Class WSSecEncrypt


  • public class WSSecEncrypt
    extends WSSecEncryptedKey
    Encrypts a parts of a message according to WS Specification, X509 profile, and adds the encryption data.
    Author:
    Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@apache.org).
    • Field Detail

      • symEncAlgo

        protected java.lang.String symEncAlgo
      • encCanonAlgo

        protected java.lang.String encCanonAlgo
      • embeddedKey

        protected byte[] embeddedKey
      • embeddedKeyName

        protected java.lang.String embeddedKeyName
      • symmetricKey

        protected javax.crypto.SecretKey symmetricKey
        Symmetric key used in the EncrytpedKey.
      • securityTokenReference

        protected SecurityTokenReference securityTokenReference
        SecurityTokenReference to be inserted into EncryptedData/keyInfo element.
    • Constructor Detail

      • WSSecEncrypt

        public WSSecEncrypt()
        Constructor.
    • Method Detail

      • setKey

        public void setKey​(byte[] key)
        Sets the key to use during embedded encryption.

        Parameters:
        key - to use during encryption. The key must fit the selected symmetrical encryption algorithm
      • setEmbeddedKeyName

        public void setEmbeddedKeyName​(java.lang.String embeddedKeyName)
        Set the key name for EMBEDDED_KEYNAME
        Parameters:
        embeddedKeyName -
      • setSymmetricEncAlgorithm

        public void setSymmetricEncAlgorithm​(java.lang.String algo)
        Set the name of the symmetric encryption algorithm to use. This encryption alogrithm is used to encrypt the data. If the algorithm is not set then AES128 is used. Refer to WSConstants which algorithms are supported.
        Parameters:
        algo - Is the name of the encryption algorithm
        See Also:
        WSConstants.TRIPLE_DES, WSConstants.AES_128, WSConstants.AES_192, WSConstants.AES_256
      • setEncCanonicalization

        public void setEncCanonicalization​(java.lang.String algo)
        Set the name of an optional canonicalization algorithm to use before encryption. This c14n alogrithm is used to serialize the data before encryption. If the algorithm is not set then a standard serialization is used (provided by XMLCipher, usually a XMLSerializer according to DOM 3 specification).
        Parameters:
        algo - Is the name of the canonicalization algorithm
      • getSymmetricEncAlgorithm

        public java.lang.String getSymmetricEncAlgorithm()
        Get the name of symmetric encryption algorithm to use. The name of the encryption alogrithm to encrypt the data, i.e. the SOAP Body. Refer to WSConstants which algorithms are supported.
        Returns:
        the name of the currently selected symmetric encryption algorithm
        See Also:
        WSConstants.TRIPLE_DES, WSConstants.AES_128, WSConstants.AES_192, WSConstants.AES_256
      • prepare

        public void prepare​(org.w3c.dom.Document doc,
                            Crypto crypto)
                     throws WSSecurityException
        Initialize a WSSec Encrypt. The method prepares and initializes a WSSec Encrypt structure after the relevant information was set. After preparartion of the token references can be added and encrypted.

        This method does not add any element to the security header. This must be done explicitly.
        Overrides:
        prepare in class WSSecEncryptedKey
        Parameters:
        doc - The SOAP envelope as Document
        crypto - An instance of the Crypto API to handle keystore and certificates
        Throws:
        WSSecurityException
      • build

        public org.w3c.dom.Document build​(org.w3c.dom.Document doc,
                                          Crypto crypto,
                                          WSSecHeader secHeader)
                                   throws WSSecurityException
        Builds the SOAP envelope with encrypted Body and adds encrypted key. This is a convenience method and for backward compatibility. The method calls the single function methods in order to perform a one shot encryption. This method is compatible with the build method of the previous version with the exception of the additional WSSecHeader parameter.
        Parameters:
        doc - the SOAP envelope as Document with plaintext Body
        crypto - an instance of the Crypto API to handle keystore and Certificates
        secHeader - the security header element to hold the encrypted key element.
        Returns:
        the SOAP envelope with encrypted Body as Document
        Throws:
        WSSecurityException
      • encryptForInternalRef

        public org.w3c.dom.Element encryptForInternalRef​(org.w3c.dom.Element dataRef,
                                                         java.util.Vector references)
                                                  throws WSSecurityException
        Encrypt one or more parts or elements of the message (internal). This method takes a vector of WSEncryptionPart object that contain information about the elements to encrypt. The method call the encryption method, takes the reference information generated during encryption and add this to the xenc:Reference element. This method can be called after prepare() and can be called multiple times to encrypt a number of parts or elements.

        The method generates a xenc:Reference element that must be added to this token. See addInternalRefElement().

        If the dataRef parameter is null the method creates and initializes a new Reference element.
        Parameters:
        dataRef - A xenc:Reference element or null
        references - A vector containing WSEncryptionPart objects
        Returns:
        Returns the updated xenc:Reference element
        Throws:
        WSSecurityException
      • encryptForExternalRef

        public org.w3c.dom.Element encryptForExternalRef​(org.w3c.dom.Element dataRef,
                                                         java.util.Vector references)
                                                  throws WSSecurityException
        Encrypt one or more parts or elements of the message (external). This method takes a vector of WSEncryptionPart object that contain information about the elements to encrypt. The method call the encryption method, takes the reference information generated during encryption and add this to the xenc:Reference element. This method can be called after prepare() and can be called multiple times to encrypt a number of parts or elements.

        The method generates a xenc:Reference element that must be added to the SecurityHeader. See addExternalRefElement().

        If the dataRef parameter is null the method creates and initializes a new Reference element.
        Parameters:
        dataRef - A xenc:Reference element or null
        references - A vector containing WSEncryptionPart objects
        Returns:
        Returns the updated xenc:Reference element
        Throws:
        WSSecurityException
      • addInternalRefElement

        public void addInternalRefElement​(org.w3c.dom.Element dataRef)
        Adds the internal Reference element to this Encrypt data. The refernce element must be created by the encryptForInternalRef() method. The refernce element is added to the EncryptedKey element of this encrypt block.
        Parameters:
        dataRef - The internal enc:Reference element
      • addExternalRefElement

        public void addExternalRefElement​(org.w3c.dom.Element dataRef,
                                          WSSecHeader secHeader)
        Adds (prepends) the external Reference element to the Security header. The refernce element must be created by the encryptForExternalRef() method. The method prepends the reference element in the SecurityHeader.
        Parameters:
        dataRef - The external enc:Reference element
        secHeader - The security header.
      • createDataRefList

        public static org.w3c.dom.Element createDataRefList​(org.w3c.dom.Document doc,
                                                            org.w3c.dom.Element referenceList,
                                                            java.util.Vector encDataRefs)
        Create DOM subtree for xenc:EncryptedKey
        Parameters:
        doc - the SOAP enevelope parent document
        keyTransportAlgo - specifies which alogrithm to use to encrypt the symmetric key
        Returns:
        an xenc:EncryptedKey element
      • getSymmetricKey

        public javax.crypto.SecretKey getSymmetricKey()
        Returns:
        The symmetric key
      • setSymmetricKey

        public void setSymmetricKey​(javax.crypto.SecretKey key)
        Set the symmetric key to be used for encryption
        Parameters:
        key -
      • getSecurityTokenReference

        public SecurityTokenReference getSecurityTokenReference()
        Returns:
        Return the SecurityTokenRefernce
      • setSecurityTokenReference

        public void setSecurityTokenReference​(SecurityTokenReference reference)
        Parameters:
        reference -