org.apache.wss4j.dom.message

Class WSSecEncryptedKey

java.lang.Object

org.apache.wss4j.dom.message.WSSecBase

org.apache.wss4j.dom.message.WSSecEncryptedKey

Direct Known Subclasses:

WSSecEncrypt

public class WSSecEncryptedKey
extends WSSecBase

Builder class to build an EncryptedKey. This is especially useful in the case where the same EncryptedKey has to be used to sign and encrypt the message In such a situation this builder will add the EncryptedKey to the security header and we can use the information form the builder to provide to other builders to reference to the token

Field Summary

Fields inherited from class org.apache.wss4j.dom.message.WSSecBase

addWSUNamespace, attachmentCallbackHandler, callbackLookup, expandXopInclude, keyIdentifierType, password, storeBytesInAttachment, user

Constructor Summary

Constructors

Constructor and Description
WSSecEncryptedKey(Document doc)
WSSecEncryptedKey(Document doc, Provider provider)
WSSecEncryptedKey(WSSecHeader securityHeader)

Method Summary

Modifier and Type	Method and Description
protected void	addCipherValueElement(byte[] encryptedEphemeralKey) Create and add the CipherValue Element to the EncryptedKey Element.
void	appendBSTElementToHeader() Append the BinarySecurityToken to the elements already in the Security header.
void	appendToHeader() Append the EncryptedKey element to the elements already in the Security header.
protected Element	createCipherValue(Document doc, Element encryptedKey)
protected void	createEncryptedKeyElement(Key key) Now we need to setup the EncryptedKey header block: 1) create a EncryptedKey element and set a wsu:Id for it 2) Generate ds:KeyInfo element, this wraps the wsse:SecurityTokenReference 3) Create and set up the SecurityTokenReference according to the keyIdentifier parameter 4) Create the CipherValue element structure and insert the encrypted session key
protected void	createEncryptedKeyElement(X509Certificate remoteCert, Crypto crypto) Now we need to setup the EncryptedKey header block: 1) create a EncryptedKey element and set a wsu:Id for it 2) Generate ds:KeyInfo element, this wraps the wsse:SecurityTokenReference 3) Create and set up the SecurityTokenReference according to the keyIdentifier parameter 4) Create the CipherValue element structure and insert the encrypted session key
protected byte[]	encryptSymmetricKey(PublicKey encryptingKey, SecretKey keyToBeEncrypted)
Element	getBinarySecurityTokenElement()
String	getBSTTokenId() Get the id of the BSt generated during prepare().
Element	getCustomEKKeyInfoElement()
String	getDigestAlgorithm() Get the digest algorithm to use with the RSA-OAEP key transport algorithm.
Element	getEncryptedKeyElement()
String	getEncryptedKeySHA1()
String	getId() Get the id generated during prepare().
String	getKeyEncAlgo()
String	getMGFAlgorithm() Get the MGF algorithm to use with the RSA-OAEP key transport algorithm.
X509Certificate	getUseThisCert()
PublicKey	getUseThisPublicKey()
boolean	isCertSet()
boolean	isIncludeEncryptionToken()
void	prepare(Crypto crypto, SecretKey symmetricKey) Create the EncryptedKey Element for inclusion in the security header, by encrypting the symmetricKey parameter using either a public key or certificate that is set on the class, and adding the encrypted bytes as the CipherValue of the EncryptedKey element.
void	prependBSTElementToHeader() Prepend the BinarySecurityToken to the elements already in the Security header.
void	prependToHeader() Prepend the EncryptedKey element to the elements already in the Security header.
void	setCustomEKKeyInfoElement(Element customEKKeyInfoElement)
void	setCustomEKTokenId(String customEKTokenId)
void	setCustomEKTokenValueType(String customEKTokenValueType)
void	setDigestAlgorithm(String digestAlgorithm) Set the digest algorithm to use with the RSA-OAEP key transport algorithm.
void	setEncKeyId(String encKeyId)
void	setEncryptedKeyElement(Element encryptedKeyElement) Set the encrypted key element when a pre prepared encrypted key is used
protected void	setEncryptedKeySHA1(byte[] encryptedEphemeralKey)
void	setIncludeEncryptionToken(boolean includeEncryptionToken)
void	setKeyEncAlgo(String keyEncAlgo)
void	setMGFAlgorithm(String mgfAlgorithm) Set the MGF algorithm to use with the RSA-OAEP key transport algorithm.
void	setUserInfo(String user) Set the user name to get the encryption certificate.
void	setUseThisCert(X509Certificate cert) Set the X509 Certificate to use for encryption.
void	setUseThisPublicKey(PublicKey key) Set the PublicKey to use for encryption.

Methods inherited from class org.apache.wss4j.dom.message.WSSecBase

clean, getDocument, getIdAllocator, getKeyIdentifierType, getParts, getSecurityHeader, getWsDocInfo, isExpandXopInclude, setAttachmentCallbackHandler, setBodyID, setCallbackLookup, setExpandXopInclude, setIdAllocator, setKeyIdentifierType, setStoreBytesInAttachment, setUserInfo, setWsDocInfo, setWsuId

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

WSSecEncryptedKey

public WSSecEncryptedKey(WSSecHeader securityHeader)

WSSecEncryptedKey

public WSSecEncryptedKey(Document doc)

WSSecEncryptedKey

public WSSecEncryptedKey(Document doc,
                         Provider provider)

Method Detail

setUserInfo

public void setUserInfo(String user)

Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.

Parameters:

user -

getId

public String getId()

Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the EncryptedKey element.

