Examples of javax.crypto.SealedObject

• javax.crypto.SealedObject
  A {@code SealedObject} is a wrapper around a {@code serializable} objectinstance and encrypts it using a cryptographic cipher.

  Since a {@code SealedObject} instance is a serializable object itself it caneither be stored or transmitted over an insecure channel.

  The wrapped object can later be decrypted (unsealed) using the corresponding key and then be deserialized to retrieve the original object.The sealed object itself keeps track of the cipher and corresponding parameters.

        kpg.init(112);
        final SecretKey secretKey = kpg.generateKey();
        final Cipher cipher = Cipher.getInstance("TripleDES");
        cipher.init(Cipher.ENCRYPT_MODE, secretKey);

        return new SealedObject(ser, cipher);
    }

    }

    public HashMap<String, Object> mapSecurityContextFromEsbMessageToJBpmMap(final Message message)
    {
        final HashMap<String, Object> map = new HashMap<String, Object>();
        final SealedObject sealedObject = (SealedObject) message.getContext().getContext(SecurityService.CONTEXT);
        if (sealedObject !=null)
        {
            map.put(Constants.SECURITY_CONTEXT, sealedObject);
        }
        return map;

    private ConfigTree configTree;

    @Test
    public void verifyThatSecurityContextWasAddedToMesssageContext() throws ConfigurationException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, IOException
    {
        final SealedObject securityContext = createSealedObject("dummy string");
        SecurityContext.setSecurityContext(securityContext);
        bpmProcessor.addSecurityContext(message);

        assertNotNull(message.getContext().getContext(SecurityService.CONTEXT));
        assertEquals(securityContext, message.getContext().getContext(SecurityService.CONTEXT));

        kpg.init(112);
        final SecretKey secretKey = kpg.generateKey();
        final Cipher cipher = Cipher.getInstance("TripleDES");
        cipher.init(Cipher.ENCRYPT_MODE, secretKey);

        return new SealedObject(ser, cipher);
    }

    @Test
    public void sealObject() throws SecurityServiceException, IllegalBlockSizeException, IOException
    {
        final String object = getLongString(5000);

        final SealedObject sealedObject = PrivateCryptoUtil.INSTANCE.sealObject(object);
        assertNotNull(sealedObject);

        final Serializable plainObject = PrivateCryptoUtil.INSTANCE.unSealObject(sealedObject);
        assertEquals(object, plainObject);
    }

        boolean timeout = false ;

        /*
         * Re-attach encrypted SecurityContext to outgoing message.
         */
        final SealedObject sealedObject = SecurityContext.getSecurityContext();
        if (sealedObject != null)
        {
            message.getContext().setContext(SecurityService.CONTEXT, sealedObject);
        }
        /*

        subject.getPrincipals().add(user);
        subject.getPublicCredentials().add(publicCred);

        //  Create and encrypt the security context. This simulates a call for a service that has already been authentcated.
        final SecurityContext securityContext = new SecurityContext(subject, SecurityContext.getConfigurationTimeout(), DOMAIN);
        final SealedObject sealedObject = SecurityContext.encryptContext(securityContext);
        final Message message = MessageFactory.getInstance().getMessage();
        message.getContext().setContext(SecurityService.CONTEXT, sealedObject);

        final boolean processingResult = pipeline.process(message);
        assertTrue(processingResult);

        //  that has already been authentcated...but with a very short timeout.
        final SecurityContext securityContext = new SecurityContext(subject, 10, DOMAIN);

        TimeUnit.SECONDS.sleep(1);

        final SealedObject sealedObject = SecurityContext.encryptContext(securityContext);
        final Message message = MessageFactory.getInstance().getMessage();
        message.getContext().setContext(SecurityService.CONTEXT, sealedObject);

        final boolean processingResult = pipeline.process(message);
        assertFalse("Processing should have failed as the SecurityContext was invalid(expired)", processingResult);

        subject.getPrincipals().add(user);
        final byte[] publicCred = "publicsecret".getBytes();
        subject.getPublicCredentials().add(publicCred);

        final SecurityContext securityContext = new SecurityContext(subject, SecurityContext.getConfigurationTimeout(), DOMAIN);
        final SealedObject sealedObject = SecurityContext.encryptContext(securityContext);
        final Message message = MessageFactory.getInstance().getMessage();
        message.getContext().setContext(SecurityService.CONTEXT, sealedObject);

        final boolean processingResult = pipeline.process(message);
        assertFalse("Processing should have failed as the caller was not in any of the allowed roles", processingResult);

        //  Create and encrypt the security context. This simulates a call for a service
        //  that has already been authenticated...but with a very long timeout.
        final SecurityContext securityContext = new SecurityContext(subject, 1000 * 60 * 60 * 24 * 7, DIFF_DOMAIN);

        final SealedObject sealedObject = SecurityContext.encryptContext(securityContext);
        final Message message = MessageFactory.getInstance().getMessage();
        message.getContext().setContext(SecurityService.CONTEXT, sealedObject);

        final boolean processingResult = pipeline.process(message);
        assertFalse("Processing should have failed as the SecurityContext was for a different domain", processingResult);