Class WSSecEncryptedKey

java.lang.Object
org.apache.ws.security.message.WSSecBase
org.apache.ws.security.message.WSSecEncryptedKey
Direct Known Subclasses:
WSSecEncrypt
public class WSSecEncryptedKey extends WSSecBase
Builder class to build an EncryptedKey. This is expecially useful in the case where the same EncryptedKey has to be used to sign and encrypt the message In such a situation this builder will add the EncryptedKey to the security header and we can use the information form the builder to provide to other builders to reference to the token

  • Field Details

    • document

      protected Document document

    • envelope

      protected Element envelope
      soap:Envelope element

    • ephemeralKey

      protected byte[] ephemeralKey
      Session key used as the secret in key derivation

    • encrUser

      protected String encrUser
      Remote user's alias to obtain the cert to encrypt the ephemeral key

    • keyEncAlgo

      protected String keyEncAlgo
      Algorithm used to encrypt the ephemeral key

    • encryptedKeyElement

      protected Element encryptedKeyElement
      xenc:EncryptedKey element

    • encKeyId

      protected String encKeyId
      The Token identifier of the token that the DerivedKeyToken is (or to be) derived from.

    • bstToken

      protected BinarySecurity bstToken
      BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE is used to refer to the asymm encryption cert

    • useThisCert

      protected X509Certificate useThisCert

    • keySize

      protected int keySize
      Key size in bits Defaults to 128

  • Constructor Details

    • WSSecEncryptedKey

      public WSSecEncryptedKey()

  • Method Details

    • setUserInfo

      public void setUserInfo(String user)
      Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.
      Parameters:
      user -

    • getId

      public String getId()
      Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the EncryptedKey element.
      Returns:
      Return the wsu:Id of this token or null if prepare() was not called before.

    • prepare

      public void prepare(Document doc, Crypto crypto) throws WSSecurityException
      Prepare the ephemeralKey and the tokens required to be added to the security header
      Parameters:
      doc - The SOAP envelope as Document
      crypto - An instance of the Crypto API to handle keystore and certificates
      Throws:
      WSSecurityException

    • prepareInternal

      protected void prepareInternal(byte[] keyBytes, X509Certificate remoteCert, Crypto crypto) throws WSSecurityException
      Encrypt the symmetric key data and prepare the EncryptedKey element This method does the most work for to prepare the EncryptedKey element. It is also used by the WSSecEncrypt sub-class.
      Parameters:
      keyBytes - The bytes that represent the symmetric key
      remoteCert - The certificate that contains the public key to encrypt the seymmetric key data
      crypto - An instance of the Crypto API to handle keystore and certificates
      Throws:
      WSSecurityException

    • generateEphemeralKey

      protected byte[] generateEphemeralKey() throws WSSecurityException
      Create an ephemeral key
      Returns:
      Throws:
      WSSecurityException

    • createEnrcyptedKey

      protected Element createEnrcyptedKey(Document doc, String keyTransportAlgo)
      Create DOM subtree for xenc:EncryptedKey
      Parameters:
      doc - the SOAP enevelope parent document
      keyTransportAlgo - specifies which alogrithm to use to encrypt the symmetric key
      Returns:
      an xenc:EncryptedKey element

    • createCipherValue

      protected Element createCipherValue(Document doc, Element encryptedKey)

    • prependToHeader

      public void prependToHeader(WSSecHeader secHeader)
      Prepend the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.
      Parameters:
      secHeader - The security header that holds the Signature element.

    • appendToHeader

      public void appendToHeader(WSSecHeader secHeader)
      Append the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.
      Parameters:
      secHeader - The security header that holds the Signature element.

    • prependBSTElementToHeader

      public void prependBSTElementToHeader(WSSecHeader secHeader)
      Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.
      Parameters:
      secHeader - The security header that holds the BST element.

    • appendBSTElementToHeader

      public void appendBSTElementToHeader(WSSecHeader secHeader)
      Append the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.
      Parameters:
      secHeader - The security header that holds the BST element.

    • getEphemeralKey

      public byte[] getEphemeralKey()
      Returns:
      Returns the ephemeralKey.

    • setUseThisCert

      public void setUseThisCert(X509Certificate cert)
      Set the X509 Certificate to use for encryption. If this is set and the key identifier is set to DirectReference then use this certificate to get the public key for encryption.
      Parameters:
      cert - is the X509 certificate to use for encryption

    • getEncryptedKeyElement

      public Element getEncryptedKeyElement()
      Returns:
      Returns the encryptedKeyElement.

    • getBinarySecurityTokenElement

      public Element getBinarySecurityTokenElement()
      Returns:
      Returns the BinarySecurityToken element.

    • setKeySize

      public void setKeySize(int keySize) throws WSSecurityException
      Throws:
      WSSecurityException

    • setKeyEncAlgo

      public void setKeyEncAlgo(String keyEncAlgo)

    • setEphemeralKey

      public void setEphemeralKey(byte[] ephemeralKey)
      Parameters:
      ephemeralKey - The ephemeralKey to set.

    • getBSTTokenId

      public String getBSTTokenId()
      Get the id of the BSt generated during prepare().
      Returns:
      Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.

    • setDocument

      public void setDocument(Document document)
      Parameters:
      document - The document to set.

    • setEncKeyId

      public void setEncKeyId(String encKeyId)
      Parameters:
      encKeyId - The encKeyId to set.