Package org.apache.ws.security.message
Class WSSecDerivedKeyBase
java.lang.Object
org.apache.ws.security.message.WSSecBase
org.apache.ws.security.message.WSSecDerivedKeyBase
- Direct Known Subclasses:
WSSecDKEncrypt
,WSSecDKSign
Base class for DerivedKey encryption and signature
- Author:
- Ruchith Fernando (ruchith.fernando@gmail.com), Davanum Srinivas (dims@yahoo.com), Werner Dittmann (werner@apache.org)
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected String
Client's label valueprotected byte[]
Raw bytes of the derived keyprotected int
protected DerivedKeyToken
DerivedKeyToken of this builderprotected String
wsu:Id of the wsc:DerivedKeyTokenprotected Document
protected Element
soap:Envelope elementprotected byte[]
Session key used as the secret in key derivationprotected String
Service's label valueprotected Element
The wsse:SecurityTokenReference element to be usedprotected String
The Token identifier of the token that theDerivedKeyToken
is (or to be) derived from. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
appendDKElementToHeader
(WSSecHeader secHeader) protected abstract int
The derived key will change depending on the sig/encr algorithm.getId()
Get the id generated duringprepare()
.void
Initialize a WSSec Derived key.void
prependDKElementToHeader
(WSSecHeader secHeader) Prepend the DerivedKey element to the elements already in the Security header.void
setClientLabel
(String clientLabel) Set the label value of the client.void
setDerivedKeyLength
(int keyLength) void
setExternalKey
(byte[] ephemeralKey, String tokenIdentifier) void
setExternalKey
(byte[] ephemeralKey, Element strElem) void
setServiceLabel
(String serviceLabel) Set the label value of the service.void
setWscVersion
(int wscVersion) Methods inherited from class org.apache.ws.security.message.WSSecBase
getKeyIdentifierType, setBodyID, setKeyIdentifierType, setParts, setUserInfo, setWsConfig, setWsuId
-
Field Details
-
document
-
ephemeralKey
protected byte[] ephemeralKeySession key used as the secret in key derivation -
dkt
DerivedKeyToken of this builder -
derivedKeyBytes
protected byte[] derivedKeyBytesRaw bytes of the derived key -
dktId
wsu:Id of the wsc:DerivedKeyToken -
clientLabel
Client's label value -
serviceLabel
Service's label value -
envelope
soap:Envelope element -
tokenIdentifier
The Token identifier of the token that theDerivedKeyToken
is (or to be) derived from. -
strElem
The wsse:SecurityTokenReference element to be used -
derivedKeyLength
protected int derivedKeyLength
-
-
Constructor Details
-
WSSecDerivedKeyBase
public WSSecDerivedKeyBase()
-
-
Method Details
-
getDerivedKeyLength
The derived key will change depending on the sig/encr algorithm. Therefore the child classes are expected to provide this value.- Returns:
- Throws:
WSSecurityException
-
setExternalKey
- Parameters:
ephemeralKey
- The ephemeralKey to set.
-
setExternalKey
- Parameters:
ephemeralKey
- The ephemeralKey to set.
-
getTokenIdentifier
- Returns:
- Returns the tokenIdentifier.
-
getId
Get the id generated duringprepare()
. Returns the the value of wsu:Id attribute of the DerivedKeyToken element.- Returns:
- Return the wsu:Id of this token or null if
prepare()
was not called before.
-
setClientLabel
Set the label value of the client.- Parameters:
clientLabel
-
-
setServiceLabel
Set the label value of the service.- Parameters:
serviceLabel
-
-
prepare
public void prepare(Document doc) throws WSSecurityException, org.apache.ws.security.conversation.ConversationException Initialize a WSSec Derived key. The method prepares and initializes a WSSec dereived key structure after the relevant information was set. This method also creates and initializes the derived token using the ephemeral key. After preparation references can be added, encrypted and signed as required. This method does not add any element to the security header. This must be done explicitly.- Parameters:
doc
- The unsigned SOAP envelope asDocument
- Throws:
WSSecurityException
org.apache.ws.security.conversation.ConversationException
-
prependDKElementToHeader
Prepend the DerivedKey element to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the DereivedKey element at any position in the Security header.- Parameters:
secHeader
- The security header that holds the Signature element.
-
appendDKElementToHeader
-
setWscVersion
public void setWscVersion(int wscVersion) - Parameters:
wscVersion
- The wscVersion to set.
-
getdktElement
-
setDerivedKeyLength
public void setDerivedKeyLength(int keyLength)
-