Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.camel.model.dataformat;
018
019import java.util.HashMap;
020import java.util.Map;
021
022import javax.xml.bind.annotation.XmlAccessType;
023import javax.xml.bind.annotation.XmlAccessorType;
024import javax.xml.bind.annotation.XmlAttribute;
025import javax.xml.bind.annotation.XmlRootElement;
026import javax.xml.bind.annotation.XmlTransient;
027
028import org.apache.camel.model.DataFormatDefinition;
029import org.apache.camel.spi.Metadata;
030import org.apache.camel.spi.NamespaceAware;
031import org.apache.camel.support.jsse.KeyStoreParameters;
032
033/**
034 * Encrypt and decrypt XML payloads using Apache Santuario.
035 */
036@Metadata(firstVersion = "2.0.0", label = "dataformat,transformation,xml,security", title = "XML Security")
037@XmlRootElement(name = "secureXML")
038@XmlAccessorType(XmlAccessType.FIELD)
039public class XMLSecurityDataFormat extends DataFormatDefinition implements NamespaceAware {
040
041    @XmlAttribute
042    @Metadata(defaultValue = "AES-256-GCM")
043    private String xmlCipherAlgorithm;
044    @XmlAttribute
045    private String passPhrase;
046    @XmlAttribute
047    private byte[] passPhraseByte;
048    @XmlAttribute
049    private String secureTag;
050    @XmlAttribute
051    @Metadata(javaType = "java.lang.Boolean")
052    private String secureTagContents;
053    @XmlAttribute
054    @Metadata(defaultValue = "RSA_OAEP")
055    private String keyCipherAlgorithm;
056    @XmlAttribute
057    private String recipientKeyAlias;
058    @XmlAttribute
059    private String keyOrTrustStoreParametersRef;
060    @XmlAttribute
061    private String keyPassword;
062    @XmlAttribute
063    @Metadata(defaultValue = "SHA1")
064    private String digestAlgorithm;
065    @XmlAttribute
066    @Metadata(defaultValue = "MGF1_SHA1")
067    private String mgfAlgorithm;
068    @XmlAttribute
069    @Metadata(javaType = "java.lang.Boolean", defaultValue = "true")
070    private String addKeyValueForEncryptedKey;
071    @XmlTransient
072    private KeyStoreParameters keyOrTrustStoreParameters;
073    @XmlTransient
074    private Map<String, String> namespaces;
075
076    public XMLSecurityDataFormat() {
077        super("secureXML");
078    }
079
080    public String getXmlCipherAlgorithm() {
081        return xmlCipherAlgorithm;
082    }
083
084    /**
085     * The cipher algorithm to be used for encryption/decryption of the XML
086     * message content. The available choices are:
087     * <ul>
088     * <li>XMLCipher.TRIPLEDES</li>
089     * <li>XMLCipher.AES_128</li>
090     * <li>XMLCipher.AES_128_GCM</li>
091     * <li>XMLCipher.AES_192</li>
092     * <li>XMLCipher.AES_192_GCM</li>
093     * <li>XMLCipher.AES_256</li>
094     * <li>XMLCipher.AES_256_GCM</li>
095     * <li>XMLCipher.SEED_128</li>
096     * <li>XMLCipher.CAMELLIA_128</li>
097     * <li>XMLCipher.CAMELLIA_192</li>
098     * <li>XMLCipher.CAMELLIA_256</li>
099     * </ul>
100     * The default value is XMLCipher.AES_256_GCM
101     */
102    public void setXmlCipherAlgorithm(String xmlCipherAlgorithm) {
103        this.xmlCipherAlgorithm = xmlCipherAlgorithm;
104    }
105
106    public String getPassPhrase() {
107        return passPhrase;
108    }
109
110    /**
111     * A String used as passPhrase to encrypt/decrypt content. The passPhrase
112     * has to be provided. The passPhrase needs to be put together in conjunction with the
113     * appropriate encryption algorithm. For example using TRIPLEDES the
114     * passPhase can be a "Only another 24 Byte key"
115     */
116    public void setPassPhrase(String passPhrase) {
117        this.passPhrase = passPhrase;
118    }
119
120    public byte[] getPassPhraseByte() {
121        return passPhraseByte;
122    }
123
124    /**
125     * A byte[] used as passPhrase to encrypt/decrypt content. The passPhrase
126     * has to be provided. The passPhrase needs to be put together in conjunction with the
127     * appropriate encryption algorithm. For example using TRIPLEDES the
128     * passPhase can be a "Only another 24 Byte key"
129     */
130    public void setPassPhraseByte(byte[] passPhraseByte) {
131        this.passPhraseByte = passPhraseByte;
132    }
133
134    public String getSecureTag() {
135        return secureTag;
136    }
137
138    /**
139     * The XPath reference to the XML Element selected for
140     * encryption/decryption. If no tag is specified, the entire payload is
141     * encrypted/decrypted.
