org.apache.wss4j.dom.message.WSSecEncryptedKey Maven / Gradle / Ivy
The newest version!
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
package org.apache.wss4j.dom.message;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.message.token.BinarySecurity;
import org.apache.wss4j.dom.message.token.DOMX509Data;
import org.apache.wss4j.dom.message.token.DOMX509IssuerSerial;
import org.apache.wss4j.dom.message.token.Reference;
import org.apache.wss4j.dom.message.token.SecurityTokenReference;
import org.apache.wss4j.dom.message.token.X509Security;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Text;
* Builder class to build an EncryptedKey.
* This is especially useful in the case where the same
* EncryptedKey
has to be used to sign and encrypt the message In
* such a situation this builder will add the EncryptedKey
to the
* security header and we can use the information form the builder to provide to
* other builders to reference to the token
public class WSSecEncryptedKey extends WSSecBase {
private static final org.slf4j.Logger LOG =
protected Document document;
* soap:Envelope element
protected Element envelope;
* Session key used as the secret in key derivation
protected byte[] ephemeralKey;
* Symmetric key used in the EncryptedKey.
protected SecretKey symmetricKey;
* Encrypted bytes of the ephemeral key
protected byte[] encryptedEphemeralKey;
* Algorithm used to encrypt the ephemeral key
protected String keyEncAlgo = WSConstants.KEYTRANSPORT_RSAOEP;
* Algorithm to be used with the ephemeral key
protected String symEncAlgo = WSConstants.AES_128;
* Digest Algorithm to be used with RSA-OAEP. The default is SHA-1 (which is not
* written out unless it is explicitly configured).
private String digestAlgo;
* MGF Algorithm to be used with RSA-OAEP. The default is MGF-SHA-1 (which is not
* written out unless it is explicitly configured).
private String mgfAlgo;
* xenc:EncryptedKey element
protected Element encryptedKeyElement;
* The Token identifier of the token that the DerivedKeyToken
* is (or to be) derived from.
protected String encKeyId;
* BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE
* is used to refer to the asymmetric encryption cert
protected BinarySecurity bstToken;
protected X509Certificate useThisCert;
* Custom token value
private String customEKTokenValueType;
* Custom token id
private String customEKTokenId;
private boolean bstAddedToSecurityHeader;
private boolean includeEncryptionToken;
public WSSecEncryptedKey() {
public WSSecEncryptedKey(WSSConfig config) {
* Set the user name to get the encryption certificate.
* The public key of this certificate is used, thus no password necessary.
* The user name is a keystore alias usually.
* @param user
public void setUserInfo(String user) {
this.user = user;
* Get the id generated during prepare()
* Returns the the value of wsu:Id attribute of the EncryptedKey element.
* @return Return the wsu:Id of this token or null if prepare()
* was not called before.
public String getId() {
return encKeyId;
* Prepare the ephemeralKey and the tokens required to be added to the
* security header
* @param doc The SOAP envelope as Document
* @param crypto An instance of the Crypto API to handle keystore and certificates
* @throws WSSecurityException
public void prepare(Document doc, Crypto crypto) throws WSSecurityException {
document = doc;
// Set up the ephemeral key
if (ephemeralKey == null) {
if (symmetricKey == null) {
KeyGenerator keyGen = getKeyGenerator();
symmetricKey = keyGen.generateKey();
ephemeralKey = symmetricKey.getEncoded();
if (symmetricKey == null) {
symmetricKey = KeyUtils.prepareSecretKey(symEncAlgo, ephemeralKey);
// Get the certificate that contains the public key for the public key
// algorithm that will encrypt the generated symmetric (session) key.
X509Certificate remoteCert = useThisCert;
if (remoteCert == null) {
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
if (certs == null || certs.length <= 0) {
throw new WSSecurityException(
user, "encryption");
remoteCert = certs[0];
prepareInternal(symmetricKey, remoteCert, crypto);
* Encrypt the symmetric key data and prepare the EncryptedKey element
* This method does the most work for to prepare the EncryptedKey element.
* It is also used by the WSSecEncrypt sub-class.
