Java API
HSM Dinamo
Loading...
Looking for...
No entries found
JCAWSS4J.java

Example of encryption and decryption with the WSS4j library.

See Note on examples.
package doxy.examples;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
import java.util.Enumeration;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.xml.security.Init;
import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.WSSecTimestamp;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.w3c.dom.Document;
public class JCAWSS4J {
// Inicialização da Apache XML Security
static {
Init.init();
}
static void writeDocumentToFile(Document doc, String filePath) throws TransformerException {
TransformerFactory transformerFactory = TransformerFactory.newInstance();
Transformer transformer = transformerFactory.newTransformer();
DOMSource source = new DOMSource(doc);
StreamResult result = new StreamResult(new File(filePath));
transformer.transform(source, result);
}
static Document outbound(Document doc, Merlin merlin,
String signatureAlias, String encryptionAlias) throws Exception {
// Cria e insere o cabeçalho <wsse:Security> na mensagem SOAP.
WSSecHeader header = new WSSecHeader(doc);
header.insertSecurityHeader();
// Adiciona um timestamp de segurança (<wsu:Timestamp>).
WSSecTimestamp timestamp = new WSSecTimestamp(header);
timestamp.setTimeToLive(60);
timestamp.build();
// Define as partes da mensagem que serão assinadas e/ou criptografadas.
WSEncryptionPart timestampPart = new WSEncryptionPart("Timestamp", WSConstants.WSU_NS, "");
String soapNs = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
WSEncryptionPart bodyPart = new WSEncryptionPart(WSConstants.ELEM_BODY, soapNs, "Content");
// Configura a assinatura.
WSSecSignature signature = new WSSecSignature(header);
signature.setUserInfo(signatureAlias, ""); // alias da chave de assinatura
signature.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
signature.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
signature.setSigCanonicalization(WSConstants.C14N_EXCL_OMIT_COMMENTS);
signature.setDigestAlgo(WSConstants.SHA256);
// partes que devem ser assinadas (Corpo e Timestamp).
signature.getParts().add(bodyPart);
signature.getParts().add(timestampPart);
// Executa a assinatura
signature.build(merlin);
// Configura a CRIPTOGRAFIA.
WSSecEncrypt encrypt = new WSSecEncrypt(header);
encrypt.setUserInfo(encryptionAlias, ""); // alias da chave publica usada para o transporte
encrypt.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
encrypt.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES); // algoritmo de criptografia simétrica do corpo
encrypt.setKeyEncAlgo(WSConstants.KEYTRANSPORT_RSAOAEP); // algoritmo de transporte da chave simétrica
encrypt.getParts().add(bodyPart);
// 6. Gera uma chave simétrica (chave de sessão) para criptografar os dados.
KeyGenerator keyGen = KeyGenerator.getInstance("DESede", merlin.getCryptoProvider());
keyGen.init(168);
SecretKey symmetricKey = keyGen.generateKey();
// Executa a criptografia
encrypt.build(merlin, symmetricKey);
return doc;
}
static Document inbound(Document doc, Merlin merlin)
throws Exception {
WSSConfig wssConfig = WSSConfig.getNewInstance();
RequestData requestData = new RequestData();
requestData.setDecCrypto(merlin);
requestData.setSigVerCrypto(merlin);
requestData.setWssConfig(wssConfig);
requestData.setCallbackHandler(callbacks -> {
for (Object _cb : callbacks) {
if (_cb instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) _cb;
if (pc.getUsage() == WSPasswordCallback.DECRYPT || pc.getUsage() == WSPasswordCallback.SIGNATURE) {
System.out.println("Callback for: " + pc.getIdentifier());
pc.setPassword("");
}
}
}
});
WSSecurityEngine engine = new WSSecurityEngine();
engine.processSecurityHeader(doc, requestData);
return doc;
}
public static void main(String[] args) {
try {
// Configuração do provider e keystore
Security.addProvider(new br.com.trueaccess.provider.netdfence.ND());
Provider provider = Security.getProvider("ND");
String pin = "user:password@hsm.local";
FileInputStream fis = null;
KeyStore keystore = KeyStore.getInstance("TACCON", provider);
keystore.load(fis, pin.toCharArray());
String signatureAlias = "C3HMO";
String encryptionAlias = "CIPHMO";
//String signatureAlias = "cnpj";
//String encryptionAlias = "cnpj";
//KeyStore keystore = KeyStore.getInstance("TACV", "ND");
//keystore.load(null);
// Configuração de crypto do WSS4J
Merlin merlin = new Merlin();
merlin.setKeyStore(keystore);
merlin.setTrustStore(keystore);
merlin.setCryptoProvider("ND");
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
{
// leitura da mensagem original do arquivo
Document doc = dbf.newDocumentBuilder().parse(new File("message.xml"));
// processamento da mensagem
Document processedDoc = outbound(doc, merlin, signatureAlias, encryptionAlias);
// escreve a mensagem processada para o arquivo
writeDocumentToFile(processedDoc, "output.xml");
}
{
// leitura da mensagem criptografada do arquivo
Document doc = dbf.newDocumentBuilder().parse(new File("output.xml"));
// processamento da mensagem
Document decodedDoc = inbound(doc, merlin);
writeDocumentToFile(decodedDoc, "decrypted.xml");
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
Generated by Doxygen / Doxygen Awesome