72.2. エンベロープデータ
通常、crypto-cms:encypt
エンドポイントは 1 つのルートで定義され、補完的な crypto-cms:decrypt
は別のルートで定義されることに注意してください。
次の例は、エンベロープデータメッセージを作成する方法と、エンベロープデータメッセージを復号化する方法を示しています。
Java DSL の基本的な例
import org.apache.camel.util.jsse.KeyStoreParameters; import org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo; ... KeyStoreParameters keystore = new KeyStoreParameters(); keystore.setType("JCEKS"); keystore.setResource("keystore/keystore.jceks); keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the crypto-cms:decrypt endpoint DefaultKeyTransRecipientInfo recipient1 = new DefaultKeyTransRecipientInfo(); recipient1.setCertificateAlias("rsa"); // alias of the public key used for the encryption recipient1.setKeyStoreParameters(keystore); simpleReg.put("keyStoreParameters", keystore); // register keystore in the registry simpleReg.put("recipient1", recipient1); // register recipient info in the registry from("direct:start") .to("crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128") .to("crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters") .to("mock:result");
Spring XML の基本的な例
<keyStoreParameters xmlns="http://camel.apache.org/schema/spring" id="keyStoreParameters1" resource="./keystore/keystore.jceks" password="some_password" type="JCEKS" /> <bean id="recipient1" class="org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo"> <property name="keyStoreParameters" ref="keyStoreParameters1" /> <property name="certificateAlias" value="rsa" /> </bean> ... <route> <from uri="direct:start" /> <to uri="crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128" /> <to uri="crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters1" /> <to uri="mock:result" /> </route>
Java DSL の 2 つの受信者
import org.apache.camel.util.jsse.KeyStoreParameters; import org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo; ... KeyStoreParameters keystore = new KeyStoreParameters(); keystore.setType("JCEKS"); keystore.setResource("keystore/keystore.jceks); keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the crypto-cms:decrypt endpoint DefaultKeyTransRecipientInfo recipient1 = new DefaultKeyTransRecipientInfo(); recipient1.setCertificateAlias("rsa"); // alias of the public key used for the encryption recipient1.setKeyStoreParameters(keystore); DefaultKeyTransRecipientInfo recipient2 = new DefaultKeyTransRecipientInfo(); recipient2.setCertificateAlias("dsa"); recipient2.setKeyStoreParameters(keystore); simpleReg.put("keyStoreParameters", keystore); // register keystore in the registry simpleReg.put("recipient1", recipient1); // register recipient info in the registry from("direct:start") .to("crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&recipient=#recipient2&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128") //the decryptor will automatically choose one of the two private keys depending which one is in the decryptor keystore .to("crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters") .to("mock:result");
Spring XML の 2 つの受信者
<keyStoreParameters xmlns="http://camel.apache.org/schema/spring" id="keyStoreParameters1" resource="./keystore/keystore.jceks" password="some_password" type="JCEKS" /> <bean id="recipient1" class="org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo"> <property name="keyStoreParameters" ref="keyStoreParameters1" /> <property name="certificateAlias" value="rsa" /> </bean> <bean id="recipient2" class="org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo"> <property name="keyStoreParameters" ref="keyStoreParameters1" /> <property name="certificateAlias" value="dsa" /> </bean> ... <route> <from uri="direct:start" /> <to uri="crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&recipient=#recipient2&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128" /> <!-- the decryptor will automatically choose one of the two private keys depending which one is in the decryptor keystore --> <to uri="crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters1" /> <to uri="mock:result" /> </route>