* @param secretKey The symmetric key
* @param remoteCert The certificate that contains the public key to encrypt the
* symmetric key data
* @param crypto An instance of the Crypto API to handle keystore and certificates
* @throws WSSecurityException
protected void prepareInternal(
SecretKey secretKey,
X509Certificate remoteCert,
Crypto crypto
) throws WSSecurityException {
Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
try {
OAEPParameterSpec oaepParameterSpec = null;
if (WSConstants.KEYTRANSPORT_RSAOEP.equals(keyEncAlgo)
|| WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(keyEncAlgo)) {
String jceDigestAlgorithm = "SHA-1";
if (digestAlgo != null) {
jceDigestAlgorithm = JCEMapper.translateURItoJCEID(digestAlgo);
MGF1ParameterSpec mgf1ParameterSpec = new MGF1ParameterSpec("SHA-1");
if (mgfAlgo != null) {
if (WSConstants.MGF_SHA224.equals(mgfAlgo)) {
mgf1ParameterSpec = new MGF1ParameterSpec("SHA-224");
} if (WSConstants.MGF_SHA256.equals(mgfAlgo)) {
mgf1ParameterSpec = new MGF1ParameterSpec("SHA-256");
} else if (WSConstants.MGF_SHA384.equals(mgfAlgo)) {
mgf1ParameterSpec = new MGF1ParameterSpec("SHA-384");
} else if (WSConstants.MGF_SHA512.equals(mgfAlgo)) {
mgf1ParameterSpec = new MGF1ParameterSpec("SHA-512");
oaepParameterSpec =
new OAEPParameterSpec(
jceDigestAlgorithm, "MGF1", mgf1ParameterSpec, PSource.PSpecified.DEFAULT
if (oaepParameterSpec == null) {
cipher.init(Cipher.WRAP_MODE, remoteCert);
} else {
cipher.init(Cipher.WRAP_MODE, remoteCert.getPublicKey(), oaepParameterSpec);
} catch (InvalidKeyException e) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e
} catch (InvalidAlgorithmParameterException e) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e
int blockSize = cipher.getBlockSize();
if (doDebug) {
"cipher blksize: " + blockSize + ", symm key: " + secretKey.toString()
try {
encryptedEphemeralKey = cipher.wrap(secretKey);
} catch (IllegalStateException ex) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_ENCRYPTION, ex
} catch (IllegalBlockSizeException ex) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_ENCRYPTION, ex
} catch (InvalidKeyException ex) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_ENCRYPTION, ex
Text keyText =
WSSecurityUtil.createBase64EncodedTextNode(document, encryptedEphemeralKey);
// Now we need to setup the EncryptedKey header block 1) create a
// EncryptedKey element and set a wsu:Id for it 2) Generate ds:KeyInfo
// element, this wraps the wsse:SecurityTokenReference 3) Create and set
// up the SecurityTokenReference according to the keyIdentifier parameter
// 4) Create the CipherValue element structure and insert the encrypted
// session key
encryptedKeyElement = createEncryptedKey(document, keyEncAlgo);
if (encKeyId == null || "".equals(encKeyId)) {
encKeyId = IDGenerator.generateID("EK-");
encryptedKeyElement.setAttributeNS(null, "Id", encKeyId);
SecurityTokenReference secToken = new SecurityTokenReference(document);
switch (keyIdentifierType) {
case WSConstants.X509_KEY_IDENTIFIER:
secToken.setKeyIdentifierSKI(remoteCert, crypto);
if (includeEncryptionToken) {
// This identifier is not applicable for this case, so fall back to
// ThumbprintRSA.
