Package org.apache.wss4j.dom.message
Class WSSecEncryptedKey
- java.lang.Object
-
- org.apache.wss4j.dom.message.WSSecBase
-
- org.apache.wss4j.dom.message.WSSecEncryptedKey
-
- Direct Known Subclasses:
WSSecEncrypt
public class WSSecEncryptedKey extends WSSecBase
Builder class to build an EncryptedKey. This is especially useful in the case where the sameEncryptedKey
has to be used to sign and encrypt the message In such a situation this builder will add theEncryptedKey
to the security header and we can use the information form the builder to provide to other builders to reference to the token
-
-
Field Summary
-
Fields inherited from class org.apache.wss4j.dom.message.WSSecBase
addWSUNamespace, attachmentCallbackHandler, callbackLookup, expandXopInclude, keyIdentifierType, password, storeBytesInAttachment, user
-
-
Constructor Summary
Constructors Constructor Description WSSecEncryptedKey(WSSecHeader securityHeader)
WSSecEncryptedKey(Document doc)
WSSecEncryptedKey(Document doc, Provider provider)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
addCipherValueElement(byte[] encryptedEphemeralKey)
Create and add the CipherValue Element to the EncryptedKey Element.void
appendBSTElementToHeader()
Append the BinarySecurityToken to the elements already in the Security header.void
appendToHeader()
Append the EncryptedKey element to the elements already in the Security header.protected Element
createCipherValue(Document doc, Element encryptedKey)
protected void
createEncryptedKeyElement(X509Certificate remoteCert, Crypto crypto)
Now we need to setup the EncryptedKey header block: 1) create a EncryptedKey element and set a wsu:Id for it 2) Generate ds:KeyInfo element, this wraps the wsse:SecurityTokenReference 3) Create and set up the SecurityTokenReference according to the keyIdentifier parameter 4) Create the CipherValue element structure and insert the encrypted session keyprotected void
createEncryptedKeyElement(Key key)
Now we need to setup the EncryptedKey header block: 1) create a EncryptedKey element and set a wsu:Id for it 2) Generate ds:KeyInfo element, this wraps the wsse:SecurityTokenReference 3) Create and set up the SecurityTokenReference according to the keyIdentifier parameter 4) Create the CipherValue element structure and insert the encrypted session keyprotected byte[]
encryptSymmetricKey(PublicKey encryptingKey, SecretKey keyToBeEncrypted)
Element
getBinarySecurityTokenElement()
String
getBSTTokenId()
Get the id of the BSt generated duringprepare()
.Element
getCustomEKKeyInfoElement()
String
getDigestAlgorithm()
Get the digest algorithm to use with the RSA-OAEP key transport algorithm.Element
getEncryptedKeyElement()
String
getEncryptedKeySHA1()
String
getId()
Get the id generated duringprepare()
.String
getKeyEncAlgo()
String
getMGFAlgorithm()
Get the MGF algorithm to use with the RSA-OAEP key transport algorithm.X509Certificate
getUseThisCert()
PublicKey
getUseThisPublicKey()
boolean
isCertSet()
boolean
isIncludeEncryptionToken()
void
prepare(Crypto crypto, SecretKey symmetricKey)
Create the EncryptedKey Element for inclusion in the security header, by encrypting the symmetricKey parameter using either a public key or certificate that is set on the class, and adding the encrypted bytes as the CipherValue of the EncryptedKey element.void
prependBSTElementToHeader()
Prepend the BinarySecurityToken to the elements already in the Security header.void
prependToHeader()
Prepend the EncryptedKey element to the elements already in the Security header.void
setCustomEKKeyInfoElement(Element customEKKeyInfoElement)
void
setCustomEKTokenId(String customEKTokenId)
void
setCustomEKTokenValueType(String customEKTokenValueType)
void
setDigestAlgorithm(String digestAlgorithm)
Set the digest algorithm to use with the RSA-OAEP key transport algorithm.void
