the key name for EMBEDDED_KEYNAME
        Parameters:
        embeddedKeyName -
      • setUseThisCert

        public void setUseThisCert​(java.security.cert.X509Certificate cert)
        Set the X509 Certificate to use for encryption. If this is set and the key identifier is set to DirectReference then use this certificate to get the public key for encryption.
        Parameters:
        cert - is the X509 certificate to use for encryption
      • setEncCanonicalization

        public void setEncCanonicalization​(java.lang.String algo)
        Set the name of an optional canonicalization algorithm to use before encryption.

        This c14n alogrithm is used to serialize the data before encryption, i.e. the SOAP Body. If the algorithm is not set then a standard serialization is used (provided by XMLCipher, usually a XMLSerializer according to DOM 3 specification).

        Parameters:
        algo - Is the name of the canonicalization algorithm
      • build

        public org.w3c.dom.Document build​(org.w3c.dom.Document doc,
                                          Crypto crypto)
                                   throws WSSecurityException
        Builds the SOAP envelope with encrypted Body and adds encrypted key.

        This function performs several steps:

        • First step: set the encoding namespace in the SOAP:Envelope
        • Second step: generate a symmetric key (session key) for the selected symmetric encryption alogrithm, and set the cipher into encryption mode.
        • Third step: get the data to encrypt. We always encrypt the complete first child element of the SOAP Body element
        • Forth step: encrypt data, and set neccessary attributes in xenc:EncryptedData
        • Fifth step: get the certificate that contains the public key for the public key algorithm that will encrypt the generated symmetric (session) key. Up to now we support RSA 1-5 as public key algorithm.
        • Sixth step: setup the wsse:Security header block
        Parameters:
        doc - the SOAP envelope as Document with plaintext Body
        crypto - an instance of the Crypto API to handle keystore and Certificates
        Returns:
        the SOAP envelope with encrypted Body as Document
        Throws:
        WSSecurityException
      • createEnrcyptedKey

        public static org.w3c.dom.Element createEnrcyptedKey​(org.w3c.dom.Document doc,
                                                             java.lang.String keyTransportAlgo)
        Create DOM subtree for xenc:EncryptedKey
        Parameters:
        doc - the SOAP enevelope parent document
        keyTransportAlgo - specifies which alogrithm to use to encrypt the symmetric key
        Returns:
        an xenc:EncryptedKey element
      • createCipherValue

        public static org.w3c.dom.Element createCipherValue​(org.w3c.dom.Document doc,
                                                            org.w3c.dom.Element encryptedKey)
      • createDataRefList

        public static org.w3c.dom.Element createDataRefList​(org.w3c.dom.Document doc,
                                                            org.w3c.dom.Element encryptedKey,
                                                            java.util.Vector encDataRefs)
      • setParentNode

        public void setParentNode​(org.w3c.dom.Element element)
        Deprecated.
        replaced by WSSecEncrypt#setParentNode(Element)
        Sets the parent node of the EncryptedKeyElement
        Parameters:
        element -
      • setSymmetricKey

        public void setSymmetricKey​(javax.crypto.SecretKey key)
        Set the symmetric key to be used for encryption
        Parameters:
        key -
      • getEncryptionKey

        public javax.crypto.SecretKey getEncryptionKey()
        Deprecated.
        replaced by WSSecEncrypt#getEncryptionKey()
        Get the symmetric key used for encryption. This may be the same as the symmetric key field.
        Returns:
        The symmetric key