75.3. Enveloped Data
请注意,一个 crypto-cms:encypt
端点通常在一个路由中定义,而免费的 crypto-cms:decrypt
则在另一个路由中定义,尽管在另一个示例后显示它们的示例。
以下示例演示了如何创建 Enveloped Data 消息,以及如何解密 Enveloped Data 消息。
Java DSL 中的基本示例
import org.apache.camel.util.jsse.KeyStoreParameters; import org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo; ... KeyStoreParameters keystore = new KeyStoreParameters(); keystore.setType("JCEKS"); keystore.setResource("keystore/keystore.jceks); keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the crypto-cms:decrypt endpoint DefaultKeyTransRecipientInfo recipient1 = new DefaultKeyTransRecipientInfo(); recipient1.setCertificateAlias("rsa"); // alias of the public key used for the encryption recipient1.setKeyStoreParameters(keystore); simpleReg.put("keyStoreParameters", keystore); // register keystore in the registry simpleReg.put("recipient1", recipient1); // register recipient info in the registry from("direct:start") .to("crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128") .to("crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters") .to("mock:result");
Spring XML 中的基本示例
<keyStoreParameters xmlns="http://camel.apache.org/schema/spring" id="keyStoreParameters1" resource="./keystore/keystore.jceks" password="some_password" type="JCEKS" /> <bean id="recipient1" class="org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo"> <property name="keyStoreParameters" ref="keyStoreParameters1" /> <property name="certificateAlias" value="rsa" /> </bean> ... <route> <from uri="direct:start" /> <to uri="crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128" /> <to uri="crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters1" /> <to uri="mock:result" /> </route>
Java DSL 中的两个接收者
import org.apache.camel.util.jsse.KeyStoreParameters; import org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo; ... KeyStoreParameters keystore = new KeyStoreParameters(); keystore.setType("JCEKS"); keystore.setResource("keystore/keystore.jceks); keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the crypto-cms:decrypt endpoint DefaultKeyTransRecipientInfo recipient1 = new DefaultKeyTransRecipientInfo(); recipient1.setCertificateAlias("rsa"); // alias of the public key used for the encryption recipient1.setKeyStoreParameters(keystore); DefaultKeyTransRecipientInfo recipient2 = new DefaultKeyTransRecipientInfo(); recipient2.setCertificateAlias("dsa"); recipient2.setKeyStoreParameters(keystore); simpleReg.put("keyStoreParameters", keystore); // register keystore in the registry simpleReg.put("recipient1", recipient1); // register recipient info in the registry from("direct:start") .to("crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&recipient=#recipient2&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128") //the decryptor will automatically choose one of the two private keys depending which one is in the decryptor keystore .to("crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters") .to("mock:result");
Spring XML 中的两个接收者
<keyStoreParameters xmlns="http://camel.apache.org/schema/spring" id="keyStoreParameters1" resource="./keystore/keystore.jceks" password="some_password" type="JCEKS" /> <bean id="recipient1" class="org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo"> <property name="keyStoreParameters" ref="keyStoreParameters1" /> <property name="certificateAlias" value="rsa" /> </bean> <bean id="recipient2" class="org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo"> <property name="keyStoreParameters" ref="keyStoreParameters1" /> <property name="certificateAlias" value="dsa" /> </bean> ... <route> <from uri="direct:start" /> <to uri="crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&recipient=#recipient2&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128" /> <!-- the decryptor will automatically choose one of the two private keys depending which one is in the decryptor keystore --> <to uri="crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters1" /> <to uri="mock:result" /> </route>