HS.AU.SMD.EncryptedPayloadType
class HS.AU.SMD.EncryptedPayloadType extends %Library.RegisteredObject, %XML.Adaptor
Implementation of Australian E-health XML secured payload profiles. Document ATS 5821-2010To create an encryptedPayload just call the Create class method with a data object and a %SYS.X509Credentials object that contains the certificate of the receiver. Additional EncryptedKey elements may be added using the AddEncryptedKey method.
An example of encrypting a signedPayload follows
// obj is the oref of a data object which is a subclass of HS.AU.SMD.BaseDataType // obj is filled in as needed // get the credentials for signing set x509Sign = ##class(%SYS.X509Credentials).GetByAlias("MyConfig") // sign obj using these credentials to create signedPayload set payload=##class(HS.AU.SMD.SignedPayloadType).Create(obj,x509Sign,.sc) if $$$ISOK(sc) { // get the credentials for encrypting set x509Encrypt = ##class(%SYS.X509Credentials).GetByAlias("HisConfig") // encrypt usiing these credentials to create encryptedPayload set encryptedPayload=##class(HS.AU.SMD.EncryptedPayloadType).Create(payload,x509Encrypt,.sc) } // if $$$ISERR(sc) report errorTo validate an encryptedPayload call the Validate method of the EncryptedPayloadType object. An example of validating and decrypting an encryptd signedPayload follows. This example assume that this is a web service or client and ImportHandler is the DOM of the SOAP message and encryptedPayload is a web service argument or client return type. These variable would need to be obtained in other ways if not SOAP situation.
// decrypt encryptedPayload and save back to document. set document=..ImportHandler if encryptedPayload.Validate(.document) { // find and instantiate signedPayload in decryptedPayload set reader=##class(%XML.Reader).%New() set reader.Document=document do reader.Correlate("signedPayload","HS.AU.SMD.SignedPayloadType") if reader.Next(.signedPayload,.sc) { set error="" } else { if $$$ISOK(sc) { set error="no signed payload" } else { set error="decrypt error: "_$system.Status.GetErrorText(sc) } } } else { set error="unable to decrypt" quit error } if error="" { // validate signature. set sc=signedPayload.Validate(document) if $$$ISERR(sc) { set error="signature error: "_$system.Status.GetErrorText(sc) } } // if error="", then data is in signedPayload.signedPayloadData.content // otherwise report error
Property Inventory
Method Inventory
Parameters
parameter NAMESPACE = http://ns.electronichealth.net.au/xsp/xsd/EncryptedPayload/2010;
Inherited description: NAMESPACE specifies the XML namespace to be used when projecting the
class to XML. If NAMESPACE = "", the default namespace is used for the XML schema
is used as the namespace for his class.
parameter XMLFORMAT = literal;
Inherited description: The XMLFORMAT parameter controls the generation of the XMLExport and XMLImport
methods for XML enabled classes to include code for only literal or only encoded format.
This allows the generated routines to be significantly smaller since usually
both formats are not needed.
If XMLFORMAT="Literal", then only support for literal format import and export is generated.
If XMLFORMAT="Encoded", then only support for SOAP encoded format import and export is generated.
The default is to generate support for both literal and encoded format.
parameter XMLNAME = encryptedPayload;
Inherited description: This parameter provides the default XMLNAME for the class. If it is
empty then the class name will be used to construct a default XML name.
The default XMLNAME is used as the top level tag
when exporting objects and the export context
did not provide an XML container name.
parameter XMLPREFIX = ep;
Inherited description: The XMLPREFIX parameter controls the prefix to be used for the XML namespace that
is given by the NAMESPACE parameter.
Properties
property EncryptedPayloadData as HS.AU.SMD.EncryptedPayloadDataType (XMLNAME = "encryptedPayloadData") [ Required ];
Property methods: EncryptedPayloadDataGet(), EncryptedPayloadDataGetSwizzled(), EncryptedPayloadDataIsValid(), EncryptedPayloadDataNewObject(), EncryptedPayloadDataSet()
property Keys as HS.AU.SMD.KeyListType (XMLNAME = "keys");
Property methods: KeysGet(), KeysGetSwizzled(), KeysIsValid(), KeysNewObject(), KeysSet()
Methods
method AddEncryptedKey(credentials As %SYS.X509Credentials) as %Status
Add an additional EncryptedKey containing the symmetric key for the EncryptedKey element.
AddEncryptedKey method should be called after Create or CreateFromStream.
classmethod Create(data As HS.AU.SMD.BaseDataType, credentials As %SYS.X509Credentials = "", Output status As %Status) as HS.AU.SMD.SignedPayloadType
Create an EncryptedPayload and sign using a random symmetric key.
- data is the subclass of HS.AU.SMD.BaseDataType that contains the payload to encrypt.
- credentials contains the X.509 credentials used to encrypt the random symmetric key.
- If error, error %Status is stored in status argument.
- data is the subclass of HS.AU.SMD.BaseDataType that contains the payload to encrypt.
- credentials contains the X.509 credentials used to encrypt the random symmetric key.
- If error, error %Status is stored in status argument.
classmethod CreateFromStream(stream As %BinaryStream, credentials As %SYS.X509Credentials = "", Output status As %Status) as HS.AU.SMD.SignedPayloadType
CreateFromStream creates an encryptedPayload and sign using a random symmetric key.
- stream is stream containing the data to be encrypted encoded as UTF-8.
- credentials contains the X.509 credentials used to encrypt the random symmetric key.
- If error, error %Status is stored in status argument.
- stream is stream containing the data to be encrypted encoded as UTF-8.
- credentials contains the X.509 credentials used to encrypt the random symmetric key.
- If error, error %Status is stored in status argument.
method Validate(ByRef document As %XML.Document) as %Boolean
Validate and decrypt the EncryptedData in an encryptedPayload.
The document argument is the DOM for the document which contains the payload. The document will be modified to contain the decrypted data. Then %XML.Reader may be used to extract the decrypted object.
For SOAP messages, the document is in the ImportHandler property of the client or service. Otherwise the payload may be exported and then the %XML.Reader OpenStream method will convert the stream to a document in its Document property.
The document argument is the DOM for the document which contains the payload. The document will be modified to contain the decrypted data. Then %XML.Reader may be used to extract the decrypted object.
For SOAP messages, the document is in the ImportHandler property of the client or service. Otherwise the payload may be exported and then the %XML.Reader OpenStream method will convert the stream to a document in its Document property.
Inherited Members
Inherited Methods
- %AddToSaveSet()
- %ClassIsLatestVersion()
- %ClassName()
- %ConstructClone()
- %DispatchClassMethod()
- %DispatchGetModified()
- %DispatchGetProperty()
- %DispatchMethod()
- %DispatchSetModified()
- %DispatchSetMultidimProperty()
- %DispatchSetProperty()
- %Extends()
- %GetParameter()
- %IsA()
- %IsModified()
- %New()
- %NormalizeObject()
- %ObjectModified()
- %OriginalNamespace()
- %PackageName()
- %RemoveFromSaveSet()
- %SerializeObject()
- %SetModified()
- %ValidateObject()
- XMLDTD()
- XMLExport()
- XMLExportToStream()
- XMLExportToString()
- XMLNew()
- XMLSchema()
- XMLSchemaNamespace()
- XMLSchemaType()