Java Toolkits

IBM XML Security Suite and the Phaos XML Toolkit are some of the JAVA Toolkits
for XML security available. The toolkits use Xerces and Xalan to parse the XML data.
The assembly of signatures is done by using their own APIs. The same is used for encrypting
the data. The Phaos sample simply used parser APIs such as
doc.getElementsByTagName(tagName) to access the element to be encrypted, as shown
in the following listing:

// Copyright © Phaos Technologies
public class XEncryptTest
{
public static void main (String[] args) throws Exception

{

... // usage, command line args...

// get the XML file and retrieve the XML Element to be encrypted

File xmlFile = new File(inputFileName);

DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

dbf.setNamespaceAware(true);

DocumentBuilder db = dbf.newDocumentBuilder();

Document doc = db.parse(xmlFile);

Element inputElement = null;

NodeList list = doc.getElementsByTagName(tagName);

if (list.getLength() != 0)

inputElement = (Element) list.item(0);

else

{

System.err.println(“XML element with tagName “ + tagName + “ unidentified.”);

System.exit(1);

}

// Create a new XEEncryptedData instance with the owner

// Document of the input xml file,the data type URI and

// the Id “ED” for this EncryptedData element.

XEEncryptedData encData = XEEncryptedData.newInstance(doc, “ED”, dataType);

... // determine encryption algorithm

// set up the EncryptionMethod child element

XEEncryptionMethod encMethod = encData.createEncryptionMethod(algURI);

encData.setEncryptionMethod(encMethod);

// set up the symmetric key to be used in encryption

SymmetricKey key = null;

File keyFile = new File(keyFileName);

... // File stuff

// set up the ds:KeyInfo child element with the keyName

XSKeyInfo keyInfo = encData.createKeyInfo( );

keyInfo.addKeyInfoData(encData.createKeyName(keyName));

encData.setKeyInfo(keyInfo);

// set a nonce value to be prepended to the plain text

byte[] nonce = new byte[16];

encData.setNonce(RandomBitsSource.getDefault().randomBytes(nonce));

// encrypt the XML element and replace it with the

// newly generated EncryptedData element

System.out.print(“Encrypting the XML data ... “);

XEEncryptedData newEncData = XML AND WEB SERVICES NOTES

XEEncryptedData.encryptAndReplace(inputElement, key, encData);

System.out.println(“done”);

// output the XML Document with the new EncryptedData element to a

// file

}

}

The Phaos toolkit was much easier to set up and run than the IBM toolkit. This piece
of makes a call to encryptAndReplace( ). This method takes the element that we’ve given
it, encrypts it by using the given key, and replaces the original element with the appropriately
tagged, encrypted element.

As a whole, it can be said that Web services security is still an emerging area and proper
handling of this portion has to be done by researchers and vendors together.