Package org.apache.wss4j.dom.message

Class WSSecEncryptedKey

  • Direct Known Subclasses:
    WSSecEncrypt
    public class WSSecEncryptedKey
extends WSSecBase
    Builder class to build an EncryptedKey. This is especially useful in the case where the same EncryptedKey has to be used to sign and encrypt the message In such a situation this builder will add the EncryptedKey to the security header and we can use the information form the builder to provide to other builders to reference to the token

    • Constructor Detail

      • WSSecEncryptedKey

        public WSSecEncryptedKey​(WSSecHeader securityHeader)

      • WSSecEncryptedKey

        public WSSecEncryptedKey​(Document doc)

      • WSSecEncryptedKey

        public WSSecEncryptedKey​(Document doc,
                         Provider provider)

    • Method Detail

      • setUserInfo

        public void setUserInfo​(String user)
        Set the user name to get the encryption certificate. The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.
        Parameters:
        user -

      • getId

        public String getId()
        Get the id generated during prepare(). Returns the the value of wsu:Id attribute of the EncryptedKey element.
        Returns:
        Return the wsu:Id of this token or null if prepare() was not called before.

      • prepare

        public void prepare​(Crypto crypto,
                    SecretKey symmetricKey)
             throws WSSecurityException
        Create the EncryptedKey Element for inclusion in the security header, by encrypting the symmetricKey parameter using either a public key or certificate that is set on the class, and adding the encrypted bytes as the CipherValue of the EncryptedKey element. The KeyInfo is constructed according to the keyIdentifierType and also the type of the encrypting key
        Parameters:
        crypto - An instance of the Crypto API to handle keystore and certificates
        symmetricKey - The symmetric key to encrypt and insert into the EncryptedKey
        Throws:
        WSSecurityException

      • addCipherValueElement

        protected void addCipherValueElement​(byte[] encryptedEphemeralKey)
                              throws WSSecurityException
        Create and add the CipherValue Element to the EncryptedKey Element.
        Throws:
        WSSecurityException

      • createEncryptedKeyElement

        protected void createEncryptedKeyElement​(X509Certificate remoteCert,
                                         Crypto crypto,
                                         org.apache.xml.security.encryption.params.KeyAgreementParameters dhSpec)
                                  throws WSSecurityException
        Now we need to setup the EncryptedKey header block: 1) create a EncryptedKey element and set a wsu:Id for it 2) Generate ds:KeyInfo element, this wraps the wsse:SecurityTokenReference 3) Create and set up the SecurityTokenReference according to the keyIdentifier parameter 4) Create the CipherValue element structure and insert the encrypted session key
        Throws:
        WSSecurityException

      • createEncryptedKeyElement

        protected void createEncryptedKeyElement​(Key key)
                                  throws WSSecurityException
        Now we need to setup the EncryptedKey header block: 1) create a EncryptedKey element and set a wsu:Id for it 2) Generate ds:KeyInfo element, this wraps the wsse:SecurityTokenReference 3) Create and set up the SecurityTokenReference according to the keyIdentifier parameter 4) Create the CipherValue element structure and insert the encrypted session key
        Throws:
        WSSecurityException

      • prependToHeader

        public void prependToHeader()
        Prepend the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.

      • appendToHeader

        public void appendToHeader()
        Append the EncryptedKey element to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the EncryptedKey element at any position in the Security header.

      • prependBSTElementToHeader

        public void prependBSTElementToHeader()
        Prepend the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

      • appendBSTElementToHeader

        public void appendBSTElementToHeader()
        Append the BinarySecurityToken to the elements already in the Security header. The method can be called any time after prepare(). This allows to insert the BST element at any position in the Security header.

      • setUseThisCert

        public void setUseThisCert​(X509Certificate cert)
        Set the X509 Certificate to use for encryption. If this is set and the key identifier is set to DirectReference then use this certificate to get the public key for encryption.
        Parameters:
        cert - is the X509 certificate to use for encryption

      • setUseThisPublicKey

        public void setUseThisPublicKey​(PublicKey key)
        Set the PublicKey to use for encryption.
        Parameters:
        key - the PublicKey instance to use for encryption

      • getUseThisPublicKey

        public PublicKey getUseThisPublicKey()

      • getEncryptedKeyElement

        public Element getEncryptedKeyElement()
        Returns:
        Returns the encryptedKeyElement.

      • setEncryptedKeyElement

        public void setEncryptedKeyElement​(Element encryptedKeyElement)
        Set the encrypted key element when a pre prepared encrypted key is used
        Parameters:
        encryptedKeyElement - EncryptedKey element of the encrypted key used

      • getBinarySecurityTokenElement

        public Element getBinarySecurityTokenElement()
        Returns:
        Returns the BinarySecurityToken element.

      • setKeyEncAlgo

        public void setKeyEncAlgo​(String keyEncAlgo)

      • getKeyEncAlgo

        public String getKeyEncAlgo()

      • getKeyAgreementMethod

        public String getKeyAgreementMethod()

      • setKeyAgreementMethod

        public void setKeyAgreementMethod​(String keyAgreementMethod)

      • getKeyDerivationMethod

        public String getKeyDerivationMethod()

      • setKeyDerivationMethod

        public void setKeyDerivationMethod​(String keyDerivationMethod)

      • getKeyDerivationParameters

        public org.apache.xml.security.encryption.params.KeyDerivationParameters getKeyDerivationParameters()

      • setKeyDerivationParameters

        public void setKeyDerivationParameters​(org.apache.xml.security.encryption.params.KeyDerivationParameters keyDerivationParameters)

      • getBSTTokenId

        public String getBSTTokenId()
        Get the id of the BSt generated during prepare().
        Returns:
        Returns the the value of wsu:Id attribute of the BinaruSecurityToken element.

      • setEncKeyId

        public void setEncKeyId​(String encKeyId)
        Parameters:
        encKeyId - The encKeyId to set.

      • isCertSet

        public boolean isCertSet()

      • setCustomEKTokenValueType

        public void setCustomEKTokenValueType​(String customEKTokenValueType)

      • setCustomEKTokenId

        public void setCustomEKTokenId​(String customEKTokenId)

      • setDigestAlgorithm

        public void setDigestAlgorithm​(String digestAlgorithm)
        Set the digest algorithm to use with the RSA-OAEP key transport algorithm. The default is SHA-1.
        Parameters:
        digestAlgorithm - the digest algorithm to use with the RSA-OAEP key transport algorithm

      • getDigestAlgorithm

        public String getDigestAlgorithm()
        Get the digest algorithm to use with the RSA-OAEP key transport algorithm. The default is SHA-1.

      • setMGFAlgorithm

        public void setMGFAlgorithm​(String mgfAlgorithm)
        Set the MGF algorithm to use with the RSA-OAEP key transport algorithm. The default is MGF-SHA-1.
        Parameters:
        mgfAlgorithm - the MGF algorithm to use with the RSA-OAEP key transport algorithm

      • getMGFAlgorithm

        public String getMGFAlgorithm()
        Get the MGF algorithm to use with the RSA-OAEP key transport algorithm. The default is MGF-SHA-1.

      • isIncludeEncryptionToken

        public boolean isIncludeEncryptionToken()

      • setIncludeEncryptionToken

        public void setIncludeEncryptionToken​(boolean includeEncryptionToken)

      • getCustomEKKeyInfoElement

        public Element getCustomEKKeyInfoElement()

      • setCustomEKKeyInfoElement

        public void setCustomEKKeyInfoElement​(Element customEKKeyInfoElement)

      • getEncryptedKeySHA1

        public String getEncryptedKeySHA1()