org.apache.ws.security.message
Class WSEncryptBody

java.lang.Object
  org.apache.ws.security.message.WSBaseMessage
      org.apache.ws.security.message.WSEncryptBody

public class WSEncryptBody
extends WSBaseMessage

Encrypts a SOAP body inside a SOAP envelope according to WS Specification, X509 profile, and adds the encryption data.

Author:

Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@siemens.com).

Field Summary

protected byte[]	embeddedKey
protected String	embeddedKeyName
protected String	encCanonAlgo
protected SecretKey	encryptionKey Symmetric key that's actually used.
protected String	keyEncAlgo
protected Element	parentNode Parent node to which the EncryptedKeyElement should be added.
protected SecurityTokenReference	securityTokenReference SecurityTokenReference to be inserted into EncryptedData/keyInfo element.
protected String	symEncAlgo
protected SecretKey	symmetricKey Symmetric key used in the EncrytpedKey.
protected X509Certificate	useThisCert

Fields inherited from class org.apache.ws.security.message.WSBaseMessage

actor, doDebug, keyIdentifierType, mustunderstand, parts, password, timeToLive, user, wssConfig

Constructor Summary

WSEncryptBody()
Deprecated. replaced by WSSecEncrypt.WSSecEncrypt()

WSEncryptBody(String actor)
Deprecated. replaced by WSSecEncrypt.WSSecEncrypt() and WSSecHeader for actor specification.

WSEncryptBody(String actor, boolean mu)
Deprecated. replaced by WSSecEncrypt.WSSecEncrypt() and WSSecHeader for actor and mustunderstand specification.

Method Summary

Document	build(Document doc, Crypto crypto) Deprecated. replaced by WSSecEncrypt.build(Document, Crypto, WSSecHeader)
static Element	createCipherValue(Document doc, Element encryptedKey)
static Element	createDataRefList(Document doc, Element encryptedKey, Vector encDataRefs)
static Element	createEncryptedKey(Document doc, String keyTransportAlgo) Create DOM subtree for xenc:EncryptedKey
static Element	createEnrcyptedKey(Document doc, String keyTransportAlgo) Deprecated. use createEncryptedKey(Document doc, String keyTransportAlgo) instead
SecretKey	getEncryptionKey() Deprecated. replaced by WSSecEncryptedKey.getEncryptedEphemeralKey()
SecurityTokenReference	getSecurityTokenReference() Deprecated. replaced by WSSecEncrypt.getSecurityTokenReference()
String	getSymmetricEncAlgorithm() Deprecated. replaced by WSSecEncrypt.getSymmetricEncAlgorithm()
SecretKey	getSymmetricKey() Deprecated. replaced by WSSecEncrypt.getSymmetricKey()
void	setEmbeddedKeyName(String embeddedKeyName) Deprecated. replaced by WSSecEncrypt.setEmbeddedKeyName(String)
void	setEncCanonicalization(String algo) Deprecated. replaced by WSSecEncrypt.setEncCanonicalization(String)
void	setKey(byte[] key) Deprecated. replaced by WSSecEncrypt.setKey(byte[])
void	setKeyEnc(String keyEnc) Deprecated. replaced by WSSecEncrypt.setKeyEnc(String)
void	setParentNode(Element element) Deprecated.
void	setSecurityTokenReference(SecurityTokenReference reference) Deprecated. replaced by WSSecEncrypt.setSecurityTokenReference(SecurityTokenReference)
void	setSymmetricEncAlgorithm(String algo) Deprecated. replaced by WSSecEncrypt.setSymmetricEncAlgorithm(String)
void	setSymmetricKey(SecretKey key) Deprecated. replaced by WSSecEncrypt.setSymmetricKey(SecretKey)
void	setUserInfo(String user) Deprecated. replaced by WSSecEncryptedKey.setUserInfo(String)
void	setUseThisCert(X509Certificate cert) Deprecated. replaced by WSSecEncryptedKey.setUseThisCert(X509Certificate)

