WSSecEncryptedKey (WSS4J 1.5.11-wso2v9 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.ws.security.message
Class WSSecEncryptedKey

java.lang.Object
  org.apache.ws.security.message.WSSecBase
      org.apache.ws.security.message.WSSecEncryptedKey

Direct Known Subclasses:: WSSecEncrypt

public class WSSecEncryptedKey
extends WSSecBase
extends WSSecBase

Builder class to build an EncryptedKey. This is especially useful in the case where the same EncryptedKey has to be used to sign and encrypt the message In such a situation this builder will add the EncryptedKey to the security header and we can use the information form the builder to provide to other builders to reference to the token

Field Summary
`protected BinarySecurity`	`bstToken` BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE is used to refer to the asymmetric encryption cert
`protected String`	`customEKTokenId` Custom token id
`protected String`	`customEKTokenValueType` Custom token value
`protected Document`	`document`
`protected String`	`encKeyId` The Token identifier of the token that the `DerivedKeyToken` is (or to be) derived from.
`protected String`	`encrUser` Remote user's alias to obtain the cert to encrypt the ephemeral key
`protected byte[]`	`encryptedEphemeralKey` Encrypted bytes of the ephemeral key
`protected Element`	`encryptedKeyElement` xenc:EncryptedKey element
`protected Element`	`envelope` soap:Envelope element
`protected byte[]`	`ephemeralKey` Session key used as the secret in key derivation
`protected String`	`keyEncAlgo` Algorithm used to encrypt the ephemeral key
`protected int`	`keySize` Key size in bits Defaults to 128
`protected X509Certificate`	`useThisCert`

Fields inherited from class org.apache.ws.security.message.WSSecBase
`doDebug, keyIdentifierType, parts, password, user, wssConfig`

Constructor Summary
`WSSecEncryptedKey()`

Method Summary
`void`	`appendBSTElementToHeader(WSSecHeader secHeader)` Append the BinarySecurityToken to the elements already in the Security header.
`void`	`appendToHeader(WSSecHeader secHeader)` Append the EncryptedKey element to the elements already in the Security header.
`protected Element`	`createCipherValue(Document doc, Element encryptedKey)`
`protected Element`	`createEncryptedKey(Document doc, String keyTransportAlgo)` Create DOM subtree for `xenc:EncryptedKey`
`protected Element`	`createEnrcyptedKey(Document doc, String keyTransportAlgo)` Deprecated. use createEncryptedKey(Document doc, String keyTransportAlgo) instead
`protected byte[]`	`generateEphemeralKey()` Create an ephemeral key
`Element`	`getBinarySecurityTokenElement()`
`String`	`getBSTTokenId()` Get the id of the BSt generated during `prepare()`.
`byte[]`	`getEncryptedEphemeralKey()`
`Element`	`getEncryptedKeyElement()`
`byte[]`	`getEphemeralKey()`
`String`	`getId()` Get the id generated during `prepare()`.
`boolean`	`isCertSet()`
`void`	`prepare(Document doc, Crypto crypto)` Prepare the ephemeralKey and the tokens required to be added to the security header
`protected void`	`prepareInternal(byte[] keyBytes, X509Certificate remoteCert, Crypto crypto)` Encrypt the symmetric key data and prepare the EncryptedKey element This method does the most work for to prepare the EncryptedKey element.
`void`	`prependBSTElementToHeader(WSSecHeader secHeader)` Prepend the BinarySecurityToken to the elements already in the Security header.
`void`	`prependToHeader(WSSecHeader secHeader)` Prepend the EncryptedKey element to the elements already in the Security header.
`void`	`setCustomEKTokenId(String customEKTokenId)`
`void`	`setCustomEKTokenValueType(String customEKTokenValueType)`
`void`	`setDocument(Document document)`
`void`	`setEncKeyId(String encKeyId)`
`void`	`setEncryptedKeyElement(Element encryptedKeyElement)` Set the encrypted key element when a pre prepared encrypted key is used
`void`	`setEphemeralKey(byte[] ephemeralKey)`
`void`	`setKeyEncAlgo(String keyEncAlgo)`
`void`	`setKeySize(int keySize)`
`void`	`setUserInfo(String user)` Set the user name to get the encryption certificate.
`void`	`setUseThisCert(X509Certificate cert)` Set the X509 Certificate to use for encryption.

Methods inherited from class org.apache.ws.security.message.WSSecBase
`getKeyIdentifierType, setBodyID, setKeyIdentifierType, setParts, setUserInfo, setWsConfig, setWsuId`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

document

protected Document document

envelope

protected Element envelope

soap:Envelope element

ephemeralKey

protected byte[] ephemeralKey

Session key used as the secret in key derivation

encryptedEphemeralKey

protected byte[] encryptedEphemeralKey

Encrypted bytes of the ephemeral key

encrUser

protected String encrUser

Remote user's alias to obtain the cert to encrypt the ephemeral key

keyEncAlgo

protected String keyEncAlgo

Algorithm used to encrypt the ephemeral key

encryptedKeyElement

protected Element encryptedKeyElement

xenc:EncryptedKey element

encKeyId

protected String encKeyId

The Token identifier of the token that the DerivedKeyToken is (or to be) derived from.

customEKTokenValueType

protected String customEKTokenValueType

Custom token value

customEKTokenId

protected String customEKTokenId

Custom token id

bstToken

protected BinarySecurity bstToken

BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE is used to refer to the asymmetric encryption cert

useThisCert

protected X509Certificate useThisCert

keySize

protected int keySize

Key size in bits Defaults to 128

Constructor Detail

WSSecEncryptedKey

public WSSecEncryptedKey()

Method Detail

setUserInfo

public void setUserInfo(String user)

Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.

