Package org.apache.ws.security.message

Class WSSecDerivedKeyBase

  • Direct Known Subclasses:
    WSSecDKEncrypt, WSSecDKSign
    public abstract class WSSecDerivedKeyBase
extends WSSecBase
    Base class for DerivedKey encryption and signature
    Author:
    Ruchith Fernando (ruchith.fernando@gmail.com), Davanum Srinivas (dims@yahoo.com), Werner Dittmann (werner@apache.org)

    • Field Detail

      • document

        protected org.w3c.dom.Document document

      • ephemeralKey

        protected byte[] ephemeralKey
        Session key used as the secret in key derivation

      • derivedKeyBytes

        protected byte[] derivedKeyBytes
        Raw bytes of the derived key

      • dktId

        protected java.lang.String dktId
        wsu:Id of the wsc:DerivedKeyToken

      • clientLabel

        protected java.lang.String clientLabel
        Client's label value

      • serviceLabel

        protected java.lang.String serviceLabel
        Service's label value

      • envelope

        protected org.w3c.dom.Element envelope
        soap:Envelope element

      • tokenIdentifier

        protected java.lang.String tokenIdentifier
        The Token identifier of the token that the DerivedKeyToken is (or to be) derived from.

      • strElem

        protected org.w3c.dom.Element strElem
        The wsse:SecurityTokenReference element to be used

      • derivedKeyLength

        protected int derivedKeyLength

    • Constructor Detail

      • WSSecDerivedKeyBase

        public WSSecDerivedKeyBase()

    • Method Detail

      • getDerivedKeyLength

        protected abstract int getDerivedKeyLength()
                                    throws WSSecurityException
        The derived key will change depending on the sig/encr algorithm. Therefore the child classes are expected to provide this value.
        Returns:
        Throws:
        WSSecurityException

      • setExternalKey

        public void setExternalKey​(byte[] ephemeralKey,
                           java.lang.String tokenIdentifier)
        Parameters:
        ephemeralKey - The ephemeralKey to set.

      • setExternalKey

        public void setExternalKey​(byte[] ephemeralKey,
                           org.w3c.dom.Element strElem)
        Parameters:
        ephemeralKey - The ephemeralKey to set.

      • getTokenIdentifier

        public java.lang.String getTokenIdentifier()
        Returns:
        Returns the tokenIdentifier.

      • getId

        public java.lang.String getId()
        Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the DerivedKeyToken element.
        Returns:
        Return the wsu:Id of this token or null if prepare() was not called before.

      • setClientLabel

        public void setClientLabel​(java.lang.String clientLabel)
        Set the label value of the client.
        Parameters:
        clientLabel -

      • setServiceLabel

        public void setServiceLabel​(java.lang.String serviceLabel)
        Set the label value of the service.
        Parameters:
        serviceLabel -

      • prepare

        public void prepare​(org.w3c.dom.Document doc)
             throws WSSecurityException,
                    org.apache.ws.security.conversation.ConversationException
        Initialize a WSSec Derived key. The method prepares and initializes a WSSec dereived key structure after the relevant information was set. This method also creates and initializes the derived token using the ephemeral key. After preparation references can be added, encrypted and signed as required.

        This method does not add any element to the security header. This must be done explicitly.
        Parameters:
        doc - The unsigned SOAP envelope as Document
        Throws:
        WSSecurityException
        org.apache.ws.security.conversation.ConversationException

      • prependDKElementToHeader

        public void prependDKElementToHeader​(WSSecHeader secHeader)
        Prepend the DerivedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the DereivedKey element at any position in the Security header.
        Parameters:
        secHeader - The security header that holds the Signature element.

      • appendDKElementToHeader

        public void appendDKElementToHeader​(WSSecHeader secHeader)

      • setWscVersion

        public void setWscVersion​(int wscVersion)
        Parameters:
        wscVersion - The wscVersion to set.

      • getdktElement

        public org.w3c.dom.Element getdktElement()

      • setDerivedKeyLength

        public void setDerivedKeyLength​(int keyLength)