Methods inherited from class org.apache.ws.security.message.WSBaseMessage

getKeyIdentifierType, insertSecurityHeader, setActor, setBodyID, setKeyIdentifierType, setMustUnderstand, setParts, setTimeToLive, setUserInfo, setWsConfig, setWsuId

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

symEncAlgo

protected String symEncAlgo

keyEncAlgo

protected String keyEncAlgo

encCanonAlgo

protected String encCanonAlgo

embeddedKey

protected byte[] embeddedKey

embeddedKeyName

protected String embeddedKeyName

useThisCert

protected X509Certificate useThisCert

symmetricKey

protected SecretKey symmetricKey

Symmetric key used in the EncrytpedKey.

encryptionKey

protected SecretKey encryptionKey

Symmetric key that's actually used.

parentNode

protected Element parentNode

Parent node to which the EncryptedKeyElement should be added.

securityTokenReference

protected SecurityTokenReference securityTokenReference

SecurityTokenReference to be inserted into EncryptedData/keyInfo element.

Constructor Detail

WSEncryptBody

public WSEncryptBody()

Deprecated. replaced by WSSecEncrypt.WSSecEncrypt()

Constructor.

WSEncryptBody

public WSEncryptBody(String actor)

Deprecated. replaced by WSSecEncrypt.WSSecEncrypt() and WSSecHeader for actor specification.

Constructor.

Parameters:

actor - The actor name of the wsse:Security header

WSEncryptBody

public WSEncryptBody(String actor,
                     boolean mu)

Deprecated. replaced by WSSecEncrypt.WSSecEncrypt() and WSSecHeader for actor and mustunderstand specification.

Constructor.

Parameters:

actor - The actor name of the wsse:Security header

mu - Set mustUnderstand to true or false

Method Detail

setKey

public void setKey(byte[] key)

Deprecated. replaced by WSSecEncrypt.setKey(byte[])

Sets the key to use during embedded encryption.

Parameters:

key - to use during encryption. The key must fit the selected symmetrical encryption algorithm

setKeyEnc

public void setKeyEnc(String keyEnc)

Deprecated. replaced by WSSecEncrypt.setKeyEnc(String)

Sets the algorithm to encode the symmetric key.

Default is the WSConstants.KEYTRANSPORT_RSA15 algorithm.

Parameters:

keyEnc - specifies the key encoding algorithm.

See Also:

WSConstants.KEYTRANSPORT_RSA15, WSConstants.KEYTRANSPORT_RSAOEP

setUserInfo

public void setUserInfo(String user)

Deprecated. replaced by WSSecEncryptedKey.setUserInfo(String)

Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.

Parameters:

user -

setEmbeddedKeyName

public void setEmbeddedKeyName(String embeddedKeyName)

Deprecated. replaced by WSSecEncrypt.setEmbeddedKeyName(String)

Set the key name for EMBEDDED_KEYNAME

Parameters:

embeddedKeyName -

setUseThisCert

public void setUseThisCert(X509Certificate cert)

Deprecated. replaced by WSSecEncryptedKey.setUseThisCert(X509Certificate)

Set the X509 Certificate to use for encryption. If this is set and the key identifier is set to DirectReference then use this certificate to get the public key for encryption.

Parameters:

cert - is the X509 certificate to use for encryption

setSymmetricEncAlgorithm

public void setSymmetricEncAlgorithm(String algo)

Deprecated. replaced by WSSecEncrypt.setSymmetricEncAlgorithm(String)

Set the name of the symmetric encryption algorithm to use.

This encryption alogrithm is used to encrypt the data, i.e. the SOAP Body. If the algorithm is not set then Triple DES is used. Refer to WSConstants which algorithms are supported.

Parameters:

algo - Is the name of the encryption algorithm

See Also:

WSConstants.TRIPLE_DES, WSConstants.AES_128, WSConstants.AES_192, WSConstants.AES_256

setEncCanonicalization

public void setEncCanonicalization(String algo)

Deprecated. replaced by WSSecEncrypt.setEncCanonicalization(String)

Set the name of an optional canonicalization algorithm to use before encryption.

