Author: coheigea
Date: Wed Jul 3 10:19:35 2013
New Revision: 1499307
URL: http://svn.apache.org/r1499307
Log:
Adding support for optional signature/encryption parts
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSEncryptionPart.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?rev=1499307&r1=1499306&r2=1499307&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
(original)
+++
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
Wed Jul 3 10:19:35 2013
@@ -604,6 +604,18 @@ public final class ConfigurationConstant
public static final String SIGNATURE_PARTS = "signatureParts";
/**
+ * Parameter to define which parts of the request shall be signed, if they
+ * exist in the request. If they do not, then no error is thrown. This
contrasts
+ * with the SIGNATURE_PARTS Identifier, which specifies elements that must
be
+ * signed in the request.
+ * <p/>
+ * Refer to {@link #ENCRYPTION_PARTS} for a detailed description of
+ * the format of the value string.
+ * <p/>
+ */
+ public static final String OPTIONAL_SIGNATURE_PARTS =
"optionalSignatureParts";
+
+ /**
* This parameter sets the number of iterations to use when deriving a key
* from a Username Token. The default is 1000.
*/
@@ -703,6 +715,18 @@ public final class ConfigurationConstant
public static final String ENCRYPTION_PARTS = "encryptionParts";
/**
+ * Parameter to define which parts of the request shall be encrypted, if
they
+ * exist in the request. If they do not, then no error is thrown. This
contrasts
+ * with the ENCRYPTION_PARTS Identifier, which specifies elements that
must be
+ * encrypted in the request.
+ * <p/>
+ * Refer to {@link #ENCRYPTION_PARTS} for a detailed description of
+ * the format of the value string.
+ * <p/>
+ */
+ public static final String OPTIONAL_ENCRYPTION_PARTS =
"optionalEncryptionParts";
+
+ /**
* Defines which encryption digest algorithm to use with the RSA OAEP Key
Transport
* algorithm for encryption. The default is SHA-1.
* <p/>
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSEncryptionPart.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSEncryptionPart.java?rev=1499307&r1=1499306&r2=1499307&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSEncryptionPart.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSEncryptionPart.java
Wed Jul 3 10:19:35 2013
@@ -30,6 +30,7 @@ public class WSEncryptionPart {
private String encId;
private String id;
private Element element;
+ private boolean required = true;
/**
* An xpath expression pointing to the data element
@@ -177,5 +178,13 @@ public class WSEncryptionPart {
public Element getElement() {
return element;
}
+
+ public boolean isRequired() {
+ return required;
+ }
+
+ public void setRequired(boolean required) {
+ this.required = required;
+ }
}
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1499307&r1=1499306&r2=1499307&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
Wed Jul 3 10:19:35 2013
@@ -528,7 +528,11 @@ public abstract class WSHandler {
String parts = getString(WSHandlerConstants.SIGNATURE_PARTS, mc);
if (parts != null) {
- splitEncParts(parts, reqData.getSignatureParts(), reqData);
+ splitEncParts(true, parts, reqData.getSignatureParts(), reqData);
+ }
+ parts = getString(WSHandlerConstants.OPTIONAL_SIGNATURE_PARTS, mc);
+ if (parts != null) {
+ splitEncParts(false, parts, reqData.getSignatureParts(), reqData);
}
boolean useSingleCert = decodeUseSingleCertificate(reqData);
@@ -637,7 +641,11 @@ public abstract class WSHandler {
String encParts = getString(WSHandlerConstants.ENCRYPTION_PARTS, mc);
if (encParts != null) {
- splitEncParts(encParts, reqData.getEncryptParts(), reqData);
+ splitEncParts(true, encParts, reqData.getEncryptParts(), reqData);
+ }
+ encParts = getString(WSHandlerConstants.OPTIONAL_ENCRYPTION_PARTS, mc);
+ if (encParts != null) {
+ splitEncParts(false, encParts, reqData.getEncryptParts(), reqData);
}
}
@@ -1146,7 +1154,8 @@ public abstract class WSHandler {
return new WSPasswordCallback(username, reason);
}
- private void splitEncParts(String tmpS, List<WSEncryptionPart> parts,
RequestData reqData)
+ private void splitEncParts(boolean required, String tmpS,
+ List<WSEncryptionPart> parts, RequestData
reqData)
throws WSSecurityException {
WSEncryptionPart encPart = null;
String[] rawParts = StringUtil.split(tmpS, ';');
@@ -1189,6 +1198,7 @@ public abstract class WSHandler {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"empty", "WSHandler: wrong part definition: " + tmpS);
}
+ encPart.setRequired(required);
parts.add(encPart);
}
}
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java?rev=1499307&r1=1499306&r2=1499307&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
Wed Jul 3 10:19:35 2013
@@ -606,6 +606,19 @@ public final class WSHandlerConstants {
public static final String SIGNATURE_PARTS =
ConfigurationConstants.SIGNATURE_PARTS;
/**
+ * Parameter to define which parts of the request shall be signed, if they
+ * exist in the request. If they do not, then no error is thrown. This
contrasts
+ * with the SIGNATURE_PARTS Identifier, which specifies elements that must
be
+ * signed in the request.