142     */
143    public void setSecureTag(String secureTag) {
144        this.secureTag = secureTag;
145    }
146
147    public String getSecureTagContents() {
148        return secureTagContents;
149    }
150
151    /**
152     * A boolean value to specify whether the XML Element is to be encrypted or
153     * the contents of the XML Element false = Element Level true = Element
154     * Content Level
155     */
156    public void setSecureTagContents(String secureTagContents) {
157        this.secureTagContents = secureTagContents;
158    }
159
160    /**
161     * The cipher algorithm to be used for encryption/decryption of the
162     * asymmetric key. The available choices are:
163     * <ul>
164     * <li>XMLCipher.RSA_v1dot5</li>
165     * <li>XMLCipher.RSA_OAEP</li>
166     * <li>XMLCipher.RSA_OAEP_11</li>
167     * </ul>
168     * The default value is XMLCipher.RSA_OAEP
169     */
170    public void setKeyCipherAlgorithm(String keyCipherAlgorithm) {
171        this.keyCipherAlgorithm = keyCipherAlgorithm;
172    }
173
174    public String getKeyCipherAlgorithm() {
175        return keyCipherAlgorithm;
176    }
177
178    /**
179     * The key alias to be used when retrieving the recipient's public or
180     * private key from a KeyStore when performing asymmetric key encryption or
181     * decryption.
182     */
183    public void setRecipientKeyAlias(String recipientKeyAlias) {
184        this.recipientKeyAlias = recipientKeyAlias;
185    }
186
187    public String getRecipientKeyAlias() {
188        return recipientKeyAlias;
189    }
190
191    /**
192     * Refers to a KeyStore instance to lookup in the registry, which is used
193     * for configuration options for creating and loading a KeyStore instance
194     * that represents the sender's trustStore or recipient's keyStore.
195     */
196    public void setKeyOrTrustStoreParametersRef(String id) {
197        this.keyOrTrustStoreParametersRef = id;
198    }
199
200    public String getKeyOrTrustStoreParametersRef() {
201        return this.keyOrTrustStoreParametersRef;
202    }
203
204    public KeyStoreParameters getKeyOrTrustStoreParameters() {
205        return keyOrTrustStoreParameters;
206    }
207
208    /**
209     * Configuration options for creating and loading a KeyStore instance that
210     * represents the sender's trustStore or recipient's keyStore.
211     */
212    public void setKeyOrTrustStoreParameters(KeyStoreParameters keyOrTrustStoreParameters) {
213        this.keyOrTrustStoreParameters = keyOrTrustStoreParameters;
214    }
215
216    public String getKeyPassword() {
217        return this.keyPassword;
218    }
219
220    /**
221     * The password to be used for retrieving the private key from the KeyStore.
222     * This key is used for asymmetric decryption.
223     */
224    public void setKeyPassword(String keyPassword) {
225        this.keyPassword = keyPassword;
226    }
227
228    public String getDigestAlgorithm() {
229        return digestAlgorithm;
230    }
231
232    /**
233     * The digest algorithm to use with the RSA OAEP algorithm. The available
234     * choices are:
235     * <ul>
236     * <li>XMLCipher.SHA1</li>
237     * <li>XMLCipher.SHA256</li>
238     * <li>XMLCipher.SHA512</li>
239     * </ul>
240     * The default value is XMLCipher.SHA1
241     */
242    public void setDigestAlgorithm(String digestAlgorithm) {
243        this.digestAlgorithm = digestAlgorithm;
244    }
245
246    public String getMgfAlgorithm() {
247        return mgfAlgorithm;
248    }
249
250    /**
251     * The MGF Algorithm to use with the RSA OAEP algorithm. The available
252     * choices are:
253     * <ul>
254     * <li>EncryptionConstants.MGF1_SHA1</li>
255     * <li>EncryptionConstants.MGF1_SHA256</li>
256     * <li>EncryptionConstants.MGF1_SHA512</li>
257     * </ul>
258     * The default value is EncryptionConstants.MGF1_SHA1
259     */
260    public void setMgfAlgorithm(String mgfAlgorithm) {
261        this.mgfAlgorithm = mgfAlgorithm;
262    }
263
264    public String getAddKeyValueForEncryptedKey() {
265        return addKeyValueForEncryptedKey;
266    }
267
268    /**
269     * Whether to add the public key used to encrypt the session key as a
270     * KeyValue in the EncryptedKey structure or not.
271     */
272    public void setAddKeyValueForEncryptedKey(String addKeyValueForEncryptedKey) {
273        this.addKeyValueForEncryptedKey = addKeyValueForEncryptedKey;
274    }
275
276    @Override
277    public void setNamespaces(Map<String, String> nspaces) {
278        if (this.namespaces == null) {
279            this.namespaces = new HashMap<>();
280        }
281        this.namespaces.putAll(nspaces);
282    }
283
284    @Override
285    public Map<String, String> getNamespaces() {
286        return namespaces;
287    }
288}