Thursday, February 19, 2009

A Camel Dataformat that facilitates symmetric key encryption/decryption of XML payloads at the Payload, XML Element and XML Element Content level

I just developed and submitted a new Dataformat for Camel that facilitates encryption and decryption of XML payloads at the Document, Element and Element Content levels (including simultaneous multi-node encryption using XPATH).

The encrytion capability is based on formats supported using the Apache XML Security (Santuario) project. Encryption/Decryption is "currently" supported using Triple-DES and AES (128, 192 and 256) encryption formats. Additional formats can be easily added later as needed. (Note: The support currently offered is for symmetric encryption. This means the same keyset is needed at both ends of the communication to encrypt/decrypt payloads).

The capability allows Camel users to encrypt/decrypt payloads while being dispatched or received along a route.

The default encrytion format if no algorithm is specified is Triple-DES.

The way it works is as follows

Example 1: Full Payload encryption/decryption 

RouteBuilder builder = new RouteBuilder() {
      public void configure() {
          from("http:www.foo.com/orders")
          .marshal().encryptXML()
          .unmarshal().encryptXML()
          .to("activemq:queue:ORDERS")

      }
};


Example 2: Partial Payload Content Only encryption/decryption 

RouteBuilder builder = new RouteBuilder() {
      public void configure() {
          String tagXPATH="//cheesesites/italy/cheese";
          boolean secureTagContent = true;
      
          from("http:www.foo.com/orders")
          .marshal().encryptXML(tagXPATH, secureTagContent)
          .unmarshal().encryptXML(tagXPATH, secureTagContent)
          .to("activemq:queue:ORDERS")
      }
};


Example 3: Partial Multi Node Payload Content Only encryption/decryption

RouteBuilder builder = new RouteBuilder() {
      public void configure() {
          String tagXPATH = "//cheesesites/*/cheese";
          boolean secureTagContent = true;
          
          from("http:www.foo.com/orders")
          .marshal().encryptXML(tagXPATH, secureTagContent)
          .unmarshal().encryptXML(tagXPATH, secureTagContent)
          .to("activemq:queue:ORDERS")
      }
};


Example 4: Partial Payload Content Only encryption/decryption using passPhrase(password)

RouteBuilder builder = new RouteBuilder() {
      public void configure() {
          String tagXPATH = "//cheesesites/*/cheese";
          boolean secureTagContent = true;
          byte[] passPhrase = "Just another 24 Byte key".getBytes();
      
          from("http:www.foo.com/orders")
          .marshal().encryptXML(tagXPATH, secureTagContent, passPhrase)
          .unmarshal()
          .encryptXML(tagXPATH, secureTagContent, passPhrase)
          .to("activemq:queue:ORDERS")
      }
};


Example 5: Payload encryption/decryption using passPhrase with passPhrase Algorithm

RouteBuilder builder = new RouteBuilder() {
      public void configure() {
          String tagXPATH = "//cheesesites/*/cheese";
          boolean secureTagContent = true;
          byte[] passPhrase = "Just another 24 Byte key".getBytes();
          String algorithm= XMLCipher.TRIPLEDES;
      
          from("http:www.foo.com/orders")
          .marshal().encryptXML(tagXPATH , secureTagContent, passPhrase, algorithm)
          .unmarshal().encryptXML(tagXPATH, secureTagContent, passPhrase, algorithm)
          .to("activemq:queue:ORDERS")
      }
};


The other choices for algorithm are

--> XMLCipher.AES_128
--> XMLCipher.AES_192 and
--> XMLCipher.AES_256

For more details on the submission check out the following

https://issues.apache.org/activemq/browse/CAMEL-1360
Posted by at No comments:
Subscribe to: Posts (Atom)