Versions Compared

Old Version 6

changes.mady.by.user Ashwin J. Karpe

Saved on

compared with

New Version 7

changes.mady.by.user Ashwin J. Karpe

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The XMLSecurity DataFormat facilitates encryption and decryption of XML payloads at the Document, Element and Element Content levels (including simultaneous multi-node encryption/decryption using XPATH).

The encrytion capability is based on formats supported using the Apache XML Security (Santaurio) project. Encryption/Decryption is "currently" supported using Triple-DES and AES (128, 192 and 256) encryption formats. Additional formats can be easily added later as needed.  (Note: The support currently offered is for symmetric encryption. This means the same keyset is needed at both ends of the communication to encrypt/decrypt payloads).

The capability allows Camel users to encrypt/decrypt payloads while being dispatched or received along a route. 

Options

Option

Default

Description

secureTag

null

The XPATH reference to the XML Element selected for encryption/decryption.
If no tag is specified, the entire payload is encrypted/decrypted. 

secureTagContents

false

A boolean value to specify whether the XML Element is to be encrypted or the contents of the XML Element.   
          - false --> Element Level 
          - true  --> Element Content Level 

passPhrase

null

A byte array that is used as passPhrase to encrypt/decrypt content. The passPhrase has to be
If no passPhrase is specified, a default passPhrase is utilized. The passPhrase needs to be put together in conjunction
with the appropriate encryption algorithm
          - TRIPLEDES (example: "Only another 24 Byte key".getBytes()           

xmlCipherAlgorithm

null

The cipher algorithm to be used for encryption/decryption.
The available choices are. 
          - XMLCipher.TRIPLEDES 
          - XMLCipher.AES_128
          - XMLCipher.AES_192
          - XMLCipher.AES_256

If xmlCipherAlgorithm is not explicitly specified the compressionLevel employed is XMLCipher.TRIPLEDES

Marshal

In order to encrypt the payload, the marshal processor needs to be applied on the route followed by the encryptXML() tag.

Unmarshal

In order to decrypt the payload, the unmarshal processor needs to be applied on the route followed by the encryptXML() tag.

Examples  

Given below are several examples of how marshalling could be performaed at the Document, Element and Content levels.

  • Full Payload encryption/decryption

                  from("direct:start").
                               marshal().encryptXML().
                               unmarshal().encryptXML(). 
                  to("direct:end");

  • Partial Payload Content Only encryption/decryption

                   String tagXPATH = "//cheesesites/italy/cheese";
                   boolean secureTagContent = true; 
                   from("direct:start").
                               marshal().encryptXML(tagXPATH , secureTagContent ).
                               unmarshal().encryptXML(tagXPATH , secureTagContent). 
                   to("direct:end");

  • Partial Multi Node Payload Content Only encryption/decryption

                   String tagXPATH = "//cheesesites/*/cheese";
                   boolean secureTagContent = true; 
                   from("direct:start").
                               marshal().encryptXML(tagXPATH , secureTagContent ).
                               unmarshal().encryptXML(tagXPATH , secureTagContent). 
                   to("direct:end");

  • Partial Payload Content Only encryption/decryption with choice of passPhrase(password)

Wiki Markup
 

...

         

...

 

...

 

...

       

...

String tagXPATH = "//cheesesites/italy/cheese";
 

...

 

...

    

...

...

 

...

 

...

...

 

...

  

...

...

 

...

...

 

...

boolean

...

secureTagContent

...

= true;
 

...

...

                 

...

byte\[\] passPhrase = "Just another 24 Byte key".getBytes()

...

;
   

...

                from("direct:start").
 

...

 

...

        

...

                   marshal().encryptXML(tagXPATH , secureTagContent , passPhrase).
                               unmarshal().encryptXML(tagXPATH , secureTagContent, passPhrase).
                     to("direct:end"); 

  • Partial Payload Content Only encryption/decryption with passPhrase(password) and Algorithm 

Wiki Markup
           

...

     

...

   import org.apache.xml.security.encryption.XMLCipher;
                    ....
                   String tagXPATH = "//cheesesites/italy/cheese";
                   boolean secureTagContent = true;
                   byte\[\] passPhrase = "Just another 24 Byte key".getBytes();
                   String algorithm= XMLCipher.TRIPLEDES;
                    from("direct:start").
                               marshal().encryptXML(tagXPATH , secureTagContent , passPhrase, algorithm).
                               unmarshal().encryptXML(tagXPATH , secureTagContent, passPhrase, algorithm).
                     to("direct:end"); 

Dependencies

This data format is provided in camel-core so no additional dependencies is needed.