org.apache.ws.security.message
Class WSSecEncryptedKey

java.lang.Object
  extended byorg.apache.ws.security.message.WSSecBase
      extended byorg.apache.ws.security.message.WSSecEncryptedKey
Direct Known Subclasses:
WSSecEncrypt

public class WSSecEncryptedKey
extends WSSecBase

Builder class to build an EncryptedKey. This is especially useful in the case where the same EncryptedKey has to be used to sign and encrypt the message In such a situation this builder will add the EncryptedKey to the security header and we can use the information form the builder to provide to other builders to reference to the token


Field Summary
protected  BinarySecurity bstToken
          BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE is used to refer to the asymm encryption cert
protected  org.w3c.dom.Document document
           
protected  java.lang.String encKeyId
          The Token identifier of the token that the DerivedKeyToken is (or to be) derived from.
protected  java.lang.String encrUser
          Remote user's alias to obtain the cert to encrypt the ephemeral key
protected  byte[] encryptedEphemeralKey
          Encrypted bytes of the ephemeral key
protected  org.w3c.dom.Element encryptedKeyElement
          xenc:EncryptedKey element
protected  org.w3c.dom.Element envelope
          soap:Envelope element
protected  byte[] ephemeralKey
          Session key used as the secret in key derivation
protected  java.lang.String keyEncAlgo
          Algorithm used to encrypt the ephemeral key
protected  int keySize
          Key size in bits Defaults to 128
protected  java.security.cert.X509Certificate useThisCert
           
 
Fields inherited from class org.apache.ws.security.message.WSSecBase
doDebug, keyIdentifierType, parts, password, user, wssConfig
 
Constructor Summary
WSSecEncryptedKey()
           
 
Method Summary
 void appendBSTElementToHeader(WSSecHeader secHeader)
          Append the BinarySecurityToken to the elements already in the Security header.
 void appendToHeader(WSSecHeader secHeader)
          Append the EncryptedKey element to the elements already in the Security header.
protected  org.w3c.dom.Element createCipherValue(org.w3c.dom.Document doc, org.w3c.dom.Element encryptedKey)
           
protected  org.w3c.dom.Element createEncryptedKey(org.w3c.dom.Document doc, java.lang.String keyTransportAlgo)
          Create DOM subtree for xenc:EncryptedKey
protected  org.w3c.dom.Element createEnrcyptedKey(org.w3c.dom.Document doc, java.lang.String keyTransportAlgo)
          Deprecated. use createEncryptedKey(Document doc, String keyTransportAlgo) instead
protected  byte[] generateEphemeralKey()
          Create an ephemeral key
 org.w3c.dom.Element getBinarySecurityTokenElement()
           
 java.lang.String getBSTTokenId()
          Get the id of the BSt generated during prepare().
 byte[] getEncryptedEphemeralKey()
           
 org.w3c.dom.Element getEncryptedKeyElement()
           
 byte[] getEphemeralKey()
           
 java.lang.String getId()
          Get the id generated during prepare().
 boolean isCertSet()
           
 void prepare(org.w3c.dom.Document doc, Crypto crypto)
          Prepare the ephemeralKey and the tokens required to be added to the security header
protected  void prepareInternal(byte[] keyBytes, java.security.cert.X509Certificate remoteCert, Crypto crypto)
          Encrypt the symmetric key data and prepare the EncryptedKey element This method does the most work for to prepare the EncryptedKey element.
 void prependBSTElementToHeader(WSSecHeader secHeader)
          Prepend the BinarySecurityToken to the elements already in the Security header.
 void prependToHeader(WSSecHeader secHeader)
          Prepend the EncryptedKey element to the elements already in the Security header.
 void setDocument(org.w3c.dom.Document document)
           
 void setEncKeyId(java.lang.String encKeyId)
           
 void setEncryptedKeyElement(org.w3c.dom.Element encryptedKeyElement)
          Set the encrypted key element when a pre prepared encrypted key is used
 void setEphemeralKey(byte[] ephemeralKey)
           
 void setKeyEncAlgo(java.lang.String keyEncAlgo)
           
 void setKeySize(int keySize)
           
 void setUserInfo(java.lang.String user)
          Set the user name to get the encryption certificate.
 void setUseThisCert(java.security.cert.X509Certificate cert)
          Set the X509 Certificate to use for encryption.
 
Methods inherited from class org.apache.ws.security.message.WSSecBase
getKeyIdentifierType, setBodyID, setKeyIdentifierType, setParts, setUserInfo, setWsConfig, setWsuId
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

document

protected org.w3c.dom.Document document

envelope

protected org.w3c.dom.Element envelope
soap:Envelope element


ephemeralKey

protected byte[] ephemeralKey
Session key used as the secret in key derivation


encryptedEphemeralKey

protected byte[] encryptedEphemeralKey
Encrypted bytes of the ephemeral key


encrUser

protected java.lang.String encrUser
Remote user's alias to obtain the cert to encrypt the ephemeral key


keyEncAlgo

protected java.lang.String keyEncAlgo
Algorithm used to encrypt the ephemeral key


encryptedKeyElement

protected org.w3c.dom.Element encryptedKeyElement
xenc:EncryptedKey element


encKeyId

protected java.lang.String encKeyId
The Token identifier of the token that the DerivedKeyToken is (or to be) derived from.


bstToken

protected BinarySecurity bstToken
BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE is used to refer to the asymm encryption cert


useThisCert

protected java.security.cert.X509Certificate useThisCert

keySize

protected int keySize
Key size in bits Defaults to 128

Constructor Detail

WSSecEncryptedKey

public WSSecEncryptedKey()
Method Detail

setUserInfo

public void setUserInfo(java.lang.String user)
Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.