setEncKeyId(String encKeyId)
void
setEncryptedKeyElement(Element encryptedKeyElement)
Set the encrypted key element when a pre prepared encrypted key is usedprotected void
setEncryptedKeySHA1(byte[] encryptedEphemeralKey)
void
setIncludeEncryptionToken(boolean includeEncryptionToken)
void
setKeyEncAlgo(String keyEncAlgo)
void
setMGFAlgorithm(String mgfAlgorithm)
Set the MGF algorithm to use with the RSA-OAEP key transport algorithm.void
setUserInfo(String user)
Set the user name to get the encryption certificate.void
setUseThisCert(X509Certificate cert)
Set the X509 Certificate to use for encryption.void
setUseThisPublicKey(PublicKey key)
Set the PublicKey to use for encryption.-
Methods inherited from class org.apache.wss4j.dom.message.WSSecBase
clean, getDocument, getIdAllocator, getKeyIdentifierType, getParts, getSecurityHeader, getWsDocInfo, isExpandXopInclude, setAttachmentCallbackHandler, setBodyID, setCallbackLookup, setExpandXopInclude, setIdAllocator, setKeyIdentifierType, setStoreBytesInAttachment, setUserInfo, setWsDocInfo, setWsuId
-
-
-
-
Constructor Detail
-
WSSecEncryptedKey
public WSSecEncryptedKey(WSSecHeader securityHeader)
-
WSSecEncryptedKey
public WSSecEncryptedKey(Document doc)
-
-
Method Detail
-
setUserInfo
public void setUserInfo(String user)
Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.- Parameters:
user
-
-
getId
public String getId()
Get the id generated duringprepare()
. Returns the the value of wsu:Id attribute of the EncryptedKey element.- Returns:
- Return the wsu:Id of this token or null if
prepare()
was not called before.
-
prepare
public void prepare(Crypto crypto, SecretKey symmetricKey) throws WSSecurityException
Create the EncryptedKey Element for inclusion in the security header, by encrypting the symmetricKey parameter using either a public key or certificate that is set on the class, and adding the encrypted bytes as the CipherValue of the EncryptedKey element. The KeyInfo is constructed according to the keyIdentifierType and also the type of the encrypting key- Parameters:
crypto
- An instance of the Crypto API to handle keystore and certificatessymmetricKey
- The symmetric key to encrypt and insert into the EncryptedKey- Throws:
WSSecurityException
-
addCipherValueElement
protected void addCipherValueElement(byte[] encryptedEphemeralKey) throws WSSecurityException
Create and add the CipherValue Element to the EncryptedKey Element.- Throws:
WSSecurityException
-
createEncryptedKeyElement
protected void createEncryptedKeyElement(X509Certificate remoteCert, Crypto crypto) throws WSSecurityException
Now we need to setup the EncryptedKey header block: 1) create a EncryptedKey element and set a wsu:Id for it 2) Generate ds:KeyInfo element, this wraps the wsse:SecurityTokenReference 3) Create and set up the SecurityTokenReference according to the keyIdentifier parameter 4) Create the CipherValue element structure and insert the encrypted session key- Throws:
WSSecurityException
-
createEncryptedKeyElement
protected void createEncryptedKeyElement(Key key) throws WSSecurityException
Now we need to setup the EncryptedKey header block: 1) create a EncryptedKey element and set a wsu:Id for it 2) Generate ds:KeyInfo element, this wraps the wsse:SecurityTokenReference 3) Create and set up the SecurityTokenReference according to the keyIdentifier parameter 4) Create the CipherValue element structure and insert the encrypted session key- Throws:
WSSecurityException
-
encryptSymmetricKey
protected byte[] encryptSymmetricKey(PublicKey encryptingKey, SecretKey keyToBeEncrypted) throws WSSecurityException
- Throws:
WSSecurityException
-
prependToHeader
public void prependToHeader()
Prepend the EncryptedKey element to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the EncryptedKey element at any position in the Security header.