+ * <p/>
+ * Refer to {@link #ENCRYPTION_PARTS} for a detailed description of
+ * the format of the value string.
+ * <p/>
+ */
+ public static final String OPTIONAL_SIGNATURE_PARTS =
+ ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS;
+
+ /**
* This parameter sets the number of iterations to use when deriving a key
* from a Username Token. The default is 1000.
*/
@@ -705,6 +718,19 @@ public final class WSHandlerConstants {
public static final String ENCRYPTION_PARTS =
ConfigurationConstants.ENCRYPTION_PARTS;
/**
+ * Parameter to define which parts of the request shall be encrypted, if
they
+ * exist in the request. If they do not, then no error is thrown. This
contrasts
+ * with the ENCRYPTION_PARTS Identifier, which specifies elements that
must be
+ * encrypted in the request.
+ * <p/>
+ * Refer to {@link #ENCRYPTION_PARTS} for a detailed description of
+ * the format of the value string.
+ * <p/>
+ */
+ public static final String OPTIONAL_ENCRYPTION_PARTS =
+ ConfigurationConstants.OPTIONAL_ENCRYPTION_PARTS;
+
+ /**
* Defines which encryption digest algorithm to use with the RSA OAEP Key
Transport
* algorithm for encryption. The default is SHA-1.
* <p/>
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1499307&r1=1499306&r2=1499307&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
Wed Jul 3 10:19:35 2013
@@ -381,6 +381,9 @@ public class WSSecEncrypt extends WSSecE
List<Element> elementsToEncrypt =
WSSecurityUtil.findElements(encPart, callbackLookup, doc);
if (elementsToEncrypt == null || elementsToEncrypt.size() == 0) {
+ if (!encPart.isRequired()) {
+ continue;
+ }
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILURE,
"noEncElement",
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java?rev=1499307&r1=1499306&r2=1499307&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java
Wed Jul 3 10:19:35 2013
@@ -135,6 +135,8 @@ public class WSSecSignatureBase extends
}
if (element != null) {
wsDocInfo.addTokenElement(element, false);
+ } else if (!encPart.isRequired()) {
+ continue;
}
javax.xml.crypto.dsig.Reference reference =
signatureFactory.newReference(
@@ -158,6 +160,9 @@ public class WSSecSignatureBase extends
WSSecurityUtil.findElements(encPart,
callbackLookup, doc);
}
if (elementsToSign == null || elementsToSign.size() == 0) {
+ if (!encPart.isRequired()) {
+ continue;
+ }
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILURE,
"noEncElement",
Modified:
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java?rev=1499307&r1=1499306&r2=1499307&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
Wed Jul 3 10:19:35 2013
@@ -146,6 +146,119 @@ public class EncryptionPartsTest extends
assertEquals(WSConstants.AES_128, wsDataRef.getAlgorithm());
}
+ @org.junit.Test
+ public void testOptionalSOAPHeaderPresent() throws Exception {
+ WSSecEncrypt encrypt = new WSSecEncrypt();
+ encrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e",
"security");
+ encrypt.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
+ WSEncryptionPart encP =
+ new WSEncryptionPart(
+ "foobar",
+ "urn:foo.bar",
+ "");
+ encP.setRequired(false);
+ parts.add(encP);
+ String soapNamespace =
WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
+ encP =
+ new WSEncryptionPart(
+ WSConstants.ELEM_BODY,
+ soapNamespace,
+ "Content"
+ );
+ parts.add(encP);
+ encrypt.setParts(parts);
+
+ Document encryptedDoc = encrypt.build(doc, crypto, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(encryptedDoc);
+ LOG.debug(outputString);
+ }
+
+ verify(encryptedDoc);
+ }
+
+ @org.junit.Test
+ public void testOptionalSOAPHeaderNotPresent() throws Exception {
+ WSSecEncrypt encrypt = new WSSecEncrypt();
+ encrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e",
"security");
+ encrypt.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
+ WSEncryptionPart encP =
+ new WSEncryptionPart(
+ "foobar",
+ "urn:foo.bar",
+ "");
+ encP.setRequired(false);
+ parts.add(encP);
+ String soapNamespace =
WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
+ encP =
+ new WSEncryptionPart(
+ WSConstants.ELEM_BODY,
+ soapNamespace,
+ "Content"
+ );
+ parts.add(encP);
+ encrypt.setParts(parts);
+
+ Document encryptedDoc = encrypt.build(doc, crypto, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(encryptedDoc);
+ LOG.debug(outputString);
+ }
+
+ verify(encryptedDoc);
+ }
+
+ @org.junit.Test
+ public void testRequiredSOAPHeaderNotPresent() throws Exception {
+ WSSecEncrypt encrypt = new WSSecEncrypt();
+ encrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e",
