be.ehealth.technicalconnector.service.kgss
Interface KgssService

All Known Implementing Classes:
KgssServiceImpl

public interface KgssService

The eHealth-platform Key Generation and Storage Service (KGSS) provides a web service interface to create a new key using the getNewKey operation and to retrieve an existing key using the getKey operation. The services provided via this technical connector allow the invocation of both operations based on a specific set of input criteria. For security reasons is the business payload of the information exchanged with the KGSS encrypted suing the eHealth-platform End-to-End Encryption approach for addressed messages. In contradiction to the other technical services provided as part of his technical API encapsulates this service the actual encryption and decryption of the business message payload. Default impl : KgssServiceImpl


Method Summary
 KeyResult getKey(GetKeyRequestContent request, byte[] kgssETK, SessionItem session)
          Gets the key.
 GetKeyResponseContent getKey(GetKeyRequestContent request, Credential encryption, Credential serviceCredential, Element samlAssertion, Map<String,PrivateKey> decryptionKeys, byte[] etk)
          Ask the eHealth-platform Key Generation and Storage Service (KGSS) to retrieve a key, based on a given key identifier.
 KeyResult getNewKey(GetNewKeyRequestContent request, byte[] kgssETK)
          Asks KGSS to generate and store a new key.
 GetNewKeyResponseContent getNewKey(GetNewKeyRequestContent request, Credential encryptionCredential, Map<String,PrivateKey> decryptionKeys, byte[] kgssETK)
          Ask the eHealth-platform Key Generation and Storage Service (KGSS) to generate and store a new key, and return the identifier.
 

Method Detail

getNewKey

KeyResult getNewKey(GetNewKeyRequestContent request,
                    byte[] kgssETK)
                    throws TechnicalConnectorException
Asks KGSS to generate and store a new key. It returns the Key with the Key Identifier

Parameters:
request - the request
kgssETK - the kgss etk
Returns:
the new key
Throws:
TechnicalConnectorException - the technical connector exception

getKey

KeyResult getKey(GetKeyRequestContent request,
                 byte[] kgssETK,
                 SessionItem session)
                 throws TechnicalConnectorException
Gets the key.

Parameters:
request - the request
kgssETK - the kgss etk
session - the session
Returns:
the key
Throws:
TechnicalConnectorException - the technical connector exception

getNewKey

GetNewKeyResponseContent getNewKey(GetNewKeyRequestContent request,
                                   Credential encryptionCredential,
                                   Map<String,PrivateKey> decryptionKeys,
                                   byte[] kgssETK)
                                   throws TechnicalConnectorException
Ask the eHealth-platform Key Generation and Storage Service (KGSS) to generate and store a new key, and return the identifier. The following sequential steps are executed as part of this operation: 1. Encryption of the business message (GetNewKeyRequest) using the ETEE approach for addressed messages using the provided KGSS ETK. 2. Invocation of the getNewKey web service operation. 3. Decryption of the business message (GetNewKeyResponse) using the ETEE approach for addressed messages using the provided ETK of the invoking application/organization (included within GetNewKeyRequest). 4. Return decrypted GetNewKeyResponse.

Parameters:
request - Business content to request a new key.
encryptionCredential - The credential to use for sealing the message contents, the certificate is used to seal the request, the private key is embedded in the request
decryptionKeys - The decrypion keys available for decrypting the received message from KGSS, you can use the ETEE tool to retrieve the decryption keys from your KeyStore
kgssETK - ETK of the KGSS as retrieved via the Key Depot getETK operation
Returns:
The generated key, including its identifier.
Throws:
TechnicalConnectorException - When a technical exception occurs

getKey

GetKeyResponseContent getKey(GetKeyRequestContent request,
                             Credential encryption,
                             Credential serviceCredential,
                             Element samlAssertion,
                             Map<String,PrivateKey> decryptionKeys,
                             byte[] etk)
                             throws TechnicalConnectorException
Ask the eHealth-platform Key Generation and Storage Service (KGSS) to retrieve a key, based on a given key identifier. The following sequential steps are executed as part of this operation: 1. Encryption of the business message (GetKeyRequest) using the ETEE approach for addressed messages using the provided KGSS ETK. 2. Invocation of the getKey web service operation. 3. Decryption of the business message (GetKeyResponse) using the ETEE approach for addressed messages using the provided ETK of the invoking application/organization (included within GetKeyRequest). 4. Return decrypted GetKeyResponse.

Parameters:
request - Business content to request a key.
encryption - The credential to use for sealing the message contents, the certificate is used to seal the request, the private key is embedded in the request
serviceCredential - The credential to use in combination with your SAML assertion
samlAssertion - The SAML assertion you got back from STS to authenticate your request
decryptionKeys - The decrypion keys available for decrypting the received message from KGSS, you can use the ETEE tool to retrieve the decryption keys from your KeyStore
etk - ETK of the KGSS as retrieved via the Key Depot getETK operation
Returns:
The requested key
Throws:
TechnicalConnectorException - When a technical exception occurs



Connector Packaging PERSDIETICIAN 3.11.1 API
Copyright © {inceptionYear}-2016 eHealth. All Rights Reserved.