The objective of this example is to encrypt an XML document using the TrustedX encryption service. In order to understand this example, it is recommended that first you understand the previously seen example: X.509 Certificate Validation.

To try this example, you must download the file called sampleAxis9.zip and follow the instructions in Configuration of the Environment.

The method used for encrypting data guarantees confidentiality between the issuer and the recipient. This method uses the key pair supplied by the PKI infrastructure, i.e. the private key and the public key.

First, we must initialize the connection with the Web service. In this case, the Web service is DigitalEncryption, which enables us to both encrypt and decrypt data.

TWSDELocator locatorDe = new TWSDELocator();
locatorDe.setDigitalEncryptionEndpointAddress(host);
DigitalEncryptionType det = locatorDe.getDigitalEncryption();
DEBindingStub bindingDe = (DEBindingStub) det;
UtilTrustedX.ssl_conf();

The data encryption request is performed using an EncryptRequest object, in which, it is indicated that the profile for this request is xmlenc.

EncryptRequest er = new EncryptRequest();
er.setProfile(new URI(PROF_XML_ENCRYPT));
UtilTrustedX.addUsernameToken(bindingDe, user, password);

The data to be encrypted must be included in the request. In this example, the Base64 encoded data are inserted in a Document object inside an InputDocuments object.

InputDocuments idoc = new InputDocuments();
Document doc = new Document();
doc.setBase64XML(Util.readBinaryFile(path_in + filename));
idoc.setDocument(doc);
er.setInputDocuments(idoc);

Optionally, the request can contain information about the recipients for whom the message must be encrypted. To do this, an OptionalInputs object, which contains the optional information of the request, is created. A recipient is inserted in this request. To create the recipient, we use a RecipientType object and we select the recipient’s identity using its distinguished name.

OptionalInputs opt = new OptionalInputs();
RecipientType rt = new RecipientType();
KeySelector ks = new KeySelector();
NameIdentifierType nit = new NameIdentifierType(distinguishedName);
nit.setFormat(new URI(URI_DN));
ks.setName(nit);
rt.setKeySelector(ks);

Once the recipient has been selected, it is inserted in a Recipients object, which will be included in the request using the setRecipients() method. The format, in which the data will be returned, in this case Base64, is also indicated.

Recipients r =  new Recipients();
r.setRecipient(new RecipientType[]{rt});
opt.setRecipients(r);
opt.setReturnBase64XML("");
er.setOptionalInputs(opt);

Once all the data have been entered in the request, the encrypt() operation is invoked; this operation sends the signature request to the host and collects the response in a EncryptResponse object.

EncryptResponse ers = bindingDe.encrypt(er);

Once the request has been sent, we can check if it has been processed correctly by consulting the response parameters. The functions of the UtilTrustedX auxiliary class are used for this. If all goes well, the encrypted data are retrieved and are stored in a file. In the XML Decryption example, we will see how its content is decrypted. The getBase64XMLEnvelope() method is used to obtain the encrypted data from the response. The EnvelopedObject object contains these data.

if(UtilTrustedXAxis.check(ers.getResult(), bindingDe)){
byte[] data = ers.getEnvelopedObject().getBase64XMLEnvelope().get_value();				
String destFilename = path_out + filename.substring(0, filename.lastIndexOf("."))
+ "Encrypted.xml";
Util.writeBinaryFile(destFilename, data);
}

After executing the example, we obtain a response, such as the one below, and a file with the encrypted content.

File saved successfully on: data/output/DemoEncrypted.xml

Go to discussion forum (1)