Parameters:: user -

getId

public String getId()

Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the EncryptedKey element.

Returns:: Return the wsu:Id of this token or null if prepare() was not called before.

prepare

public void prepare(Document doc,
                    Crypto crypto)
             throws WSSecurityException

Prepare the ephemeralKey and the tokens required to be added to the security header

Parameters:: doc - The SOAP envelope as Document; crypto - An instance of the Crypto API to handle keystore and certificates
Throws:: WSSecurityException

prepareInternal

protected void prepareInternal(byte[] keyBytes,
                               X509Certificate remoteCert,
                               Crypto crypto)
                        throws WSSecurityException

Encrypt the symmetric key data and prepare the EncryptedKey element This method does the most work for to prepare the EncryptedKey element. It is also used by the WSSecEncrypt sub-class.

Parameters:: keyBytes - The bytes that represent the symmetric key; remoteCert - The certificate that contains the public key to encrypt the symmetric key data; crypto - An instance of the Crypto API to handle keystore and certificates
Throws:: WSSecurityException

generateEphemeralKey

protected byte[] generateEphemeralKey()
                               throws WSSecurityException

Create an ephemeral key

Returns:: an ephemeral key
Throws:: WSSecurityException

createEncryptedKey

protected Element createEncryptedKey(Document doc,
                                     String keyTransportAlgo)

Create DOM subtree for xenc:EncryptedKey

Parameters:: doc - the SOAP envelope parent document; keyTransportAlgo - specifies which algorithm to use to encrypt the symmetric key
Returns:: an xenc:EncryptedKey element

createEnrcyptedKey

protected Element createEnrcyptedKey(Document doc,
                                     String keyTransportAlgo)

Deprecated. use createEncryptedKey(Document doc, String keyTransportAlgo) instead

Create DOM subtree for xenc:EncryptedKey

Parameters:: doc - the SOAP envelope parent document; keyTransportAlgo - specifies which algorithm to use to encrypt the symmetric key
Returns:: an xenc:EncryptedKey element

createCipherValue

protected Element createCipherValue(Document doc,
                                    Element encryptedKey)

prependToHeader

public void prependToHeader(WSSecHeader secHeader)

Prepend the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.

Parameters:: secHeader - The security header that holds the Signature element.

appendToHeader

public void appendToHeader(WSSecHeader secHeader)

Append the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.

Parameters:: secHeader - The security header that holds the Signature element.

prependBSTElementToHeader

public void prependBSTElementToHeader(WSSecHeader secHeader)

Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

Parameters:: secHeader - The security header that holds the BST element.

appendBSTElementToHeader

public void appendBSTElementToHeader(WSSecHeader secHeader)

Append the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

Parameters:: secHeader - The security header that holds the BST element.

getEphemeralKey

public byte[] getEphemeralKey()

Returns:: Returns the ephemeralKey.

setUseThisCert

public void setUseThisCert(X509Certificate cert)

Set the X509 Certificate to use for encryption. If this is set and the key identifier is set to DirectReference then use this certificate to get the public key for encryption.

Parameters:: cert - is the X509 certificate to use for encryption

getEncryptedKeyElement

public Element getEncryptedKeyElement()

Returns:: Returns the encryptedKeyElement.

setEncryptedKeyElement

public void setEncryptedKeyElement(Element encryptedKeyElement)

Set the encrypted key element when a pre prepared encrypted key is used

Parameters:: encryptedKeyElement - EncryptedKey element of the encrypted key used

getBinarySecurityTokenElement

public Element getBinarySecurityTokenElement()

Returns:: Returns the BinarySecurityToken element.

setKeySize

public void setKeySize(int keySize)
                throws WSSecurityException

Throws:: WSSecurityException

setKeyEncAlgo

public void setKeyEncAlgo(String keyEncAlgo)

setEphemeralKey

public void setEphemeralKey(byte[] ephemeralKey)

Parameters:: ephemeralKey - The ephemeralKey to set.

getBSTTokenId

public String getBSTTokenId()

Get the id of the BSt generated during prepare().

Returns:: Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.

setDocument

public void setDocument(Document document)

Parameters:: document - The document to set.

setEncKeyId

public void setEncKeyId(String encKeyId)

Parameters:: encKeyId - The encKeyId to set.

isCertSet

public boolean isCertSet()

getEncryptedEphemeralKey

public byte[] getEncryptedEphemeralKey()

setCustomEKTokenValueType

public void setCustomEKTokenValueType(String customEKTokenValueType)

setCustomEKTokenId

public void setCustomEKTokenId(String customEKTokenId)