if (includeEncryptionToken) {
case WSConstants.ISSUER_SERIAL:
String issuer = remoteCert.getIssuerX500Principal().getName();
java.math.BigInteger serialNumber = remoteCert.getSerialNumber();
DOMX509IssuerSerial domIssuerSerial =
new DOMX509IssuerSerial(
document, issuer, serialNumber
DOMX509Data domX509Data = new DOMX509Data(document, domIssuerSerial);
if (includeEncryptionToken) {
Reference ref = new Reference(document);
String certUri = IDGenerator.generateID(null);
ref.setURI("#" + certUri);
bstToken = new X509Security(document);
((X509Security) bstToken).setX509Certificate(remoteCert);
Reference refCust = new Reference(document);
if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
} else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
} else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customEKTokenValueType)) {
} else {
refCust.setURI("#" + customEKTokenId);
Reference refCustd = new Reference(document);
if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
} else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
} else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customEKTokenValueType)) {
} else {
secToken.setKeyIdentifier(customEKTokenValueType, customEKTokenId);
if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
} else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
} else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customEKTokenValueType)) {
} else if (SecurityTokenReference.ENC_KEY_SHA1_URI.equals(customEKTokenValueType)) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "unsupportedKeyId");
Element keyInfoElement =
WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN
WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS
Element xencCipherValue = createCipherValue(document, encryptedKeyElement);
envelope = document.getDocumentElement();
* Add a BinarySecurityToken
private void addBST(X509Certificate cert) throws WSSecurityException {
bstToken = new X509Security(document);
((X509Security) bstToken).setX509Certificate(cert);
bstAddedToSecurityHeader = false;
protected KeyGenerator getKeyGenerator() throws WSSecurityException {
try {
// Assume AES as default, so initialize it
String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo);
if (keyAlgorithm == null || "".equals(keyAlgorithm)) {
keyAlgorithm = JCEMapper.translateURItoJCEID(symEncAlgo);
KeyGenerator keyGen = KeyGenerator.getInstance(keyAlgorithm);
if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)
|| symEncAlgo.equalsIgnoreCase(WSConstants.AES_128_GCM)) {
} else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)
|| symEncAlgo.equalsIgnoreCase(WSConstants.AES_192_GCM)) {
} else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)
|| symEncAlgo.equalsIgnoreCase(WSConstants.AES_256_GCM)) {
return keyGen;
} catch (NoSuchAlgorithmException e) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e
* Create DOM subtree for xenc:EncryptedKey
* @param doc the SOAP envelope parent document
* @param keyTransportAlgo specifies which algorithm to use to encrypt the symmetric key
* @return an xenc:EncryptedKey
protected Element createEncryptedKey(Document doc, String keyTransportAlgo) {
Element encryptedKey =
doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":EncryptedKey");
WSSecurityUtil.setNamespace(encryptedKey, WSConstants.ENC_NS, WSConstants.ENC_PREFIX);
Element encryptionMethod =
doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":EncryptionMethod");
encryptionMethod.setAttributeNS(null, "Algorithm", keyTransportAlgo);
if (digestAlgo != null) {
Element digestElement =
XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_DIGESTMETHOD);
digestElement.setAttributeNS(null, "Algorithm", digestAlgo);
if (mgfAlgo != null) {
Element mgfElement =
doc.createElementNS(WSConstants.ENC11_NS, WSConstants.ENC11_PREFIX + ":MGF");
mgfElement.setAttributeNS(null, "Algorithm", mgfAlgo);
return encryptedKey;
protected Element createCipherValue(Document doc, Element encryptedKey) {
Element cipherData =
doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":CipherData");
Element cipherValue =
doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":CipherValue");
return cipherValue;
* Prepend the EncryptedKey element to the elements already in the Security
* header.
* The method can be called any time after prepare()
. This
* allows to insert the EncryptedKey element at any position in the Security
* header.
* @param secHeader The security header that holds the Signature element.
public void prependToHeader(WSSecHeader secHeader) {
WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), encryptedKeyElement);
* Append the EncryptedKey element to the elements already in the Security
* header.
* The method can be called any time after prepare()
. This
* allows to insert the EncryptedKey element at any position in the Security
* header.
* @param secHeader The security header that holds the Signature element.
public void appendToHeader(WSSecHeader secHeader) {
Element secHeaderElement = secHeader.getSecurityHeader();
* Prepend the BinarySecurityToken to the elements already in the Security
* header.
* The method can be called any time after prepare()
. This
* allows to insert the BST element at any position in the Security header.
* @param secHeader The security header that holds the BST element.
public void prependBSTElementToHeader(WSSecHeader secHeader) {
if (bstToken != null && !bstAddedToSecurityHeader) {
secHeader.getSecurityHeader(), bstToken.getElement()
bstAddedToSecurityHeader = true;
* Append the BinarySecurityToken to the elements already in the Security
* header.
* The method can be called any time after prepare()
. This
* allows to insert the BST element at any position in the Security header.
* @param secHeader The security header that holds the BST element.
public void appendBSTElementToHeader(WSSecHeader secHeader) {
if (bstToken != null && !bstAddedToSecurityHeader) {
Element secHeaderElement = secHeader.getSecurityHeader();
bstAddedToSecurityHeader = true;
* @return Returns the ephemeralKey.
public byte[] getEphemeralKey() {
return ephemeralKey;
* Set the X509 Certificate to use for encryption.
