org.apache.ws.security.message
Class WSEncryptBody

java.lang.Object
  extended byorg.apache.ws.security.message.WSBaseMessage
      extended byorg.apache.ws.security.message.WSEncryptBody

public class WSEncryptBody
extends WSBaseMessage

Encrypts a SOAP body inside a SOAP envelope according to WS Specification, X509 profile, and adds the encryption data.

Author:
Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@siemens.com).

Field Summary
protected  byte[] embeddedKey
           
protected  java.lang.String embeddedKeyName
           
protected  java.lang.String encCanonAlgo
           
protected  javax.crypto.SecretKey encryptionKey
          Symmetric key that's actually used.
protected  java.lang.String keyEncAlgo
           
protected  org.w3c.dom.Element parentNode
          Parent node to which the EncryptedKeyElement should be added.
protected  SecurityTokenReference securityTokenReference
          SecurityTokenReference to be inserted into EncryptedData/keyInfo element.
protected  java.lang.String symEncAlgo
           
protected  javax.crypto.SecretKey symmetricKey
          Symmetric key used in the EncrytpedKey.
protected  java.security.cert.X509Certificate useThisCert
           
 
Fields inherited from class org.apache.ws.security.message.WSBaseMessage
actor, doDebug, keyIdentifierType, mustunderstand, parts, password, timeToLive, user, wssConfig
 
Constructor Summary
WSEncryptBody()
          Constructor.
WSEncryptBody(java.lang.String actor)
          Constructor.
WSEncryptBody(java.lang.String actor, boolean mu)
          Constructor.
WSEncryptBody(WSSConfig wssConfig, java.lang.String actor, boolean mu)
          Constructor.
 
Method Summary
 org.w3c.dom.Document build(org.w3c.dom.Document doc, Crypto crypto)
          Builds the SOAP envelope with encrypted Body and adds encrypted key.
static org.w3c.dom.Element createCipherValue(org.w3c.dom.Document doc, org.w3c.dom.Element encryptedKey)
           
static org.w3c.dom.Element createDataRefList(org.w3c.dom.Document doc, org.w3c.dom.Element encryptedKey, java.util.Vector encDataRefs)
           
static org.w3c.dom.Element createEnrcyptedKey(org.w3c.dom.Document doc, java.lang.String keyTransportAlgo)
          Create DOM subtree for xenc:EncryptedKey
 javax.crypto.SecretKey getEncryptionKey()
          Get the symmetric key used for encryption.
 SecurityTokenReference getSecurityTokenReference()
           
 java.lang.String getSymmetricEncAlgorithm()
          Get the name of symmetric encryption algorithm to use

The name of the encyrption alogrithm to encrypt the data, i.e.

 javax.crypto.SecretKey getSymmetricKey()
           
 void setEmbeddedKeyName(java.lang.String embeddedKeyName)
          Set the key name for EMBEDDED_KEYNAME
 void setEncCanonicalization(java.lang.String algo)
          Set the name of an optional canonicalization algorithm to use before encryption

This c14n alogrithm is used to serialize the data before encryption, i.e.

 void setKey(byte[] key)
          Sets the key to use during embedded encryption.
 void setKeyEnc(java.lang.String keyEnc)
          Sets the algorithm to encode the symmetric key.
 void setParentNode(org.w3c.dom.Element element)
          Sets the parent node of the EncryptedKeyElement
 void setSecurityTokenReference(SecurityTokenReference reference)
           
 void setSymmetricEncAlgorithm(java.lang.String algo)
          Set the name of the symmetric encryption algorithm to use

This encyrption alogrithm is used to encrypt the data, i.e.

 void setSymmetricKey(javax.crypto.SecretKey key)
          Set the symmetric key to be used for encryption
 void setUserInfo(java.lang.String user)
          Set the user name to get the encryption certificate.
 void setUseThisCert(java.security.cert.X509Certificate cert)
          Set the X509 Certificate to use for encryption.
 
Methods inherited from class org.apache.ws.security.message.WSBaseMessage
getKeyIdentifierType, insertSecurityHeader, setActor, setBodyID, setKeyIdentifierType, setMustUnderstand, setParts, setTimeToLive, setUserInfo, setWsuId
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

symEncAlgo

protected java.lang.String symEncAlgo

keyEncAlgo

protected java.lang.String keyEncAlgo

encCanonAlgo

protected java.lang.String encCanonAlgo

embeddedKey

protected byte[] embeddedKey

embeddedKeyName

protected java.lang.String embeddedKeyName

useThisCert

protected java.security.cert.X509Certificate useThisCert

symmetricKey

protected javax.crypto.SecretKey symmetricKey
Symmetric key used in the EncrytpedKey.


encryptionKey

protected javax.crypto.SecretKey encryptionKey
Symmetric key that's actually used.


parentNode

protected org.w3c.dom.Element parentNode
Parent node to which the EncryptedKeyElement should be added.


securityTokenReference

protected SecurityTokenReference securityTokenReference
SecurityTokenReference to be inserted into EncryptedData/keyInfo element.

Constructor Detail

WSEncryptBody

public WSEncryptBody()
Constructor.


WSEncryptBody

public WSEncryptBody(java.lang.String actor)
Constructor.

