Package org.apache.ws.security.message
Class WSSecEncryptedKey
- java.lang.Object
-
- org.apache.ws.security.message.WSSecBase
-
- org.apache.ws.security.message.WSSecEncryptedKey
-
- Direct Known Subclasses:
WSSecEncrypt
public class WSSecEncryptedKey extends WSSecBase
Builder class to build an EncryptedKey. This is expecially useful in the case where the sameEncryptedKey
has to be used to sign and encrypt the message In such a situation this builder will add theEncryptedKey
to the security header and we can use the information form the builder to provide to other builders to reference to the token
-
-
Field Summary
Fields Modifier and Type Field Description protected BinarySecurity
bstToken
BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE is used to refer to the asymm encryption certprotected org.w3c.dom.Document
document
protected java.lang.String
encKeyId
The Token identifier of the token that theDerivedKeyToken
is (or to be) derived from.protected java.lang.String
encrUser
Remote user's alias to obtain the cert to encrypt the ephemeral keyprotected org.w3c.dom.Element
encryptedKeyElement
xenc:EncryptedKey elementprotected org.w3c.dom.Element
envelope
soap:Envelope elementprotected byte[]
ephemeralKey
Session key used as the secret in key derivationprotected java.lang.String
keyEncAlgo
Algorithm used to encrypt the ephemeral keyprotected int
keySize
Key size in bits Defaults to 128protected java.security.cert.X509Certificate
useThisCert
-
Constructor Summary
Constructors Constructor Description WSSecEncryptedKey()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
appendBSTElementToHeader(WSSecHeader secHeader)
Append the BinarySecurityToken to the elements already in the Security header.void
appendToHeader(WSSecHeader secHeader)
Append the EncryptedKey element to the elements already in the Security header.protected org.w3c.dom.Element
createCipherValue(org.w3c.dom.Document doc, org.w3c.dom.Element encryptedKey)
protected org.w3c.dom.Element
createEnrcyptedKey(org.w3c.dom.Document doc, java.lang.String keyTransportAlgo)
Create DOM subtree forxenc:EncryptedKey
protected byte[]
generateEphemeralKey()
Create an ephemeral keyorg.w3c.dom.Element
getBinarySecurityTokenElement()
java.lang.String
getBSTTokenId()
Get the id of the BSt generated duringprepare()
.org.w3c.dom.Element
getEncryptedKeyElement()
byte[]
getEphemeralKey()
java.lang.String
getId()
Get the id generated duringprepare()
.void
prepare(org.w3c.dom.Document doc, Crypto crypto)
Prepare the ephemeralKey and the tokens required to be added to the security headerprotected void
prepareInternal(byte[] keyBytes, java.security.cert.X509Certificate remoteCert, Crypto crypto)
Encrypt the symmetric key data and prepare the EncryptedKey element This method does the most work for to prepare the EncryptedKey element.void
prependBSTElementToHeader(WSSecHeader secHeader)
Prepend the BinarySecurityToken to the elements already in the Security header.void
prependToHeader(WSSecHeader secHeader)
Prepend the EncryptedKey element to the elements already in the Security header.void
setDocument(org.w3c.dom.Document document)
void
setEncKeyId(java.lang.String encKeyId)
void
setEphemeralKey(byte[] ephemeralKey)
void
setKeyEncAlgo(java.lang.String keyEncAlgo)
void
setKeySize(int keySize)
void
setUserInfo(java.lang.String user)
Set the user name to get the encryption certificate.void
setUseThisCert(java.security.cert.X509Certificate cert)
Set the X509 Certificate to use for encryption.-
Methods inherited from class org.apache.ws.security.message.WSSecBase
getKeyIdentifierType, setBodyID, setKeyIdentifierType, setParts, setUserInfo, setWsConfig, setWsuId
-
-
-
-
Field Detail
-
document
protected org.w3c.dom.Document document
-
envelope
protected org.w3c.dom.Element envelope
soap:Envelope element
-
ephemeralKey
protected byte[] ephemeralKey
Session key used as the secret in key derivation
-
encrUser
protected java.lang.String encrUser
Remote user's alias to obtain the cert to encrypt the ephemeral key
-
keyEncAlgo
protected java.lang.String keyEncAlgo
Algorithm used to encrypt the ephemeral key
-
encryptedKeyElement
protected org.w3c.dom.Element encryptedKeyElement
xenc:EncryptedKey element
-
encKeyId
protected java.lang.String encKeyId
The Token identifier of the token that theDerivedKeyToken
is (or to be) derived from.
