Thursday, February 19, 2009

A Camel Dataformat that facilitates symmetric key encryption/decryption of XML payloads at the Payload, XML Element and XML Element Content level

I just developed and submitted a new Dataformat for Camel that facilitates encryption and decryption of XML payloads at the Document, Element and Element Content levels (including simultaneous multi-node encryption using XPATH).

The encrytion capability is based on formats supported using the Apache XML Security (Santuario) project. Encryption/Decryption is "currently" supported using Triple-DES and AES (128, 192 and 256) encryption formats. Additional formats can be easily added later as needed. (Note: The support currently offered is for symmetric encryption. This means the same keyset is needed at both ends of the communication to encrypt/decrypt payloads).

The capability allows Camel users to encrypt/decrypt payloads while being dispatched or received along a route.

The default encrytion format if no algorithm is specified is Triple-DES.

The way it works is as follows

Example 1: Full Payload encryption/decryption

RouteBuilder builder = new RouteBuilder() {
public void configure() {
from("http:www.foo.com/orders")
.marshal().encryptXML()
.unmarshal().encryptXML()
.to("activemq:queue:ORDERS")

}
};


Example 2: Partial Payload Content Only encryption/decryption

RouteBuilder builder = new RouteBuilder() {
public void configure() {
String tagXPATH="//cheesesites/italy/cheese";
boolean secureTagContent = true;

from("http:www.foo.com/orders")
.marshal().encryptXML(tagXPATH, secureTagContent)
.unmarshal().encryptXML(tagXPATH, secureTagContent)
.to("activemq:queue:ORDERS")
}
};


Example 3: Partial Multi Node Payload Content Only encryption/decryption

RouteBuilder builder = new RouteBuilder() {
public void configure() {
String tagXPATH = "//cheesesites/*/cheese";
boolean secureTagContent = true;

from("http:www.foo.com/orders")
.marshal().encryptXML(tagXPATH, secureTagContent)
.unmarshal().encryptXML(tagXPATH, secureTagContent)
.to("activemq:queue:ORDERS")
}
};


Example 4: Partial Payload Content Only encryption/decryption using passPhrase(password)

RouteBuilder builder = new RouteBuilder() {
public void configure() {
String tagXPATH = "//cheesesites/*/cheese";
boolean secureTagContent = true;
byte[] passPhrase = "Just another 24 Byte key".getBytes();

from("http:www.foo.com/orders")
.marshal().encryptXML(tagXPATH, secureTagContent, passPhrase)
.unmarshal()
.encryptXML(tagXPATH, secureTagContent, passPhrase)
.to("activemq:queue:ORDERS")
}
};


Example 5: Payload encryption/decryption using passPhrase with passPhrase Algorithm

RouteBuilder builder = new RouteBuilder() {
public void configure() {
String tagXPATH = "//cheesesites/*/cheese";
boolean secureTagContent = true;
byte[] passPhrase = "Just another 24 Byte key".getBytes();
String algorithm= XMLCipher.TRIPLEDES;

from("http:www.foo.com/orders")
.marshal().encryptXML(tagXPATH , secureTagContent, passPhrase, algorithm)
.unmarshal().encryptXML(tagXPATH, secureTagContent, passPhrase, algorithm)
.to("activemq:queue:ORDERS")
}
};


The other choices for algorithm are

--> XMLCipher.AES_128
--> XMLCipher.AES_192 and
--> XMLCipher.AES_256

For more details on the submission check out the following

https://issues.apache.org/activemq/browse/CAMEL-1360

No comments: