Skip to main content


class HS.AU.SMD.EncryptedPayloadType extends %Library.RegisteredObject, %XML.Adaptor

Implementation of Australian E-health XML secured payload profiles. Document ATS 5821-2010

To create an encryptedPayload just call the Create class method with a data object and a %SYS.X509Credentials object that contains the certificate of the receiver. Additional EncryptedKey elements may be added using the AddEncryptedKey method.
An example of encrypting a signedPayload follows
  // obj is the oref of a data object which is a subclass of HS.AU.SMD.BaseDataType
  // obj is filled in as needed
  // get the credentials for signing
  set x509Sign = ##class(%SYS.X509Credentials).GetByAlias("MyConfig")
  // sign obj using these credentials to create signedPayload
  set payload=##class(HS.AU.SMD.SignedPayloadType).Create(obj,x509Sign,.sc)
  if $$$ISOK(sc) {
      // get the credentials for encrypting
      set x509Encrypt = ##class(%SYS.X509Credentials).GetByAlias("HisConfig")
      // encrypt usiing these credentials to create encryptedPayload
      set encryptedPayload=##class(HS.AU.SMD.EncryptedPayloadType).Create(payload,x509Encrypt,.sc)
  // if $$$ISERR(sc) report error
To validate an encryptedPayload call the Validate method of the EncryptedPayloadType object. An example of validating and decrypting an encryptd signedPayload follows. This example assume that this is a web service or client and ImportHandler is the DOM of the SOAP message and encryptedPayload is a web service argument or client return type. These variable would need to be obtained in other ways if not SOAP situation.
  // decrypt encryptedPayload and save back to document.
  set document=..ImportHandler
  if encryptedPayload.Validate(.document) {
     // find and instantiate signedPayload in decryptedPayload
     set reader=##class(%XML.Reader).%New()
     set reader.Document=document
     do reader.Correlate("signedPayload","HS.AU.SMD.SignedPayloadType")
     if reader.Next(.signedPayload,.sc) {
        set error=""
     } else {
        if $$$ISOK(sc) {
           set error="no signed payload"
        } else {
           set error="decrypt error: "_$system.Status.GetErrorText(sc)
  } else {
     set error="unable to decrypt"
     quit error
  if error="" {
     // validate signature.
     set sc=signedPayload.Validate(document)
     if $$$ISERR(sc) {
        set error="signature error: "_$system.Status.GetErrorText(sc)
  // if error="", then data is in signedPayload.signedPayloadData.content
  // otherwise report error

Property Inventory

Method Inventory


parameter NAMESPACE =;
Inherited description: NAMESPACE specifies the XML namespace to be used when projecting the class to XML. If NAMESPACE = "", the default namespace is used for the XML schema is used as the namespace for his class.
parameter XMLFORMAT = literal;
Inherited description: The XMLFORMAT parameter controls the generation of the XMLExport and XMLImport methods for XML enabled classes to include code for only literal or only encoded format. This allows the generated routines to be significantly smaller since usually both formats are not needed.

If XMLFORMAT="Literal", then only support for literal format import and export is generated.

If XMLFORMAT="Encoded", then only support for SOAP encoded format import and export is generated.

The default is to generate support for both literal and encoded format.

parameter XMLNAME = encryptedPayload;
Inherited description: This parameter provides the default XMLNAME for the class. If it is empty then the class name will be used to construct a default XML name. The default XMLNAME is used as the top level tag when exporting objects and the export context did not provide an XML container name.
parameter XMLPREFIX = ep;
Inherited description: The XMLPREFIX parameter controls the prefix to be used for the XML namespace that is given by the NAMESPACE parameter.


property EncryptedPayloadData as HS.AU.SMD.EncryptedPayloadDataType (XMLNAME = "encryptedPayloadData") [ Required ];
Property methods: EncryptedPayloadDataGet(), EncryptedPayloadDataGetSwizzled(), EncryptedPayloadDataIsValid(), EncryptedPayloadDataNewObject(), EncryptedPayloadDataSet()
property Keys as HS.AU.SMD.KeyListType (XMLNAME = "keys");
Property methods: KeysGet(), KeysGetSwizzled(), KeysIsValid(), KeysNewObject(), KeysSet()


method AddEncryptedKey(credentials As %SYS.X509Credentials) as %Status
Add an additional EncryptedKey containing the symmetric key for the EncryptedKey element. AddEncryptedKey method should be called after Create or CreateFromStream.
classmethod Create(data As HS.AU.SMD.BaseDataType, credentials As %SYS.X509Credentials = "", Output status As %Status) as HS.AU.SMD.SignedPayloadType
Create an EncryptedPayload and sign using a random symmetric key.
- data is the subclass of HS.AU.SMD.BaseDataType that contains the payload to encrypt.
- credentials contains the X.509 credentials used to encrypt the random symmetric key.
- If error, error %Status is stored in status argument.
classmethod CreateFromStream(stream As %BinaryStream, credentials As %SYS.X509Credentials = "", Output status As %Status) as HS.AU.SMD.SignedPayloadType
CreateFromStream creates an encryptedPayload and sign using a random symmetric key.
- stream is stream containing the data to be encrypted encoded as UTF-8.
- credentials contains the X.509 credentials used to encrypt the random symmetric key.
- If error, error %Status is stored in status argument.
method Validate(ByRef document As %XML.Document) as %Boolean
Validate and decrypt the EncryptedData in an encryptedPayload.
The document argument is the DOM for the document which contains the payload. The document will be modified to contain the decrypted data. Then %XML.Reader may be used to extract the decrypted object.

For SOAP messages, the document is in the ImportHandler property of the client or service. Otherwise the payload may be exported and then the %XML.Reader OpenStream method will convert the stream to a document in its Document property.

Inherited Members

Inherited Methods

FeedbackOpens in a new tab