Package org.apache.ws.security.message

Class WSSecEncryptedKey

  • Direct Known Subclasses:
    WSSecEncrypt
    public class WSSecEncryptedKey
extends WSSecBase
    Builder class to build an EncryptedKey. This is expecially useful in the case where the same EncryptedKey has to be used to sign and encrypt the message In such a situation this builder will add the EncryptedKey to the security header and we can use the information form the builder to provide to other builders to reference to the token

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected BinarySecurity bstToken
      BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE is used to refer to the asymm encryption cert
      protected org.w3c.dom.Document document  
      protected java.lang.String encKeyId
      The Token identifier of the token that the DerivedKeyToken is (or to be) derived from.
      protected java.lang.String encrUser
      Remote user's alias to obtain the cert to encrypt the ephemeral key
      protected org.w3c.dom.Element encryptedKeyElement
      xenc:EncryptedKey element
      protected org.w3c.dom.Element envelope
      soap:Envelope element
      protected byte[] ephemeralKey
      Session key used as the secret in key derivation
      protected java.lang.String keyEncAlgo
      Algorithm used to encrypt the ephemeral key
      protected int keySize
      Key size in bits Defaults to 128
      protected java.security.cert.X509Certificate useThisCert  

    • Field Detail

      • document

        protected org.w3c.dom.Document document

      • envelope

        protected org.w3c.dom.Element envelope
        soap:Envelope element

      • ephemeralKey

        protected byte[] ephemeralKey
        Session key used as the secret in key derivation

      • encrUser

        protected java.lang.String encrUser
        Remote user's alias to obtain the cert to encrypt the ephemeral key

      • keyEncAlgo

        protected java.lang.String keyEncAlgo
        Algorithm used to encrypt the ephemeral key

      • encryptedKeyElement

        protected org.w3c.dom.Element encryptedKeyElement
        xenc:EncryptedKey element

      • encKeyId

        protected java.lang.String encKeyId
        The Token identifier of the token that the DerivedKeyToken is (or to be) derived from.

      • bstToken

        protected BinarySecurity bstToken
        BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE is used to refer to the asymm encryption cert

      • useThisCert

        protected java.security.cert.X509Certificate useThisCert

      • keySize

        protected int keySize
        Key size in bits Defaults to 128

    • Constructor Detail

      • WSSecEncryptedKey

        public WSSecEncryptedKey()

    • Method Detail

      • setUserInfo

        public void setUserInfo​(java.lang.String user)
        Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.
        Parameters:
        user -

      • getId

        public java.lang.String getId()
        Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the EncryptedKey element.
        Returns:
        Return the wsu:Id of this token or null if prepare() was not called before.

      • prepare

        public void prepare​(org.w3c.dom.Document doc,
                    Crypto crypto)
             throws WSSecurityException
        Prepare the ephemeralKey and the tokens required to be added to the security header
        Parameters:
        doc - The SOAP envelope as Document
        crypto - An instance of the Crypto API to handle keystore and certificates
        Throws:
        WSSecurityException

      • prepareInternal

        protected void prepareInternal​(byte[] keyBytes,
                               java.security.cert.X509Certificate remoteCert,
                               Crypto crypto)
                        throws WSSecurityException
        Encrypt the symmetric key data and prepare the EncryptedKey element This method does the most work for to prepare the EncryptedKey element. It is also used by the WSSecEncrypt sub-class.
        Parameters:
        keyBytes - The bytes that represent the symmetric key
        remoteCert - The certificate that contains the public key to encrypt the seymmetric key data
        crypto - An instance of the Crypto API to handle keystore and certificates
        Throws:
        WSSecurityException

      • createEnrcyptedKey

        protected org.w3c.dom.Element createEnrcyptedKey​(org.w3c.dom.Document doc,
                                                 java.lang.String keyTransportAlgo)
        Create DOM subtree for xenc:EncryptedKey
        Parameters:
        doc - the SOAP enevelope parent document
        keyTransportAlgo - specifies which alogrithm to use to encrypt the symmetric key
        Returns:
        an xenc:EncryptedKey element

      • createCipherValue

        protected org.w3c.dom.Element createCipherValue​(org.w3c.dom.Document doc,
                                                org.w3c.dom.Element encryptedKey)

      • prependToHeader

        public void prependToHeader​(WSSecHeader secHeader)
        Prepend the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.
        Parameters:
        secHeader - The security header that holds the Signature element.

      • appendToHeader

        public void appendToHeader​(WSSecHeader secHeader)
        Append the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.
        Parameters:
        secHeader - The security header that holds the Signature element.

      • prependBSTElementToHeader

        public void prependBSTElementToHeader​(WSSecHeader secHeader)
        Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.
        Parameters:
        secHeader - The security header that holds the BST element.

      • appendBSTElementToHeader

        public void appendBSTElementToHeader​(WSSecHeader secHeader)
        Append the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.
        Parameters:
        secHeader - The security header that holds the BST element.

      • getEphemeralKey

        public byte[] getEphemeralKey()
        Returns:
        Returns the ephemeralKey.

      • setUseThisCert

        public void setUseThisCert​(java.security.cert.X509Certificate cert)
        Set the X509 Certificate to use for encryption. If this is set and the key identifier is set to DirectReference then use this certificate to get the public key for encryption.
        Parameters:
        cert - is the X509 certificate to use for encryption

      • getEncryptedKeyElement

        public org.w3c.dom.Element getEncryptedKeyElement()
        Returns:
        Returns the encryptedKeyElement.

      • getBinarySecurityTokenElement

        public org.w3c.dom.Element getBinarySecurityTokenElement()
        Returns:
        Returns the BinarySecurityToken element.

      • setKeyEncAlgo

        public void setKeyEncAlgo​(java.lang.String keyEncAlgo)

      • setEphemeralKey

        public void setEphemeralKey​(byte[] ephemeralKey)
        Parameters:
        ephemeralKey - The ephemeralKey to set.

      • getBSTTokenId

        public java.lang.String getBSTTokenId()
        Get the id of the BSt generated during prepare().
        Returns:
        Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.

      • setDocument

        public void setDocument​(org.w3c.dom.Document document)
        Parameters:
        document - The document to set.

      • setEncKeyId

        public void setEncKeyId​(java.lang.String encKeyId)
        Parameters:
        encKeyId - The encKeyId to set.