org.apache.ws.security.message
Class WSSecEncrypt

java.lang.Object
  extended byorg.apache.ws.security.message.WSSecBase
      extended byorg.apache.ws.security.message.WSSecEncryptedKey
          extended byorg.apache.ws.security.message.WSSecEncrypt

public class WSSecEncrypt
extends WSSecEncryptedKey

Encrypts a parts of a message according to WS Specification, X509 profile, and adds the encryption data.

Author:
Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@apache.org).

Field Summary
protected  byte[] embeddedKey
           
protected  java.lang.String embeddedKeyName
           
protected  java.lang.String encCanonAlgo
           
protected  SecurityTokenReference securityTokenReference
          SecurityTokenReference to be inserted into EncryptedData/keyInfo element.
protected  java.lang.String symEncAlgo
           
protected  javax.crypto.SecretKey symmetricKey
          Symmetric key used in the EncrytpedKey.
protected  boolean useKeyIdentifier
           
 
Fields inherited from class org.apache.ws.security.message.WSSecEncryptedKey
bstToken, document, encKeyId, encrUser, encryptedEphemeralKey, encryptedKeyElement, envelope, ephemeralKey, keyEncAlgo, keySize, useThisCert
 
Fields inherited from class org.apache.ws.security.message.WSSecBase
doDebug, keyIdentifierType, parts, password, user, wssConfig
 
Constructor Summary
WSSecEncrypt()
          Constructor.
 
Method Summary
 void addExternalRefElement(org.w3c.dom.Element dataRef, WSSecHeader secHeader)
          Adds (prepends) the external Reference element to the Security header.
 void addInternalRefElement(org.w3c.dom.Element dataRef)
          Adds the internal Reference element to this Encrypt data.
 org.w3c.dom.Document build(org.w3c.dom.Document doc, Crypto crypto, WSSecHeader secHeader)
          Builds the SOAP envelope with encrypted Body and adds encrypted key.
static org.w3c.dom.Element createDataRefList(org.w3c.dom.Document doc, org.w3c.dom.Element referenceList, java.util.Vector encDataRefs)
          Create DOM subtree for xenc:EncryptedKey
 org.w3c.dom.Element encryptForExternalRef(org.w3c.dom.Element dataRef, java.util.Vector references)
          Encrypt one or more parts or elements of the message (external).
 org.w3c.dom.Element encryptForInternalRef(org.w3c.dom.Element dataRef, java.util.Vector references)
          Encrypt one or more parts or elements of the message (internal).
 SecurityTokenReference getSecurityTokenReference()
           
 java.lang.String getSymmetricEncAlgorithm()
          Get the name of symmetric encryption algorithm to use.
 javax.crypto.SecretKey getSymmetricKey()
           
 boolean getUseKeyIdentifier()
          Returns if Key Identifiers should be used in KeyInfo
 boolean isEncryptSymmKey()
           
 void prepare(org.w3c.dom.Document doc, Crypto crypto)
          Initialize a WSSec Encrypt.
 void setCustomReferenceValue(java.lang.String customReferenceValue)
           
 void setEmbeddedKeyName(java.lang.String embeddedKeyName)
          Set the key name for EMBEDDED_KEYNAME
 void setEncCanonicalization(java.lang.String algo)
          Set the name of an optional canonicalization algorithm to use before encryption.
 void setEncryptSymmKey(boolean encryptSymmKey)
           
 void setKey(byte[] key)
          Sets the key to use during embedded encryption.
 void setKeyEnc(java.lang.String keyEnc)
          Sets the algorithm to encode the symmetric key.
 void setSecurityTokenReference(SecurityTokenReference reference)
           
 void setSymmetricEncAlgorithm(java.lang.String algo)
          Set the name of the symmetric encryption algorithm to use.
 void setSymmetricKey(javax.crypto.SecretKey key)
          Set the symmetric key to be used for encryption
 void setUseKeyIdentifier(boolean useKeyIdentifier)
          Set this true if a key identifier must be used in the KeyInfo
 
