Package org.apache.wss4j.dom.message

Class WSSecEncryptedKey

java.lang.Object
org.apache.wss4j.dom.message.WSSecBase
org.apache.wss4j.dom.message.WSSecEncryptedKey
Direct Known Subclasses:
WSSecEncrypt
public class WSSecEncryptedKey extends WSSecBase
Builder class to build an EncryptedKey. This is especially useful in the case where the same EncryptedKey has to be used to sign and encrypt the message In such a situation this builder will add the EncryptedKey to the security header and we can use the information form the builder to provide to other builders to reference to the token

  • Constructor Details

    • WSSecEncryptedKey

      public WSSecEncryptedKey(WSSecHeader securityHeader)

    • WSSecEncryptedKey

      public WSSecEncryptedKey(Document doc)

    • WSSecEncryptedKey

      public WSSecEncryptedKey(Document doc, Provider provider)

  • Method Details

    • setUserInfo

      public void setUserInfo(String user)
      Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.
      Parameters:
      user -

    • getId

      public String getId()
      Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the EncryptedKey element.
      Returns:
      Return the wsu:Id of this token or null if prepare() was not called before.

    • prepare

      public void prepare(Crypto crypto, SecretKey symmetricKey) throws WSSecurityException
      Create the EncryptedKey Element for inclusion in the security header, by encrypting the symmetricKey parameter using either a public key or certificate that is set on the class, and adding the encrypted bytes as the CipherValue of the EncryptedKey element. The KeyInfo is constructed according to the keyIdentifierType and also the type of the encrypting key
      Parameters:
      crypto - An instance of the Crypto API to handle keystore and certificates
      symmetricKey - The symmetric key to encrypt and insert into the EncryptedKey
      Throws:
      WSSecurityException

    • addCipherValueElement

      protected void addCipherValueElement(byte[] encryptedEphemeralKey) throws WSSecurityException
      Create and add the CipherValue Element to the EncryptedKey Element.
      Throws:
      WSSecurityException

    • createEncryptedKeyElement

      protected void createEncryptedKeyElement(X509Certificate remoteCert, Crypto crypto, org.apache.xml.security.encryption.params.KeyAgreementParameters dhSpec) throws WSSecurityException
      Now we need to set up the EncryptedKey header block: 1) create a EncryptedKey element and set a wsu:Id for it 2) Generate ds:KeyInfo element 3) Create and set up the ds:KeyInfo child element - this can either be a SecurityTokenReference or X509Data/X509SKI 4) Create the CipherValue element structure and insert the encrypted session key
      Throws:
      WSSecurityException

    • createEncryptedKeyElement

      protected void createEncryptedKeyElement(Key key) throws WSSecurityException
      Now we need to setup the EncryptedKey header block: 1) create a EncryptedKey element and set a wsu:Id for it 2) Generate ds:KeyInfo element, this wraps the wsse:SecurityTokenReference 3) Create and set up the SecurityTokenReference according to the keyIdentifier parameter 4) Create the CipherValue element structure and insert the encrypted session key
      Throws:
      WSSecurityException

    • createCipherValue

      protected Element createCipherValue(Document doc, Element encryptedKey)

    • prependToHeader

      public void prependToHeader()
      Prepend the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.

    • appendToHeader

      public void appendToHeader()
      Append the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.

    • prependBSTElementToHeader

      public void prependBSTElementToHeader()
      Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

    • appendBSTElementToHeader

      public void appendBSTElementToHeader()
      Append the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

    • setUseThisCert

      public void setUseThisCert(X509Certificate cert)
      Set the X509 Certificate to use for encryption. If this is set and the key identifier is set to DirectReference then use this certificate to get the public key for encryption.
      Parameters:
      cert - is the X509 certificate to use for encryption

    • getUseThisCert

      public X509Certificate getUseThisCert()

    • setUseThisPublicKey

      public void setUseThisPublicKey(PublicKey key)
      Set the PublicKey to use for encryption.
      Parameters:
      key - the PublicKey instance to use for encryption

    • getUseThisPublicKey

      public PublicKey getUseThisPublicKey()

    • getEncryptedKeyElement

      public Element getEncryptedKeyElement()
      Returns:
      Returns the encryptedKeyElement.

    • setEncryptedKeyElement

      public void setEncryptedKeyElement(Element encryptedKeyElement)
      Set the encrypted key element when a pre prepared encrypted key is used
      Parameters:
      encryptedKeyElement - EncryptedKey element of the encrypted key used

    • getBinarySecurityTokenElement

      public Element getBinarySecurityTokenElement()
      Returns:
      Returns the BinarySecurityToken element.

    • setKeyEncAlgo

      public void setKeyEncAlgo(String keyEncAlgo)

    • getKeyEncAlgo

      public String getKeyEncAlgo()

    • getKeyAgreementMethod

      public String getKeyAgreementMethod()

    • setKeyAgreementMethod

      public void setKeyAgreementMethod(String keyAgreementMethod)

    • getKeyDerivationMethod

      public String getKeyDerivationMethod()

    • setKeyDerivationMethod

      public void setKeyDerivationMethod(String keyDerivationMethod)

    • getKeyDerivationParameters

      public org.apache.xml.security.encryption.params.KeyDerivationParameters getKeyDerivationParameters()

    • setKeyDerivationParameters

      public void setKeyDerivationParameters(org.apache.xml.security.encryption.params.KeyDerivationParameters keyDerivationParameters)

    • getBSTTokenId

      public String getBSTTokenId()
      Get the id of the BSt generated during prepare().
      Returns:
      Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.

    • setEncKeyId

      public void setEncKeyId(String encKeyId)
      Parameters:
      encKeyId - The encKeyId to set.

    • isCertSet

      public boolean isCertSet()

    • setCustomEKTokenValueType

      public void setCustomEKTokenValueType(String customEKTokenValueType)

    • setCustomEKTokenId

      public void setCustomEKTokenId(String customEKTokenId)

    • setDigestAlgorithm

      public void setDigestAlgorithm(String digestAlgorithm)
      Set the digest algorithm to use with the RSA-OAEP key transport algorithm. The default is SHA-1.
      Parameters:
      digestAlgorithm - the digest algorithm to use with the RSA-OAEP key transport algorithm

    • getDigestAlgorithm

      public String getDigestAlgorithm()
      Get the digest algorithm to use with the RSA-OAEP key transport algorithm. The default is SHA-1.

    • setMGFAlgorithm

      public void setMGFAlgorithm(String mgfAlgorithm)
      Set the MGF algorithm to use with the RSA-OAEP key transport algorithm. The default is MGF-SHA-1.
      Parameters:
      mgfAlgorithm - the MGF algorithm to use with the RSA-OAEP key transport algorithm

    • getMGFAlgorithm

      public String getMGFAlgorithm()
      Get the MGF algorithm to use with the RSA-OAEP key transport algorithm. The default is MGF-SHA-1.

    • isIncludeEncryptionToken

      public boolean isIncludeEncryptionToken()

    • setIncludeEncryptionToken

      public void setIncludeEncryptionToken(boolean includeEncryptionToken)

    • getCustomEKKeyInfoElement

      public Element getCustomEKKeyInfoElement()

    • setCustomEKKeyInfoElement

      public void setCustomEKKeyInfoElement(Element customEKKeyInfoElement)

    • setEncryptedKeySHA1

      protected void setEncryptedKeySHA1(byte[] encryptedEphemeralKey) throws WSSecurityException
      Throws:
      WSSecurityException

    • getEncryptedKeySHA1

      public String getEncryptedKeySHA1()