Skip to main content
Skip table of contents

cryptstore:// URL Protocol

The cryptstore:// URL protocol allows you to access encrypted repository documents from within XSL mappings during process runtime, and decrypt these documents in the same step.

The document can be retrieved from an XSL mapping using the document() function, which allows direct access to the decrypted document.

Using a cryptstore implementation

The X4 Server allows to encrypt and decrypt repository elements using the cryptstore:// URL protocol. The byte stream will be passed through a customer-specific Java class in order to be read, decrypted and outputted. This customer-specific class must be derived from InputStream and must have a constructor that accepts an InputStream as only parameter.

It is recommended to derive the class from javax.crypto.CipherInputStream, and to parameterize the object in the constructor. The finished class must be provided as Java archive (.jar) within the folder <WildFly>\modules\de\softproject\x4\client\main.

Additionally a child element  <resource-root path="<Name des Java-Archivs>.jar"/>  must be added within the element  <resources> of the file module.xml (under <WildFly>\modules\de\softproject\x4\client\main).

Moreover, the classname must be specified as fully qualified classname in the configuration file <X4>/X4config.xml within an element <cryptstoreStreamHandlerClass/>. This element must be an immediately following sibling of the <xstore/> element. 

URL structure

The URL must follow the pattern:

HTML/XML 
cryptstore://RepositoryPath/EncrypedFile

An XSL mapping using this URL protocol cannot be executed in the transformation preview oft the Mapping Editor.

Example

In the following example, an XSL mapping retrieves an encrypted XML document from the repository using the document() function and buffers it in an XSL variable externalFile. Its nodes can be selected via XPath without limitation.

HTML/XML 
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
   <xsl:output encoding="UTF-8" method="xml" version="1.0"/>
   <xsl:template match="/">
      <result>
         <xsl:variable select="document('cryptstore://Project/Folder/Data.xml')" name="externalFile"/>
         <xsl:value-of select="$externalFile/child::ElemName"/>
      </result>
   </xsl:template>
</xsl:stylesheet>

Example for a possible implementation

JAVA 
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
public class TestCrypt extends CipherInputStream {
    public TestCrypt(InputStream stream) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
        super(stream,createCipher());
    }
    private static Cipher createCipher() throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
        // Ciphers must NOT be cached!!
        Cipher cipher = Cipher.getInstance( "AES" );
        Key key = new SecretKeySpec( readKeyBytes(), "AES" );
        cipher.init( Cipher.DECRYPT_MODE, key );
        return cipher;
    }
    private static byte[] readKeyBytes() {
        // read your Key from where ever it is needed
        // the keyData may be cached
        byte[] keyData;
        return keyData;
    }
}

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close