This c14n alogrithm is used to serialize the data before encryption, i.e. the SOAP Body. If the algorithm is not set then a standard serialization is used (provided by XMLCipher, usually a XMLSerializer according to DOM 3 specification).

Parameters:

algo - Is the name of the canonicalization algorithm

getSymmetricEncAlgorithm

public String getSymmetricEncAlgorithm()

Deprecated. replaced by WSSecEncrypt.getSymmetricEncAlgorithm()

Get the name of symmetric encryption algorithm to use.

The name of the encryption alogrithm to encrypt the data, i.e. the SOAP Body. Refer to WSConstants which algorithms are supported.

Returns:

the name of the currently selected symmetric encryption algorithm

See Also:

WSConstants.TRIPLE_DES, WSConstants.AES_128, WSConstants.AES_192, WSConstants.AES_256

build

public Document build(Document doc,
                      Crypto crypto)
               throws WSSecurityException

Deprecated. replaced by WSSecEncrypt.build(Document, Crypto, WSSecHeader)

Builds the SOAP envelope with encrypted Body and adds encrypted key.

This function performs several steps:

• First step: set the encoding namespace in the SOAP:Envelope
• Second step: generate a symmetric key (session key) for the selected symmetric encryption algorithm, and set the cipher into encryption mode.
• Third step: get the data to encrypt. We always encrypt the complete first child element of the SOAP Body element
• Forth step: encrypt data, and set neccessary attributes in xenc:EncryptedData
• Fifth step: get the certificate that contains the public key for the public key algorithm that will encrypt the generated symmetric (session) key. Up to now we support RSA 1-5 as public key algorithm.
• Sixth step: setup the wsse:Security header block

Parameters:

doc - the SOAP envelope as Document with plaintext Body

crypto - an instance of the Crypto API to handle keystore and Certificates

Returns:

the SOAP envelope with encrypted Body as Document

Throws:

WSSecurityException

createEncryptedKey

public static Element createEncryptedKey(Document doc,
                                         String keyTransportAlgo)

Create DOM subtree for xenc:EncryptedKey

Parameters:

doc - the SOAP envelope parent document

keyTransportAlgo - specifies which algorithm to use to encrypt the symmetric key

Returns:

an xenc:EncryptedKey element

createEnrcyptedKey

public static Element createEnrcyptedKey(Document doc,
                                         String keyTransportAlgo)

Deprecated. use createEncryptedKey(Document doc, String keyTransportAlgo) instead

Create DOM subtree for xenc:EncryptedKey

Parameters:

doc - the SOAP envelope parent document

keyTransportAlgo - specifies which algorithm to use to encrypt the symmetric key

Returns:

an xenc:EncryptedKey element

createCipherValue

public static Element createCipherValue(Document doc,
                                        Element encryptedKey)

createDataRefList

public static Element createDataRefList(Document doc,
                                        Element encryptedKey,
                                        Vector encDataRefs)

setParentNode

public void setParentNode(Element element)

Deprecated.

Sets the parent node of the EncryptedKeyElement

Parameters:

element -

getSymmetricKey

public SecretKey getSymmetricKey()

Deprecated. replaced by WSSecEncrypt.getSymmetricKey()

Returns:

TODO

setSymmetricKey

public void setSymmetricKey(SecretKey key)

Deprecated. replaced by WSSecEncrypt.setSymmetricKey(SecretKey)

Set the symmetric key to be used for encryption

Parameters:

key -

getEncryptionKey

public SecretKey getEncryptionKey()

Deprecated. replaced by WSSecEncryptedKey.getEncryptedEphemeralKey()

Get the symmetric key used for encryption. This may be the same as the symmetric key field.

Returns:

The symmetric key

getSecurityTokenReference

public SecurityTokenReference getSecurityTokenReference()

Deprecated. replaced by WSSecEncrypt.getSecurityTokenReference()

Returns:

TODO

setSecurityTokenReference

public void setSecurityTokenReference(SecurityTokenReference reference)

Deprecated. replaced by WSSecEncrypt.setSecurityTokenReference(SecurityTokenReference)

Parameters:

reference -