Class WSEncryptBody

java.lang.Object
org.apache.ws.security.message.WSBaseMessage
org.apache.ws.security.message.WSEncryptBody

public class WSEncryptBody extends WSBaseMessage
Encrypts a SOAP body inside a SOAP envelope according to WS Specification, X509 profile, and adds the encryption data.

Author:
Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@siemens.com).
  • Field Details

    • symEncAlgo

      protected String symEncAlgo
    • keyEncAlgo

      protected String keyEncAlgo
    • encCanonAlgo

      protected String encCanonAlgo
    • embeddedKey

      protected byte[] embeddedKey
    • embeddedKeyName

      protected String embeddedKeyName
    • useThisCert

      protected X509Certificate useThisCert
    • symmetricKey

      protected SecretKey symmetricKey
      Symmetric key used in the EncrytpedKey.
    • encryptionKey

      protected SecretKey encryptionKey
      Symmetric key that's actually used.
    • parentNode

      protected Element parentNode
      Parent node to which the EncryptedKeyElement should be added.
    • securityTokenReference

      protected SecurityTokenReference securityTokenReference
      SecurityTokenReference to be inserted into EncryptedData/keyInfo element.
  • Constructor Details

    • WSEncryptBody

      public WSEncryptBody()
      Deprecated.
      replaced by WSSecEncrypt()
      Constructor.
    • WSEncryptBody

      public WSEncryptBody(String actor)
      Deprecated.
      replaced by WSSecEncrypt() and WSSecHeader for actor specification.
      Constructor.

      Parameters:
      actor - The actor name of the wsse:Security header
    • WSEncryptBody

      public WSEncryptBody(String actor, boolean mu)
      Deprecated.
      replaced by WSSecEncrypt() and WSSecHeader for actor and mustunderstand specification.
      Constructor.

      Parameters:
      actor - The actor name of the wsse:Security header
      mu - Set mustUnderstand to true or false
  • Method Details

    • setKey

      public void setKey(byte[] key)
      Deprecated.
      Sets the key to use during embedded encryption.

      Parameters:
      key - to use during encryption. The key must fit the selected symmetrical encryption algorithm
    • setKeyEnc

      public void setKeyEnc(String keyEnc)
      Deprecated.
      Sets the algorithm to encode the symmetric key.

      Default is the WSConstants.KEYTRANSPORT_RSA15 algorithm.

      Parameters:
      keyEnc - specifies the key encoding algorithm.
      See Also:
    • setUserInfo

      public void setUserInfo(String user)
      Deprecated.
      Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.

      Parameters:
      user -
    • setEmbeddedKeyName

      public void setEmbeddedKeyName(String embeddedKeyName)
      Set the key name for EMBEDDED_KEYNAME
      Parameters:
      embeddedKeyName -
    • setUseThisCert

      public void setUseThisCert(X509Certificate cert)
      Set the X509 Certificate to use for encryption. If this is set and the key identifier is set to DirectReference then use this certificate to get the public key for encryption.
      Parameters:
      cert - is the X509 certificate to use for encryption
    • setSymmetricEncAlgorithm

      public void setSymmetricEncAlgorithm(String algo)
      Set the name of the symmetric encryption algorithm to use.

      This encryption alogrithm is used to encrypt the data, i.e. the SOAP Body. If the algorithm is not set then Triple DES is used. Refer to WSConstants which algorithms are supported.

      Parameters:
      algo - Is the name of the encryption algorithm
      See Also:
    • setEncCanonicalization

      public void setEncCanonicalization(String algo)
      Set the name of an optional canonicalization algorithm to use before encryption.

      This c14n alogrithm is used to serialize the data before encryption, i.e. the SOAP Body. If the algorithm is not set then a standard serialization is used (provided by XMLCipher, usually a XMLSerializer according to DOM 3 specification).

      Parameters:
      algo - Is the name of the canonicalization algorithm
    • getSymmetricEncAlgorithm

      public String getSymmetricEncAlgorithm()
      Get the name of symmetric encryption algorithm to use.

      The name of the encryption alogrithm to encrypt the data, i.e. the SOAP Body. Refer to WSConstants which algorithms are supported.

      Returns:
      the name of the currently selected symmetric encryption algorithm
      See Also:
    • build

      public Document build(Document doc, Crypto crypto) throws WSSecurityException
      Builds the SOAP envelope with encrypted Body and adds encrypted key.

      This function performs several steps:

      • First step: set the encoding namespace in the SOAP:Envelope
      • Second step: generate a symmetric key (session key) for the selected symmetric encryption alogrithm, and set the cipher into encryption mode.
      • Third step: get the data to encrypt. We always encrypt the complete first child element of the SOAP Body element
      • Forth step: encrypt data, and set neccessary attributes in xenc:EncryptedData
      • Fifth step: get the certificate that contains the public key for the public key algorithm that will encrypt the generated symmetric (session) key. Up to now we support RSA 1-5 as public key algorithm.
      • Sixth step: setup the wsse:Security header block
      Parameters:
      doc - the SOAP envelope as Document with plaintext Body
      crypto - an instance of the Crypto API to handle keystore and Certificates
      Returns:
      the SOAP envelope with encrypted Body as Document
      Throws:
      WSSecurityException
    • createEnrcyptedKey

      public static Element createEnrcyptedKey(Document doc, String keyTransportAlgo)
      Create DOM subtree for xenc:EncryptedKey
      Parameters:
      doc - the SOAP enevelope parent document
      keyTransportAlgo - specifies which alogrithm to use to encrypt the symmetric key
      Returns:
      an xenc:EncryptedKey element
    • createCipherValue

      public static Element createCipherValue(Document doc, Element encryptedKey)
    • createDataRefList

      public static Element createDataRefList(Document doc, Element encryptedKey, Vector encDataRefs)
    • setParentNode

      public void setParentNode(Element element)
      Deprecated.
      replaced by
      invalid reference
      WSSecEncrypt#setParentNode(Element)
      Sets the parent node of the EncryptedKeyElement
      Parameters:
      element -
    • getSymmetricKey

      public SecretKey getSymmetricKey()
      Deprecated.
      Returns:
      TODO
    • setSymmetricKey

      public void setSymmetricKey(SecretKey key)
      Set the symmetric key to be used for encryption
      Parameters:
      key -
    • getEncryptionKey

      public SecretKey getEncryptionKey()
      Deprecated.
      replaced by
      invalid reference
      WSSecEncrypt#getEncryptionKey()
      Get the symmetric key used for encryption. This may be the same as the symmetric key field.
      Returns:
      The symmetric key
    • getSecurityTokenReference

      public SecurityTokenReference getSecurityTokenReference()
      Returns:
      TODO
    • setSecurityTokenReference

      public void setSecurityTokenReference(SecurityTokenReference reference)
      Parameters:
      reference -