Encrypting SOAP messages with EncryptedKey
10.2.6.1 Encrypting SOAP messages with EncryptedKey
First decide on a key to use to encrypt this random session key, then create an STR with the information that the receiver will use to locate this decryption key: Key keyEncKey = ... ; WSSecurityTokenReference str = ... create a WSSEncryptionParams with this information: Choose a data encryption algorithm - say AES 128 String dataEncAlg = XMLURI.alg_aes128_CBC; Either generate a random session key yourself, or set this to null to indicate that OSDT should generate it SecretKey dataEncKey = null; Depending on the KeyEncryptionKey that you have chosen choose either an RSA key wrap or a symmetric key wrap String keyEncAlg = XMLURI.alg_rsaOAEP_MGF1; Now put all this information into a WSSEncryptionParams WSSEncryptionParams eParam = new WSSEncryptionParams dataEncAlg, dataEncKey, keyEncAlg, keyEncKey, str; regular DOM element, SOAP headers, the SOAP Body or AttachmentParts: Element elem1 = ... one object to be encrypted Element elem2 = … another object to be encrypted ArrayList objectList[] = new ArrayList; objectList.addelem1; objectList.addelem2; Create two more arrays to indicate whether each object is to be encrypted content only, and what IDs will be assigned to the resulting EncryptedData objects: both these elements are not content only boolean[] contentOnlys = { false, false }; After encryption the EncryptedData elements will get these ids String encDataIds[] = { id1, id2 }; Finally, call the encryptWithEncKey method: WSSecurity ws = ... XEEncryptedKey encKey = ws.encryptWithEncKeyobjectList, contentOnlys, Note: While encrypting regular DOM elements is standard practice, you can also encrypt SOAP headers, the SOAP body, and attachments. Special considerations apply for encrypting these objects as explained later. Note: SOAP bodies are always encrypted content only, regardless of what you pass in this flag. For attachments, not content only means content plus mime headers. 10-18 Oracle Fusion Middleware Reference for Oracle Security Developer Tools encDataIds, eParam;10.2.6.2 Encrypting SOAP messages without EncryptedKey
Parts
» Oracle Fusion Middleware Online Documentation Library
» Symmetric Cryptographic Algorithms Asymmetric Cryptographic Algorithms
» Key Pairs Certificate Authority Digital Certificates Related PKI Standards
» SAML Request and Response Cycle
» Web Services Security Federation
» Toolkit Architecture Overview of Oracle Security Developer Tools
» Supported Standards Oracle Crypto Oracle Security Engine Oracle CMS
» Oracle PKI LDAP SDK Oracle PKI TSP SDK Oracle PKI OCSP SDK Oracle PKI CMP SDK
» Oracle SMIME Oracle XML Security Oracle SAML Oracle Web Services Security
» Oracle Liberty SDK Oracle XKMS
» Converting an Existing Key Object to a JCE Key Object
» The JCE Framework JCE Certificate Revocation Lists CRLs
» Working with standard KeyStore-type Wallets Working with PKCS12 and PKCS8 Wallets
» The RSA Cipher Password Based Encryption
» The oracle.security.crypto.core.MessageDigest Class The oracle.security.crypto.core.MAC Class
» Signatures Key Agreement Core Classes and Interfaces
» The oracle.security.crypto.cert.X500RDN Class The oracle.security.crypto.cert.X500Name Class
» The oracle.security.crypto.cert.CertificateRequest Class
» Abstract Base Class CMSContentInfo The CMSDataContentInfo Class
» The ESSReceipt Class The CMSDigestedDataContentInfo Class
» The CMSSignedDataContentInfo Class Constructing CMS Objects using the CMSContentInfo Classes
» The CMSEncryptedDataContentInfo Class Constructing CMS Objects using the CMSContentInfo Classes
» The CMSEnvelopedDataContentInfo Class Constructing CMS Objects using the CMSContentInfo Classes
» Using the CMSOutputStream and CMSInputStream Classes
» The oracle.security.crypto.smime.SmimeSigned Class
» The oracle.security.crypto.smime.SmimeSignedReceipt Class
» Using the Abstract Class SmimeObject
» Creating MultipartSigned Entities Creating Digital Envelopes
» Creating Certificates-Only Messages Reading Messages Authenticating Signed Messages
» Opening Digital Envelopes Encrypted Messages Adding Enhanced Security Services ESS
» System Requirements for Oracle PKI TSP SDK Setting the CLASSPATH Environment Variable
» The Oracle PKI LDAP SDK Java API Reference Example Programs
» Set Up Key Exchange Provide a Receiver Hint
» Construct the Wrapper Object Obtain the DOM Element from the Wrapper Object Parse Complex Elements
» Construct Complex Elements About Element Wrappers in the Oracle Security Developer Tools XML APIs
» Multiple References Enveloped Signature XPath Expression Certificate Hint Sign with HMAC Key
» Basic Procedure to Check What is Signed Set Up Callbacks
» Encrypt with a Shared Symmetric Key Encrypt with a Random Symmetric Key
» Core Classes Classes and Interfaces
» Oracle SAML 2.0 Packages The Oracle SAML 2.0 Java API Reference Example Programs
» Element Wrappers Classes and Interfaces
» Creating an X509 Token Creating a Kerberos Token
» Signing SOAP Messages Signing and Verifying
» Verifying SOAP Messages Signing and Verifying
» Encrypting SOAP messages with EncryptedKey
» Supporting Classes and Interfaces
» The Oracle Liberty SDK 1.2 API Reference Example Programs
» oracle.security.xmlsec.xkms.xkiss.LocateRequest oracle.security.xmlsec.xkms.xkiss.LocateResult
» oracle.security.xmlsec.xkms.xkiss.ValidateRequest oracle.security.xmlsec.xkms.xkiss.ValidateResult
Show more