Returns:

Return the wsu:Id of this token or null if prepare() was not called before.

prepare

public void prepare(Crypto crypto,
                    SecretKey symmetricKey)
             throws WSSecurityException

Create the EncryptedKey Element for inclusion in the security header, by encrypting the symmetricKey parameter using either a public key or certificate that is set on the class, and adding the encrypted bytes as the CipherValue of the EncryptedKey element. The KeyInfo is constructed according to the keyIdentifierType and also the type of the encrypting key

Parameters:

crypto - An instance of the Crypto API to handle keystore and certificates

symmetricKey - The symmetric key to encrypt and insert into the EncryptedKey

Throws:

WSSecurityException

addCipherValueElement

protected void addCipherValueElement(byte[] encryptedEphemeralKey)
                              throws WSSecurityException

Create and add the CipherValue Element to the EncryptedKey Element.

Throws:

WSSecurityException

createEncryptedKeyElement

protected void createEncryptedKeyElement(X509Certificate remoteCert,
                                         Crypto crypto)
                                  throws WSSecurityException

Now we need to setup the EncryptedKey header block: 1) create a EncryptedKey element and set a wsu:Id for it 2) Generate ds:KeyInfo element, this wraps the wsse:SecurityTokenReference 3) Create and set up the SecurityTokenReference according to the keyIdentifier parameter 4) Create the CipherValue element structure and insert the encrypted session key

Throws:

WSSecurityException

createEncryptedKeyElement

protected void createEncryptedKeyElement(Key key)
                                  throws WSSecurityException

Now we need to setup the EncryptedKey header block: 1) create a EncryptedKey element and set a wsu:Id for it 2) Generate ds:KeyInfo element, this wraps the wsse:SecurityTokenReference 3) Create and set up the SecurityTokenReference according to the keyIdentifier parameter 4) Create the CipherValue element structure and insert the encrypted session key

Throws:

WSSecurityException

encryptSymmetricKey

protected byte[] encryptSymmetricKey(PublicKey encryptingKey,
                                     SecretKey keyToBeEncrypted)
                              throws WSSecurityException

Throws:

WSSecurityException

createCipherValue

protected Element createCipherValue(Document doc,
                                    Element encryptedKey)

prependToHeader

public void prependToHeader()

Prepend the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.

appendToHeader

public void appendToHeader()

Append the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.

prependBSTElementToHeader

public void prependBSTElementToHeader()

Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

appendBSTElementToHeader

public void appendBSTElementToHeader()

Append the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

setUseThisCert

public void setUseThisCert(X509Certificate cert)

Set the X509 Certificate to use for encryption. If this is set and the key identifier is set to DirectReference then use this certificate to get the public key for encryption.

Parameters:

cert - is the X509 certificate to use for encryption

getUseThisCert

public X509Certificate getUseThisCert()

setUseThisPublicKey

public void setUseThisPublicKey(PublicKey key)

Set the PublicKey to use for encryption.

Parameters:

key - the PublicKey instance to use for encryption

getUseThisPublicKey

public PublicKey getUseThisPublicKey()

getEncryptedKeyElement

public Element getEncryptedKeyElement()

Returns:

Returns the encryptedKeyElement.

setEncryptedKeyElement

public void setEncryptedKeyElement(Element encryptedKeyElement)

Set the encrypted key element when a pre prepared encrypted key is used

Parameters:

encryptedKeyElement - EncryptedKey element of the encrypted key used

getBinarySecurityTokenElement

public Element getBinarySecurityTokenElement()

Returns:

Returns the BinarySecurityToken element.

setKeyEncAlgo

public void setKeyEncAlgo(String keyEncAlgo)

getKeyEncAlgo

public String getKeyEncAlgo()

getBSTTokenId

public String getBSTTokenId()

Get the id of the BSt generated during prepare().

Returns:

Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.

setEncKeyId

public void setEncKeyId(String encKeyId)

Parameters:

encKeyId - The encKeyId to set.

isCertSet

public boolean isCertSet()

setCustomEKTokenValueType

public void setCustomEKTokenValueType(String customEKTokenValueType)

setCustomEKTokenId

public void setCustomEKTokenId(String customEKTokenId)

setDigestAlgorithm

public void setDigestAlgorithm(String digestAlgorithm)

Set the digest algorithm to use with the RSA-OAEP key transport algorithm. The default is SHA-1.

Parameters:

digestAlgorithm - the digest algorithm to use with the RSA-OAEP key transport algorithm

getDigestAlgorithm

public String getDigestAlgorithm()

Get the digest algorithm to use with the RSA-OAEP key transport algorithm. The default is SHA-1.

setMGFAlgorithm

public void setMGFAlgorithm(String mgfAlgorithm)

Set the MGF algorithm to use with the RSA-OAEP key transport algorithm. The default is MGF-SHA-1.

Parameters:

mgfAlgorithm - the MGF algorithm to use with the RSA-OAEP key transport algorithm

getMGFAlgorithm

public String getMGFAlgorithm()

Get the MGF algorithm to use with the RSA-OAEP key transport algorithm. The default is MGF-SHA-1.

isIncludeEncryptionToken

public boolean isIncludeEncryptionToken()

setIncludeEncryptionToken

public void setIncludeEncryptionToken(boolean includeEncryptionToken)

getCustomEKKeyInfoElement

public Element getCustomEKKeyInfoElement()

setCustomEKKeyInfoElement

public void setCustomEKKeyInfoElement(Element customEKKeyInfoElement)

setEncryptedKeySHA1

protected void setEncryptedKeySHA1(byte[] encryptedEphemeralKey)
                            throws WSSecurityException

Throws:

WSSecurityException

getEncryptedKeySHA1

public String getEncryptedKeySHA1()