Package org.apache.ws.security.message
Class WSSecEncryptedKey
java.lang.Object
org.apache.ws.security.message.WSSecBase
org.apache.ws.security.message.WSSecEncryptedKey
- Direct Known Subclasses:
WSSecEncrypt
Builder class to build an EncryptedKey.
This is expecially useful in the case where the same
EncryptedKey
has to be used to sign and encrypt the message In
such a situation this builder will add the EncryptedKey
to the
security header and we can use the information form the builder to provide to
other builders to reference to the token-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected BinarySecurity
BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE is used to refer to the asymm encryption certprotected Document
protected String
The Token identifier of the token that theDerivedKeyToken
is (or to be) derived from.protected String
Remote user's alias to obtain the cert to encrypt the ephemeral keyprotected Element
xenc:EncryptedKey elementprotected Element
soap:Envelope elementprotected byte[]
Session key used as the secret in key derivationprotected String
Algorithm used to encrypt the ephemeral keyprotected int
Key size in bits Defaults to 128protected X509Certificate
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
appendBSTElementToHeader
(WSSecHeader secHeader) Append the BinarySecurityToken to the elements already in the Security header.void
appendToHeader
(WSSecHeader secHeader) Append the EncryptedKey element to the elements already in the Security header.protected Element
createCipherValue
(Document doc, Element encryptedKey) protected Element
createEnrcyptedKey
(Document doc, String keyTransportAlgo) Create DOM subtree forxenc:EncryptedKey
protected byte[]
Create an ephemeral keyGet the id of the BSt generated duringprepare()
.byte[]
getId()
Get the id generated duringprepare()
.void
Prepare the ephemeralKey and the tokens required to be added to the security headerprotected void
prepareInternal
(byte[] keyBytes, X509Certificate remoteCert, Crypto crypto) Encrypt the symmetric key data and prepare the EncryptedKey element This method does the most work for to prepare the EncryptedKey element.void
prependBSTElementToHeader
(WSSecHeader secHeader) Prepend the BinarySecurityToken to the elements already in the Security header.void
prependToHeader
(WSSecHeader secHeader) Prepend the EncryptedKey element to the elements already in the Security header.void
setDocument
(Document document) void
setEncKeyId
(String encKeyId) void
setEphemeralKey
(byte[] ephemeralKey) void
setKeyEncAlgo
(String keyEncAlgo) void
setKeySize
(int keySize) void
setUserInfo
(String user) Set the user name to get the encryption certificate.void
Set the X509 Certificate to use for encryption.Methods inherited from class org.apache.ws.security.message.WSSecBase
getKeyIdentifierType, setBodyID, setKeyIdentifierType, setParts, setUserInfo, setWsConfig, setWsuId
-
Field Details
-
document
-
envelope
soap:Envelope element -
ephemeralKey
protected byte[] ephemeralKeySession key used as the secret in key derivation -
encrUser
Remote user's alias to obtain the cert to encrypt the ephemeral key -
keyEncAlgo
Algorithm used to encrypt the ephemeral key -
encryptedKeyElement
xenc:EncryptedKey element -
encKeyId
The Token identifier of the token that theDerivedKeyToken
is (or to be) derived from. -
bstToken
BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE is used to refer to the asymm encryption cert -
useThisCert
-
keySize
protected int keySizeKey size in bits Defaults to 128
-
-
Constructor Details
-
WSSecEncryptedKey
public WSSecEncryptedKey()
-
-
Method Details
-
setUserInfo
Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.- Parameters:
user
-
-
getId
Get the id generated duringprepare()
. Returns the the value of wsu:Id attribute of the EncryptedKey element.- Returns:
- Return the wsu:Id of this token or null if
prepare()
was not called before.
-
prepare
Prepare the ephemeralKey and the tokens required to be added to the security header- Parameters:
doc
- The SOAP envelope asDocument
crypto
- An instance of the Crypto API to handle keystore and certificates- Throws:
WSSecurityException
-
prepareInternal
protected void prepareInternal(byte[] keyBytes, X509Certificate remoteCert, Crypto crypto) throws WSSecurityException Encrypt the symmetric key data and prepare the EncryptedKey element This method does the most work for to prepare the EncryptedKey element. It is also used by the WSSecEncrypt sub-class.- Parameters:
keyBytes
- The bytes that represent the symmetric keyremoteCert
- The certificate that contains the public key to encrypt the seymmetric key datacrypto
- An instance of the Crypto API to handle keystore and certificates- Throws:
WSSecurityException
-
generateEphemeralKey
Create an ephemeral key- Returns:
- Throws:
WSSecurityException
-
createEnrcyptedKey
Create DOM subtree forxenc:EncryptedKey
- Parameters:
doc
- the SOAP enevelope parent documentkeyTransportAlgo
- specifies which alogrithm to use to encrypt the symmetric key- Returns:
- an
xenc:EncryptedKey
element
-
createCipherValue
-
prependToHeader
Prepend the EncryptedKey element to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the EncryptedKey element at any position in the Security header.- Parameters:
secHeader
- The security header that holds the Signature element.
-
appendToHeader
Append the EncryptedKey element to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the EncryptedKey element at any position in the Security header.- Parameters:
secHeader
- The security header that holds the Signature element.
-
prependBSTElementToHeader
Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the BST element at any position in the Security header.- Parameters:
secHeader
- The security header that holds the BST element.
-
appendBSTElementToHeader
Append the BinarySecurityToken to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the BST element at any position in the Security header.- Parameters:
secHeader
- The security header that holds the BST element.
-
getEphemeralKey
public byte[] getEphemeralKey()- Returns:
- Returns the ephemeralKey.
-
setUseThisCert
Set the X509 Certificate to use for encryption. If this is set and the key identifier is set toDirectReference
then use this certificate to get the public key for encryption.- Parameters:
cert
- is the X509 certificate to use for encryption
-
getEncryptedKeyElement
- Returns:
- Returns the encryptedKeyElement.
-
getBinarySecurityTokenElement
- Returns:
- Returns the BinarySecurityToken element.
-
setKeySize
- Throws:
WSSecurityException
-
setKeyEncAlgo
-
setEphemeralKey
public void setEphemeralKey(byte[] ephemeralKey) - Parameters:
ephemeralKey
- The ephemeralKey to set.
-
getBSTTokenId
Get the id of the BSt generated duringprepare()
.- Returns:
- Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.
-
setDocument
- Parameters:
document
- The document to set.
-
setEncKeyId
- Parameters:
encKeyId
- The encKeyId to set.
-