-
bstToken
protected BinarySecurity bstToken
BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE is used to refer to the asymm encryption cert
-
useThisCert
protected java.security.cert.X509Certificate useThisCert
-
keySize
protected int keySize
Key size in bits Defaults to 128
-
-
Method Detail
-
setUserInfo
public void setUserInfo(java.lang.String user)
Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.- Parameters:
user
-
-
getId
public java.lang.String getId()
Get the id generated duringprepare()
. Returns the the value of wsu:Id attribute of the EncryptedKey element.- Returns:
- Return the wsu:Id of this token or null if
prepare()
was not called before.
-
prepare
public void prepare(org.w3c.dom.Document doc, Crypto crypto) throws WSSecurityException
Prepare the ephemeralKey and the tokens required to be added to the security header- Parameters:
doc
- The SOAP envelope asDocument
crypto
- An instance of the Crypto API to handle keystore and certificates- Throws:
WSSecurityException
-
prepareInternal
protected void prepareInternal(byte[] keyBytes, java.security.cert.X509Certificate remoteCert, Crypto crypto) throws WSSecurityException
Encrypt the symmetric key data and prepare the EncryptedKey element This method does the most work for to prepare the EncryptedKey element. It is also used by the WSSecEncrypt sub-class.- Parameters:
keyBytes
- The bytes that represent the symmetric keyremoteCert
- The certificate that contains the public key to encrypt the seymmetric key datacrypto
- An instance of the Crypto API to handle keystore and certificates- Throws:
WSSecurityException
-
generateEphemeralKey
protected byte[] generateEphemeralKey() throws WSSecurityException
Create an ephemeral key- Returns:
- Throws:
WSSecurityException
-
createEnrcyptedKey
protected org.w3c.dom.Element createEnrcyptedKey(org.w3c.dom.Document doc, java.lang.String keyTransportAlgo)
Create DOM subtree forxenc:EncryptedKey
- Parameters:
doc
- the SOAP enevelope parent documentkeyTransportAlgo
- specifies which alogrithm to use to encrypt the symmetric key- Returns:
- an
xenc:EncryptedKey
element
-
createCipherValue
protected org.w3c.dom.Element createCipherValue(org.w3c.dom.Document doc, org.w3c.dom.Element encryptedKey)
-
prependToHeader
public void prependToHeader(WSSecHeader secHeader)
Prepend the EncryptedKey element to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the EncryptedKey element at any position in the Security header.- Parameters:
secHeader
- The security header that holds the Signature element.
-
appendToHeader
public void appendToHeader(WSSecHeader secHeader)
Append the EncryptedKey element to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the EncryptedKey element at any position in the Security header.- Parameters:
secHeader
- The security header that holds the Signature element.
-
prependBSTElementToHeader
public void prependBSTElementToHeader(WSSecHeader secHeader)
Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the BST element at any position in the Security header.- Parameters:
secHeader
- The security header that holds the BST element.
-
appendBSTElementToHeader
public void appendBSTElementToHeader(WSSecHeader secHeader)
Append the BinarySecurityToken to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the BST element at any position in the Security header.- Parameters:
secHeader
- The security header that holds the BST element.
-
getEphemeralKey
public byte[] getEphemeralKey()
- Returns:
- Returns the ephemeralKey.
-
setUseThisCert
public void setUseThisCert(java.security.cert.X509Certificate cert)
Set the X509 Certificate to use for encryption. If this is set and the key identifier is set toDirectReference
then use this certificate to get the public key for encryption.- Parameters:
cert
- is the X509 certificate to use for encryption
-
getEncryptedKeyElement
public org.w3c.dom.Element getEncryptedKeyElement()
- Returns:
- Returns the encryptedKeyElement.
-
getBinarySecurityTokenElement
public org.w3c.dom.Element getBinarySecurityTokenElement()
- Returns:
- Returns the BinarySecurityToken element.
-
setKeySize
public void setKeySize(int keySize) throws WSSecurityException
- Throws:
WSSecurityException
-
setKeyEncAlgo
public void setKeyEncAlgo(java.lang.String keyEncAlgo)
-
setEphemeralKey
public void setEphemeralKey(byte[] ephemeralKey)
- Parameters:
ephemeralKey
- The ephemeralKey to set.
-
getBSTTokenId
public java.lang.String getBSTTokenId()
Get the id of the BSt generated duringprepare()
.- Returns:
- Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.
-
setDocument
public void setDocument(org.w3c.dom.Document document)
- Parameters:
document
- The document to set.
-
setEncKeyId
public void setEncKeyId(java.lang.String encKeyId)
- Parameters:
encKeyId
- The encKeyId to set.
-
-