10-18 Oracle Fusion Middleware Reference for Oracle Security Developer Tools encDataIds, eParam;

10.2.6.2 Encrypting SOAP messages without EncryptedKey

Use these steps if you do not wish to use an EncryptedKey: Decide on a data encryption key; you can either use the same one for all the EncryptedData sections or a different one for each. Also create an STR with the information that the receiver will use to locate this decryption key, and put into a WSSEncryptionParams object: SecretKey dataEncKey = ... ; assuming 128 bit AES key String dataEncAlg = XMLURI.alg_aes128_CBC; WSSecurityTokenReference str = ... Now put all this information into a WSSEncryptionParams WSSEncryptionParams eParam = new WSSEncryptionParams dataEncAlg, dataEncKey, null, null, str; Now create a list of elements to be encrypted as before, along with the associated contentOnly and encDataIds array: Element elem1 = ... one object to be encrypted Element elem2 = … another object to be encrypted ArrayList objectList[] = new ArrayList; objectList.addelem1; objectList.addelem2; both these elements are not content only boolean[] contentOnlys = { false, false }; After encryption the EncryptedData elements will get these ids String encDataIds[] = { id1, id2 }; Finally, call the encryptWithNoEncKey method: WSSecurity ws = ... XEEncryptedKey encKey = ws.encryptWithNoEncKeyobjectList, contentOnlys, encDataIds, new WSEncryptionParams[]{eParam, eParam}; In this example we used the same encryptionParams for both elements.

10.2.6.3 Encrypting SOAP Headers into an EncryptedHeader

When you call the encrypt methods on the SOAP header block , with content only set to false, the entire SOAP header block is encrypted into an EncryptedData element; this element is placed inside an EncryptedHeader element, which replaces the original SOAP header block. The mustUnderstand and actor attributes are copied over from the current wsse:Security header.

10.2.6.4 Decrypting SOAP messages with EncryptedKey

To decrypt SOAP messages with EncryptedKey, use: WSSecurity.decryptXEEncryptedKey, PrivateKey, SOAPMessage which first decrypts the EncryptedKey with the given PrivateKey to obtain a symmetric key, then uses this symmetric key to decrypt all the references inside the EncrytedKey. Oracle Web Services Security 10-19 If you do not know the PrivateKey, call: decryptXEEncryptedKey, SOAPMessage which looks into the KeyInfo of the EncryptedKey and calls the registered callbacks to obtain the private key. If you already know the decrypted form of the EncryptedKey then use: decryptXEEncryptedKey, SecretKey, SOAPMessage which uses the given symmetric key to decrypt all the references inside the EncryptedKey.

10.2.6.5 Decrypting SOAP messages without EncryptedKey