Parameters:
user -

getId

public java.lang.String getId()
Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the EncryptedKey element.

Returns:
Return the wsu:Id of this token or null if prepare() was not called before.

prepare

public void prepare(org.w3c.dom.Document doc,
                    Crypto crypto)
             throws WSSecurityException
Prepare the ephemeralKey and the tokens required to be added to the security header

Parameters:
doc - The SOAP envelope as Document
crypto - An instance of the Crypto API to handle keystore and certificates
Throws:
WSSecurityException

prepareInternal

protected void prepareInternal(byte[] keyBytes,
                               java.security.cert.X509Certificate remoteCert,
                               Crypto crypto)
                        throws WSSecurityException
Encrypt the symmetric key data and prepare the EncryptedKey element This method does the most work for to prepare the EncryptedKey element. It is also used by the WSSecEncrypt sub-class.

Parameters:
keyBytes - The bytes that represent the symmetric key
remoteCert - The certificate that contains the public key to encrypt the symmetric key data
crypto - An instance of the Crypto API to handle keystore and certificates
Throws:
WSSecurityException

generateEphemeralKey

protected byte[] generateEphemeralKey()
                               throws WSSecurityException
Create an ephemeral key

Returns:
an ephemeral key
Throws:
WSSecurityException

createEncryptedKey

protected org.w3c.dom.Element createEncryptedKey(org.w3c.dom.Document doc,
                                                 java.lang.String keyTransportAlgo)
Create DOM subtree for xenc:EncryptedKey

Parameters:
doc - the SOAP envelope parent document
keyTransportAlgo - specifies which algorithm to use to encrypt the symmetric key
Returns:
an xenc:EncryptedKey element

createEnrcyptedKey

protected org.w3c.dom.Element createEnrcyptedKey(org.w3c.dom.Document doc,
                                                 java.lang.String keyTransportAlgo)
Deprecated. use createEncryptedKey(Document doc, String keyTransportAlgo) instead

Create DOM subtree for xenc:EncryptedKey

Parameters:
doc - the SOAP envelope parent document
keyTransportAlgo - specifies which algorithm to use to encrypt the symmetric key
Returns:
an xenc:EncryptedKey element

createCipherValue

protected org.w3c.dom.Element createCipherValue(org.w3c.dom.Document doc,
                                                org.w3c.dom.Element encryptedKey)

prependToHeader

public void prependToHeader(WSSecHeader secHeader)
Prepend the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.

Parameters:
secHeader - The security header that holds the Signature element.

appendToHeader

public void appendToHeader(WSSecHeader secHeader)
Append the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.

Parameters:
secHeader - The security header that holds the Signature element.

prependBSTElementToHeader

public void prependBSTElementToHeader(WSSecHeader secHeader)
Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

Parameters:
secHeader - The security header that holds the BST element.

appendBSTElementToHeader

public void appendBSTElementToHeader(WSSecHeader secHeader)
Append the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

Parameters:
secHeader - The security header that holds the BST element.

getEphemeralKey

public byte[] getEphemeralKey()
Returns:
Returns the ephemeralKey.

setUseThisCert

public void setUseThisCert(java.security.cert.X509Certificate cert)
Set the X509 Certificate to use for encryption. If this is set and the key identifier is set to DirectReference then use this certificate to get the public key for encryption.

Parameters:
cert - is the X509 certificate to use for encryption

getEncryptedKeyElement

public org.w3c.dom.Element getEncryptedKeyElement()
Returns:
Returns the encryptedKeyElement.

setEncryptedKeyElement

public void setEncryptedKeyElement(org.w3c.dom.Element encryptedKeyElement)
Set the encrypted key element when a pre prepared encrypted key is used

Parameters:
encryptedKeyElement - EncryptedKey element of the encrypted key used

getBinarySecurityTokenElement

public org.w3c.dom.Element getBinarySecurityTokenElement()
Returns:
Returns the BinarySecurityToken element.

setKeySize

public void setKeySize(int keySize)
                throws WSSecurityException
Throws:
WSSecurityException

setKeyEncAlgo

public void setKeyEncAlgo(java.lang.String keyEncAlgo)

setEphemeralKey

public void setEphemeralKey(byte[] ephemeralKey)
Parameters:
ephemeralKey - The ephemeralKey to set.

getBSTTokenId

public java.lang.String getBSTTokenId()
Get the id of the BSt generated during prepare().

Returns:
Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.

setDocument

public void setDocument(org.w3c.dom.Document document)
Parameters:
document - The document to set.

setEncKeyId

public void setEncKeyId(java.lang.String encKeyId)
Parameters:
encKeyId - The encKeyId to set.

isCertSet

public boolean isCertSet()

getEncryptedEphemeralKey

public byte[] getEncryptedEphemeralKey()


Copyright © 2004-2008 The Apache Software Foundation. All Rights Reserved.