-
appendToHeader
public void appendToHeader()
Append the EncryptedKey element to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the EncryptedKey element at any position in the Security header.
-
prependBSTElementToHeader
public void prependBSTElementToHeader()
Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the BST element at any position in the Security header.
-
appendBSTElementToHeader
public void appendBSTElementToHeader()
Append the BinarySecurityToken to the elements already in the Security header. The method can be called any time afterprepare()
. This allows to insert the BST element at any position in the Security header.
-
setUseThisCert
public void setUseThisCert(X509Certificate cert)
Set the X509 Certificate to use for encryption. If this is set and the key identifier is set toDirectReference
then use this certificate to get the public key for encryption.- Parameters:
cert
- is the X509 certificate to use for encryption
-
getUseThisCert
public X509Certificate getUseThisCert()
-
setUseThisPublicKey
public void setUseThisPublicKey(PublicKey key)
Set the PublicKey to use for encryption.- Parameters:
key
- the PublicKey instance to use for encryption
-
getUseThisPublicKey
public PublicKey getUseThisPublicKey()
-
getEncryptedKeyElement
public Element getEncryptedKeyElement()
- Returns:
- Returns the encryptedKeyElement.
-
setEncryptedKeyElement
public void setEncryptedKeyElement(Element encryptedKeyElement)
Set the encrypted key element when a pre prepared encrypted key is used- Parameters:
encryptedKeyElement
- EncryptedKey element of the encrypted key used
-
getBinarySecurityTokenElement
public Element getBinarySecurityTokenElement()
- Returns:
- Returns the BinarySecurityToken element.
-
setKeyEncAlgo
public void setKeyEncAlgo(String keyEncAlgo)
-
getKeyEncAlgo
public String getKeyEncAlgo()
-
getBSTTokenId
public String getBSTTokenId()
Get the id of the BSt generated duringprepare()
.- Returns:
- Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.
-
setEncKeyId
public void setEncKeyId(String encKeyId)
- Parameters:
encKeyId
- The encKeyId to set.
-
isCertSet
public boolean isCertSet()
-
setCustomEKTokenValueType
public void setCustomEKTokenValueType(String customEKTokenValueType)
-
setCustomEKTokenId
public void setCustomEKTokenId(String customEKTokenId)
-
setDigestAlgorithm
public void setDigestAlgorithm(String digestAlgorithm)
Set the digest algorithm to use with the RSA-OAEP key transport algorithm. The default is SHA-1.- Parameters:
digestAlgorithm
- the digest algorithm to use with the RSA-OAEP key transport algorithm
-
getDigestAlgorithm
public String getDigestAlgorithm()
Get the digest algorithm to use with the RSA-OAEP key transport algorithm. The default is SHA-1.
-
setMGFAlgorithm
public void setMGFAlgorithm(String mgfAlgorithm)
Set the MGF algorithm to use with the RSA-OAEP key transport algorithm. The default is MGF-SHA-1.- Parameters:
mgfAlgorithm
- the MGF algorithm to use with the RSA-OAEP key transport algorithm
-
getMGFAlgorithm
public String getMGFAlgorithm()
Get the MGF algorithm to use with the RSA-OAEP key transport algorithm. The default is MGF-SHA-1.
-
isIncludeEncryptionToken
public boolean isIncludeEncryptionToken()
-
setIncludeEncryptionToken
public void setIncludeEncryptionToken(boolean includeEncryptionToken)
-
getCustomEKKeyInfoElement
public Element getCustomEKKeyInfoElement()
-
setCustomEKKeyInfoElement
public void setCustomEKKeyInfoElement(Element customEKKeyInfoElement)
-
setEncryptedKeySHA1
protected void setEncryptedKeySHA1(byte[] encryptedEphemeralKey) throws WSSecurityException
- Throws:
WSSecurityException
-
getEncryptedKeySHA1
public String getEncryptedKeySHA1()
-
-