* If this is set and the key identifier is set to
* DirectReference
then use this certificate to get the
* public key for encryption.
* @param cert is the X509 certificate to use for encryption
public void setUseThisCert(X509Certificate cert) {
useThisCert = cert;
* @return Returns the encryptedKeyElement.
public Element getEncryptedKeyElement() {
return encryptedKeyElement;
* Set the encrypted key element when a pre prepared encrypted key is used
* @param encryptedKeyElement EncryptedKey element of the encrypted key used
public void setEncryptedKeyElement(Element encryptedKeyElement) {
this.encryptedKeyElement = encryptedKeyElement;
* @return Returns the BinarySecurityToken element.
public Element getBinarySecurityTokenElement() {
if (bstToken != null) {
return bstToken.getElement();
return null;
public void setKeyEncAlgo(String keyEncAlgo) {
this.keyEncAlgo = keyEncAlgo;
* @param ephemeralKey The ephemeralKey to set.
public void setEphemeralKey(byte[] ephemeralKey) {
this.ephemeralKey = ephemeralKey;
* Get the id of the BSt generated during prepare()
* @return Returns the the value of wsu:Id attribute of the
* BinaruSecurityToken element.
public String getBSTTokenId() {
if (bstToken == null) {
return null;
return bstToken.getID();
* @param document The document to set.
public void setDocument(Document document) {
this.document = document;
* @param encKeyId The encKeyId to set.
public void setEncKeyId(String encKeyId) {
this.encKeyId = encKeyId;
public boolean isCertSet() {
if (useThisCert == null) {
return false;
return true;
public byte[] getEncryptedEphemeralKey() {
return encryptedEphemeralKey;
public void setCustomEKTokenValueType(String customEKTokenValueType) {
this.customEKTokenValueType = customEKTokenValueType;
public void setCustomEKTokenId(String customEKTokenId) {
this.customEKTokenId = customEKTokenId;
* Set the name of the symmetric encryption algorithm to use.
* This encryption algorithm is used to encrypt the data. If the algorithm
* is not set then AES128 is used. Refer to WSConstants which algorithms are
* supported.
* @param algo Is the name of the encryption algorithm
* @see WSConstants#TRIPLE_DES
* @see WSConstants#AES_128
* @see WSConstants#AES_192
* @see WSConstants#AES_256
public void setSymmetricEncAlgorithm(String algo) {
symEncAlgo = algo;
* Get the name of symmetric encryption algorithm to use.
* The name of the encryption algorithm to encrypt the data, i.e. the SOAP
* Body. Refer to WSConstants which algorithms are supported.
* @return the name of the currently selected symmetric encryption algorithm
* @see WSConstants#TRIPLE_DES
* @see WSConstants#AES_128
* @see WSConstants#AES_192
* @see WSConstants#AES_256
public String getSymmetricEncAlgorithm() {
return symEncAlgo;
* Set the digest algorithm to use with the RSA-OAEP key transport algorithm. The
* default is SHA-1.
* @param digestAlgorithm the digest algorithm to use with the RSA-OAEP key transport algorithm
public void setDigestAlgorithm(String digestAlgorithm) {
this.digestAlgo = digestAlgorithm;
* Get the digest algorithm to use with the RSA-OAEP key transport algorithm. The
* default is SHA-1.
public String getDigestAlgorithm() {
return digestAlgo;
* Set the MGF algorithm to use with the RSA-OAEP key transport algorithm. The
* default is MGF-SHA-1.
* @param mgfAlgorithm the MGF algorithm to use with the RSA-OAEP key transport algorithm
public void setMGFAlgorithm(String mgfAlgorithm) {
this.mgfAlgo = mgfAlgorithm;
* Get the MGF algorithm to use with the RSA-OAEP key transport algorithm. The
* default is MGF-SHA-1.
public String getMGFAlgorithm() {
return mgfAlgo;
* @return The symmetric key
public SecretKey getSymmetricKey() {
return symmetricKey;
* Set the symmetric key to be used for encryption
* @param key
public void setSymmetricKey(SecretKey key) {
this.symmetricKey = key;
public boolean isIncludeEncryptionToken() {
return includeEncryptionToken;
public void setIncludeEncryptionToken(boolean includeEncryptionToken) {
this.includeEncryptionToken = includeEncryptionToken;
© 2015 - 2025 Weber Informatics LLC | Privacy Policy