Class WSSecEncrypt


public class WSSecEncrypt extends WSSecEncryptedKey
Encrypts a parts of a message according to WS Specification, X509 profile, and adds the encryption data.
Author:
Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@apache.org).
  • Field Details

    • symEncAlgo

      protected String symEncAlgo
    • encCanonAlgo

      protected String encCanonAlgo
    • embeddedKey

      protected byte[] embeddedKey
    • embeddedKeyName

      protected String embeddedKeyName
    • symmetricKey

      protected SecretKey symmetricKey
      Symmetric key used in the EncrytpedKey.
    • securityTokenReference

      protected SecurityTokenReference securityTokenReference
      SecurityTokenReference to be inserted into EncryptedData/keyInfo element.
  • Constructor Details

    • WSSecEncrypt

      public WSSecEncrypt()
      Constructor.
  • Method Details

    • setKey

      public void setKey(byte[] key)
      Sets the key to use during embedded encryption.

      Parameters:
      key - to use during encryption. The key must fit the selected symmetrical encryption algorithm
    • setKeyEnc

      public void setKeyEnc(String keyEnc)
      Sets the algorithm to encode the symmetric key. Default is the WSConstants.KEYTRANSPORT_RSA15 algorithm.
      Parameters:
      keyEnc - specifies the key encoding algorithm.
      See Also:
    • setEmbeddedKeyName

      public void setEmbeddedKeyName(String embeddedKeyName)
      Set the key name for EMBEDDED_KEYNAME
      Parameters:
      embeddedKeyName -
    • setSymmetricEncAlgorithm

      public void setSymmetricEncAlgorithm(String algo)
      Set the name of the symmetric encryption algorithm to use. This encryption alogrithm is used to encrypt the data. If the algorithm is not set then AES128 is used. Refer to WSConstants which algorithms are supported.
      Parameters:
      algo - Is the name of the encryption algorithm
      See Also:
    • setEncCanonicalization

      public void setEncCanonicalization(String algo)
      Set the name of an optional canonicalization algorithm to use before encryption. This c14n alogrithm is used to serialize the data before encryption. If the algorithm is not set then a standard serialization is used (provided by XMLCipher, usually a XMLSerializer according to DOM 3 specification).
      Parameters:
      algo - Is the name of the canonicalization algorithm
    • getSymmetricEncAlgorithm

      public String getSymmetricEncAlgorithm()
      Get the name of symmetric encryption algorithm to use. The name of the encryption alogrithm to encrypt the data, i.e. the SOAP Body. Refer to WSConstants which algorithms are supported.
      Returns:
      the name of the currently selected symmetric encryption algorithm
      See Also:
    • prepare

      public void prepare(Document doc, Crypto crypto) throws WSSecurityException
      Initialize a WSSec Encrypt. The method prepares and initializes a WSSec Encrypt structure after the relevant information was set. After preparartion of the token references can be added and encrypted.

      This method does not add any element to the security header. This must be done explicitly.
      Overrides:
      prepare in class WSSecEncryptedKey
      Parameters:
      doc - The SOAP envelope as Document
      crypto - An instance of the Crypto API to handle keystore and certificates
      Throws:
      WSSecurityException
    • build

      public Document build(Document doc, Crypto crypto, WSSecHeader secHeader) throws WSSecurityException
      Builds the SOAP envelope with encrypted Body and adds encrypted key. This is a convenience method and for backward compatibility. The method calls the single function methods in order to perform a one shot encryption. This method is compatible with the build method of the previous version with the exception of the additional WSSecHeader parameter.
      Parameters:
      doc - the SOAP envelope as Document with plaintext Body
      crypto - an instance of the Crypto API to handle keystore and Certificates
      secHeader - the security header element to hold the encrypted key element.
      Returns:
      the SOAP envelope with encrypted Body as Document
      Throws:
      WSSecurityException
    • encryptForInternalRef

      public Element encryptForInternalRef(Element dataRef, Vector references) throws WSSecurityException
      Encrypt one or more parts or elements of the message (internal). This method takes a vector of WSEncryptionPart object that contain information about the elements to encrypt. The method call the encryption method, takes the reference information generated during encryption and add this to the xenc:Reference element. This method can be called after prepare() and can be called multiple times to encrypt a number of parts or elements.

      The method generates a xenc:Reference element that must be added to this token. See addInternalRefElement().

      If the dataRef parameter is null the method creates and initializes a new Reference element.
      Parameters:
      dataRef - A xenc:Reference element or null
      references - A vector containing WSEncryptionPart objects
      Returns:
      Returns the updated xenc:Reference element
      Throws:
      WSSecurityException
    • encryptForExternalRef

      public Element encryptForExternalRef(Element dataRef, Vector references) throws WSSecurityException
      Encrypt one or more parts or elements of the message (external). This method takes a vector of WSEncryptionPart object that contain information about the elements to encrypt. The method call the encryption method, takes the reference information generated during encryption and add this to the xenc:Reference element. This method can be called after prepare() and can be called multiple times to encrypt a number of parts or elements.

      The method generates a xenc:Reference element that must be added to the SecurityHeader. See addExternalRefElement().

      If the dataRef parameter is null the method creates and initializes a new Reference element.
      Parameters:
      dataRef - A xenc:Reference element or null
      references - A vector containing WSEncryptionPart objects
      Returns:
      Returns the updated xenc:Reference element
      Throws:
      WSSecurityException
    • addInternalRefElement

      public void addInternalRefElement(Element dataRef)
      Adds the internal Reference element to this Encrypt data. The refernce element must be created by the encryptForInternalRef() method. The refernce element is added to the EncryptedKey element of this encrypt block.
      Parameters:
      dataRef - The internal enc:Reference element
    • addExternalRefElement

      public void addExternalRefElement(Element dataRef, WSSecHeader secHeader)
      Adds (prepends) the external Reference element to the Security header. The refernce element must be created by the encryptForExternalRef() method. The method prepends the reference element in the SecurityHeader.
      Parameters:
      dataRef - The external enc:Reference element
      secHeader - The security header.
    • createDataRefList

      public static Element createDataRefList(Document doc, Element referenceList, Vector encDataRefs)
      Create DOM subtree for xenc:EncryptedKey
      Parameters:
      doc - the SOAP enevelope parent document
      keyTransportAlgo - specifies which alogrithm to use to encrypt the symmetric key
      Returns:
      an xenc:EncryptedKey element
    • getSymmetricKey

      public SecretKey getSymmetricKey()
      Returns:
      The symmetric key
    • setSymmetricKey

      public void setSymmetricKey(SecretKey key)
      Set the symmetric key to be used for encryption
      Parameters:
      key -
    • getSecurityTokenReference

      public SecurityTokenReference getSecurityTokenReference()
      Returns:
      Return the SecurityTokenRefernce
    • setSecurityTokenReference

      public void setSecurityTokenReference(SecurityTokenReference reference)
      Parameters:
      reference -