Methods inherited from class org.apache.ws.security.message.WSSecEncryptedKey
appendBSTElementToHeader, appendToHeader, createCipherValue, createEncryptedKey, createEnrcyptedKey, generateEphemeralKey, getBinarySecurityTokenElement, getBSTTokenId, getEncryptedEphemeralKey, getEncryptedKeyElement, getEphemeralKey, getId, isCertSet, prepareInternal, prependBSTElementToHeader, prependToHeader, setDocument, setEncKeyId, setEncryptedKeyElement, setEphemeralKey, setKeyEncAlgo, setKeySize, setUserInfo, setUseThisCert
 
Methods inherited from class org.apache.ws.security.message.WSSecBase
getKeyIdentifierType, setBodyID, setKeyIdentifierType, setParts, setUserInfo, setWsConfig, setWsuId
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

symEncAlgo

protected java.lang.String symEncAlgo

encCanonAlgo

protected java.lang.String encCanonAlgo

embeddedKey

protected byte[] embeddedKey

embeddedKeyName

protected java.lang.String embeddedKeyName

useKeyIdentifier

protected boolean useKeyIdentifier

symmetricKey

protected javax.crypto.SecretKey symmetricKey
Symmetric key used in the EncrytpedKey.


securityTokenReference

protected SecurityTokenReference securityTokenReference
SecurityTokenReference to be inserted into EncryptedData/keyInfo element.

Constructor Detail

WSSecEncrypt

public WSSecEncrypt()
Constructor.

Method Detail

setKey

public void setKey(byte[] key)
Sets the key to use during embedded encryption.

Parameters:
key - to use during encryption. The key must fit the selected symmetrical encryption algorithm

setKeyEnc

public void setKeyEnc(java.lang.String keyEnc)
Sets the algorithm to encode the symmetric key. Default is the WSConstants.KEYTRANSPORT_RSA15 algorithm.

Parameters:
keyEnc - specifies the key encoding algorithm.
See Also:
WSConstants.KEYTRANSPORT_RSA15, WSConstants.KEYTRANSPORT_RSAOEP

setEmbeddedKeyName

public void setEmbeddedKeyName(java.lang.String embeddedKeyName)
Set the key name for EMBEDDED_KEYNAME

Parameters:
embeddedKeyName -

setUseKeyIdentifier

public void setUseKeyIdentifier(boolean useKeyIdentifier)
Set this true if a key identifier must be used in the KeyInfo

Parameters:
useKeyIdentifier -

setSymmetricEncAlgorithm

public void setSymmetricEncAlgorithm(java.lang.String algo)
Set the name of the symmetric encryption algorithm to use. This encryption algorithm is used to encrypt the data. If the algorithm is not set then AES128 is used. Refer to WSConstants which algorithms are supported.

Parameters:
algo - Is the name of the encryption algorithm
See Also:
WSConstants.TRIPLE_DES, WSConstants.AES_128, WSConstants.AES_192, WSConstants.AES_256

setEncCanonicalization

public void setEncCanonicalization(java.lang.String algo)
Set the name of an optional canonicalization algorithm to use before encryption. This c14n algorithm is used to serialize the data before encryption. If the algorithm is not set then a standard serialization is used (provided by XMLCipher, usually a XMLSerializer according to DOM 3 specification).

Parameters:
algo - Is the name of the canonicalization algorithm

getSymmetricEncAlgorithm

public java.lang.String getSymmetricEncAlgorithm()
Get the name of symmetric encryption algorithm to use. The name of the encryption algorithm to encrypt the data, i.e. the SOAP Body. Refer to WSConstants which algorithms are supported.

Returns:
the name of the currently selected symmetric encryption algorithm
See Also:
WSConstants.TRIPLE_DES, WSConstants.AES_128, WSConstants.AES_192, WSConstants.AES_256

getUseKeyIdentifier

public boolean getUseKeyIdentifier()
Returns if Key Identifiers should be used in KeyInfo

Returns:
if Key Identifiers should be used in KeyInfo

prepare

public void prepare(org.w3c.dom.Document doc,
                    Crypto crypto)
             throws WSSecurityException
Initialize a WSSec Encrypt. The method prepares and initializes a WSSec Encrypt structure after the relevant information was set. After preparation of the token references can be added and encrypted.

This method does not add any element to the security header. This must be done explicitly.