Parameters:
actor - The actor name of the wsse:Security header

WSEncryptBody

public WSEncryptBody(java.lang.String actor,
                     boolean mu)
Constructor.

Parameters:
actor - The actor name of the wsse:Security header
mu - Set mustUnderstand to true or false

WSEncryptBody

public WSEncryptBody(WSSConfig wssConfig,
                     java.lang.String actor,
                     boolean mu)
Constructor.

Parameters:
wssConfig - Configuration options for processing and building the wsse:Security header
actor - The actor name of the wsse:Security header
mu - Set mustUnderstand to true or false
Method Detail

setKey

public void setKey(byte[] key)
Sets the key to use during embedded encryption.

Parameters:
key - to use during encryption. The key must fit the selected symmetrical encryption algorithm

setKeyEnc

public void setKeyEnc(java.lang.String keyEnc)
Sets the algorithm to encode the symmetric key.

Default is the WSConstants.KEYTRANSPORT_RSA15 algorithm.

Parameters:
keyEnc - specifies the key encoding algorithm.
See Also:
WSConstants.KEYTRANSPORT_RSA15, WSConstants.KEYTRANSPORT_RSAOEP

setUserInfo

public void setUserInfo(java.lang.String user)
Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.

Parameters:
user -

setEmbeddedKeyName

public void setEmbeddedKeyName(java.lang.String embeddedKeyName)
Set the key name for EMBEDDED_KEYNAME

Parameters:
embeddedKeyName -

setUseThisCert

public void setUseThisCert(java.security.cert.X509Certificate cert)
Set the X509 Certificate to use for encryption. If this is set and the key identifier is set to DirectReference then use this certificate to get the public key for encryption.

Parameters:
cert - is the X509 certificate to use for encryption

setSymmetricEncAlgorithm

public void setSymmetricEncAlgorithm(java.lang.String algo)
Set the name of the symmetric encryption algorithm to use

This encyrption alogrithm is used to encrypt the data, i.e. the SOAP Body. If the algorithm is not set then Triple DES is used. Refer to WSConstants which algorithms are supported.

Parameters:
algo - Is the name of the encyrption algorithm
See Also:
WSConstants.TRIPLE_DES, WSConstants.AES_128, WSConstants.AES_192, WSConstants.AES_256

setEncCanonicalization

public void setEncCanonicalization(java.lang.String algo)
Set the name of an optional canonicalization algorithm to use before encryption

This c14n alogrithm is used to serialize the data before encryption, i.e. the SOAP Body. If the algorithm is not set then a standard serialization is used (provided by XMLCipher, usually a XMLSerializer according to DOM 3 specification).

Parameters:
algo - Is the name of the canonicalization algorithm

getSymmetricEncAlgorithm

public java.lang.String getSymmetricEncAlgorithm()
Get the name of symmetric encryption algorithm to use

The name of the encyrption alogrithm to encrypt the data, i.e. the SOAP Body. Refer to WSConstants which algorithms are supported.

Returns:
the name of the currently selected symmetric encryption algorithm
See Also:
WSConstants.TRIPLE_DES, WSConstants.AES_128, WSConstants.AES_192, WSConstants.AES_256

build

public org.w3c.dom.Document build(org.w3c.dom.Document doc,
                                  Crypto crypto)
                           throws WSSecurityException
Builds the SOAP envelope with encrypted Body and adds encrypted key.

This function performs several steps:

Parameters:
doc - the SOAP envelope as Document with plaintext Body
crypto - an instance of the Crypto API to handle keystore and Certificates
Returns:
the SOAP envelope with encrypted Body as Document
Throws:
WSSecurityException

createEnrcyptedKey

public static org.w3c.dom.Element createEnrcyptedKey(org.w3c.dom.Document doc,
                                                     java.lang.String keyTransportAlgo)
Create DOM subtree for xenc:EncryptedKey

Parameters:
doc - the SOAP enevelope parent document
keyTransportAlgo - specifies which alogrithm to use to encrypt the symmetric key
Returns:
an xenc:EncryptedKey element

createCipherValue

public static org.w3c.dom.Element createCipherValue(org.w3c.dom.Document doc,
                                                    org.w3c.dom.Element encryptedKey)

createDataRefList

public static org.w3c.dom.Element createDataRefList(org.w3c.dom.Document doc,
                                                    org.w3c.dom.Element encryptedKey,
                                                    java.util.Vector encDataRefs)

setParentNode

public void setParentNode(org.w3c.dom.Element element)
Sets the parent node of the EncryptedKeyElement

Parameters:
element -

getSymmetricKey

public javax.crypto.SecretKey getSymmetricKey()
Returns:

setSymmetricKey

public void setSymmetricKey(javax.crypto.SecretKey key)
Set the symmetric key to be used for encryption

Parameters:
key -

getEncryptionKey

public javax.crypto.SecretKey getEncryptionKey()
Get the symmetric key used for encryption. This may be the same as the symmetric key field.

Returns:
The symmetric key

getSecurityTokenReference

public SecurityTokenReference getSecurityTokenReference()
Returns:

setSecurityTokenReference

public void setSecurityTokenReference(SecurityTokenReference reference)
Parameters:
reference -