"security");
+ encrypt.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
+ WSEncryptionPart encP =
+ new WSEncryptionPart(
+ "foobar",
+ "urn:foo.bar",
+ "");
+ parts.add(encP);
+ String soapNamespace =
WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
+ encP =
+ new WSEncryptionPart(
+ WSConstants.ELEM_BODY,
+ soapNamespace,
+ "Content"
+ );
+ parts.add(encP);
+ encrypt.setParts(parts);
+
+ try {
+ encrypt.build(doc, crypto, secHeader);
+ fail("Failure expected on not encrypting a required element");
+ } catch (WSSecurityException ex) {
+ // expected
+ }
+ }
+
/**
* Test encrypting a custom SOAP header using wsse11:EncryptedHeader
Modified:
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java?rev=1499307&r1=1499306&r2=1499307&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
Wed Jul 3 10:19:35 2013
@@ -162,6 +162,122 @@ public class SignaturePartsTest extends
assertTrue(WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(transformAlgorithms.get(0)));
}
+ @org.junit.Test
+ public void testOptionalSOAPHeaderPresent() throws Exception {
+ WSSecSignature sign = new WSSecSignature();
+ sign.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+ sign.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
+ WSEncryptionPart encP =
+ new WSEncryptionPart(
+ "foobar",
+ "urn:foo.bar",
+ "");
+ encP.setRequired(false);
+ parts.add(encP);
+ String soapNamespace =
WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
+ encP =
+ new WSEncryptionPart(
+ WSConstants.ELEM_BODY,
+ soapNamespace,
+ "Content"
+ );
+ parts.add(encP);
+ sign.setParts(parts);
+
+ Document signedDoc = sign.build(doc, crypto, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+
+ verify(signedDoc);
+ }
+
+ @org.junit.Test
+ public void testOptionalSOAPHeaderNotPresent() throws Exception {
+ WSSecSignature sign = new WSSecSignature();
+ sign.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+ sign.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
+ WSEncryptionPart encP =
+ new WSEncryptionPart(
+ "foobar",
+ "urn:foo.bar",
+ "");
+ encP.setRequired(false);
+ parts.add(encP);
+ String soapNamespace =
WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
+ encP =
+ new WSEncryptionPart(
+ WSConstants.ELEM_BODY,
+ soapNamespace,
+ "Content"
+ );
+ parts.add(encP);
+ sign.setParts(parts);
+
+ Document signedDoc = sign.build(doc, crypto, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+
+ verify(signedDoc);
+ }
+
+ @org.junit.Test
+ public void testRequiredSOAPHeaderNotPresent() throws Exception {
+ WSSecSignature sign = new WSSecSignature();
+ sign.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+ sign.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
+ WSEncryptionPart encP =
+ new WSEncryptionPart(
+ "foobar",
+ "urn:foo.bar",
+ "");
+ parts.add(encP);
+ String soapNamespace =
WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
+ encP =
+ new WSEncryptionPart(
+ WSConstants.ELEM_BODY,
+ soapNamespace,
+ "Content"
+ );
+ parts.add(encP);
+ sign.setParts(parts);
+
+ try {
+ sign.build(doc, crypto, secHeader);
+ fail("Failure expected on not signing a required element");
+ } catch (WSSecurityException ex) {
+ // expected
+ }
+ }
+
/**
* Test signing of a header through a STR Dereference Transform
*/
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1499307&r1=1499306&r2=1499307&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
Wed Jul 3 10:19:35 2013
@@ -462,6 +462,16 @@ public final class ConfigurationConverte
}
}
+ sigParts = getString(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS,
config);
+ if (sigParts != null) {
+ List<SecurePart> parts = new ArrayList<SecurePart>();
+ splitEncParts(sigParts, parts, WSSConstants.NS_SOAP11);
+ for (SecurePart part : parts) {
+ part.setRequired(false);
+ properties.addSignaturePart(part);
+ }
+ }
+
String iterations =
getString(ConfigurationConstants.DERIVED_KEY_ITERATIONS, config);
if (iterations != null) {
int iIterations = Integer.parseInt(iterations);
@@ -484,6 +494,16 @@ public final class ConfigurationConverte
}
}
+ encParts = getString(ConfigurationConstants.OPTIONAL_ENCRYPTION_PARTS,
config);
+ if (encParts != null) {
+ List<SecurePart> parts = new ArrayList<SecurePart>();
+ splitEncParts(encParts, parts, WSSConstants.NS_SOAP11);
+ for (SecurePart part : parts) {
+ part.setRequired(false);
+ properties.addEncryptionPart(part);
+ }
+ }
+
String encSymcAlgo = getString(ConfigurationConstants.ENC_SYM_ALGO,
config);
properties.setEncryptionSymAlgorithm(encSymcAlgo);