Overrides:
prepare in class WSSecEncryptedKey
Parameters:
doc - The SOAP envelope as Document
crypto - An instance of the Crypto API to handle keystore and certificates
Throws:
WSSecurityException

build

public org.w3c.dom.Document build(org.w3c.dom.Document doc,
                                  Crypto crypto,
                                  WSSecHeader secHeader)
                           throws WSSecurityException
Builds the SOAP envelope with encrypted Body and adds encrypted key. This is a convenience method and for backward compatibility. The method calls the single function methods in order to perform a one shot encryption. This method is compatible with the build method of the previous version with the exception of the additional WSSecHeader parameter.

Parameters:
doc - the SOAP envelope as Document with plain text Body
crypto - an instance of the Crypto API to handle keystore and Certificates
secHeader - the security header element to hold the encrypted key element.
Returns:
the SOAP envelope with encrypted Body as Document
Throws:
WSSecurityException

encryptForInternalRef

public org.w3c.dom.Element encryptForInternalRef(org.w3c.dom.Element dataRef,
                                                 java.util.Vector references)
                                          throws WSSecurityException
Encrypt one or more parts or elements of the message (internal). This method takes a vector of WSEncryptionPart object that contain information about the elements to encrypt. The method call the encryption method, takes the reference information generated during encryption and add this to the xenc:Reference element. This method can be called after prepare() and can be called multiple times to encrypt a number of parts or elements.

The method generates a xenc:Reference element that must be added to this token. See addInternalRefElement().

If the dataRef parameter is null the method creates and initializes a new Reference element.

Parameters:
dataRef - A xenc:Reference element or null
references - A vector containing WSEncryptionPart objects
Returns:
Returns the updated xenc:Reference element
Throws:
WSSecurityException

encryptForExternalRef

public org.w3c.dom.Element encryptForExternalRef(org.w3c.dom.Element dataRef,
                                                 java.util.Vector references)
                                          throws WSSecurityException
Encrypt one or more parts or elements of the message (external). This method takes a vector of WSEncryptionPart object that contain information about the elements to encrypt. The method call the encryption method, takes the reference information generated during encryption and add this to the xenc:Reference element. This method can be called after prepare() and can be called multiple times to encrypt a number of parts or elements.

The method generates a xenc:Reference element that must be added to the SecurityHeader. See addExternalRefElement().

If the dataRef parameter is null the method creates and initializes a new Reference element.

Parameters:
dataRef - A xenc:Reference element or null
references - A vector containing WSEncryptionPart objects
Returns:
Returns the updated xenc:Reference element
Throws:
WSSecurityException

addInternalRefElement

public void addInternalRefElement(org.w3c.dom.Element dataRef)
Adds the internal Reference element to this Encrypt data. The reference element must be created by the encryptForInternalRef() method. The reference element is added to the EncryptedKey element of this encrypt block.

Parameters:
dataRef - The internal enc:Reference element

addExternalRefElement

public void addExternalRefElement(org.w3c.dom.Element dataRef,
                                  WSSecHeader secHeader)
Adds (prepends) the external Reference element to the Security header. The reference element must be created by the encryptForExternalRef() method. The method prepends the reference element in the SecurityHeader.

Parameters:
dataRef - The external enc:Reference element
secHeader - The security header.

createDataRefList

public static org.w3c.dom.Element createDataRefList(org.w3c.dom.Document doc,
                                                    org.w3c.dom.Element referenceList,
                                                    java.util.Vector encDataRefs)
Create DOM subtree for xenc:EncryptedKey

Parameters:
doc - the SOAP envelope parent document
referenceList -
encDataRefs -
Returns:
an xenc:EncryptedKey element

getSymmetricKey

public javax.crypto.SecretKey getSymmetricKey()
Returns:
The symmetric key

setSymmetricKey

public void setSymmetricKey(javax.crypto.SecretKey key)
Set the symmetric key to be used for encryption

Parameters:
key -

getSecurityTokenReference

public SecurityTokenReference getSecurityTokenReference()
Returns:
Return the SecurityTokenRefernce

setSecurityTokenReference

public void setSecurityTokenReference(SecurityTokenReference reference)
Parameters:
reference -

isEncryptSymmKey

public boolean isEncryptSymmKey()

setEncryptSymmKey

public void setEncryptSymmKey(boolean encryptSymmKey)

setCustomReferenceValue

public void setCustomReferenceValue(java.lang.String customReferenceValue)


Copyright © 2004-2008 The Apache Software Foundation. All Rights Reserved.