public class ConfigurationConstants extends Object
Modifier and Type | Field and Description |
---|---|
static String |
ACTION
The action parameter.
|
static String |
ACTOR
The actor or role name of the
wsse:Security header. |
static String |
ADD_INCLUSIVE_PREFIXES
Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod
child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS.
|
static String |
ADD_USERNAMETOKEN_CREATED
Whether to add a Created Element to a UsernameToken.
|
static String |
ADD_USERNAMETOKEN_NONCE
Whether to add a Nonce Element to a UsernameToken.
|
static String |
ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES
This variable controls whether (wsse) namespace qualified password types are
accepted when processing UsernameTokens.
|
static String |
ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM
Whether to allow the RSA v1.5 Key Transport Algorithm or not.
|
static String |
ALLOW_USERNAMETOKEN_NOPASSWORD
This variable controls whether a UsernameToken with no password element is allowed.
|
static String |
CUSTOM_TOKEN
Add a "Custom" token.
|
static String |
DEC_PROP_FILE
The path of the crypto property file to use for Decryption.
|
static String |
DEC_PROP_REF_ID
The key that holds a reference to the object holding complete information about
the decryption Crypto implementation.
|
static String |
DERIVED_ENCRYPTION_KEY_LENGTH
The length to use (in bytes) when deriving a key for Encryption.
|
static String |
DERIVED_KEY_ITERATIONS
This parameter sets the number of iterations to use when deriving a key
from a Username Token.
|
static String |
DERIVED_SIGNATURE_KEY_LENGTH
The length to use (in bytes) when deriving a key for Signature.
|
static String |
DERIVED_TOKEN_KEY_ID
This controls the key identifier of Derived Tokens, i.e.
|
static String |
DERIVED_TOKEN_REFERENCE
This controls the deriving token from which DerivedKeyTokens derive keys from.
|
static String |
ENABLE_REVOCATION
This variable controls whether to enable Certificate Revocation List (CRL) checking
or not when verifying trust in a certificate.
|
static String |
ENABLE_SIGNATURE_CONFIRMATION
Whether to enable signatureConfirmation or not.
|
static String |
ENC_DIGEST_ALGO
Defines which encryption digest algorithm to use with the RSA OAEP Key Transport
algorithm for encryption.
|
static String |
ENC_KEY_ID
Defines which key identifier type to use for encryption.
|
static String |
ENC_KEY_TRANSPORT
Defines which algorithm to use to encrypt the generated symmetric key.
|
static String |
ENC_MGF_ALGO
Defines which encryption mgf algorithm to use with the RSA OAEP Key Transport
algorithm for encryption.
|
static String |
ENC_PROP_FILE
The path of the crypto property file to use for Encryption.
|
static String |
ENC_PROP_REF_ID
The key that holds a reference to the object holding complete information about
the encryption Crypto implementation.
|
static String |
ENC_SYM_ALGO
Defines which symmetric encryption algorithm to use.
|
static String |
ENC_SYM_ENC_KEY
Defines whether to encrypt the symmetric encryption key or not.
|
static String |
ENCRYPT
Perform an Encryption action.
|
static String |
ENCRYPT_DERIVED
Perform an Encryption action with derived keys.
|
static String |
ENCRYPT_WITH_KERBEROS_TOKEN
Perform a Encryption action with a kerberos token.
|
static String |
ENCRYPTION_PARTS
Parameter to define which parts of the request shall be encrypted.
|
static String |
ENCRYPTION_USER
The user's name for encryption.
|
static String |
EXPAND_XOP_INCLUDE
Whether to search for and expand xop:Include Elements for encryption and signature (on the outbound
side) or for signature verification (on the inbound side).
|
static String |
EXPAND_XOP_INCLUDE_FOR_SIGNATURE
Deprecated.
|
static String |
GET_SECRET_KEY_FROM_CALLBACK_HANDLER
Whether to get a secret key from a CallbackHandler or not for encryption only.
|
static String |
HANDLE_CUSTOM_PASSWORD_TYPES
This variable controls whether types other than PasswordDigest or PasswordText
are allowed when processing UsernameTokens.
|
static String |
INCLUDE_ENCRYPTION_TOKEN
Whether to include the Encryption token (BinarySecurityToken) in the security header as well
or not.
|
static String |
INCLUDE_SIGNATURE_TOKEN
Whether to include the Signature Token in the security header as well or not.
|
static String |
IS_BSP_COMPLIANT
Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not.
|
static String |
KERBEROS_TOKEN
Add a kerberos token.
|
static String |
MUST_UNDERSTAND
Whether to set the mustUnderstand flag on an outbound message or not.
|
static String |
NONCE_CACHE_INSTANCE
This holds a reference to a ReplayCache instance used to cache UsernameToken nonces.
|
static String |
OPTIONAL_ENCRYPTION_PARTS
Parameter to define which parts of the request shall be encrypted, if they
exist in the request.
|
static String |
OPTIONAL_SIGNATURE_PARTS
Parameter to define which parts of the request shall be signed, if they
exist in the request.
|
static String |
PASSWORD_ENCRYPTOR_INSTANCE
This holds a reference to a PasswordEncryptor instance, which is used to encrypt or
decrypt passwords in the Merlin Crypto implementation (or any custom Crypto implementations).
|
static String |
PASSWORD_TYPE
Specific parameter for UsernameTokens to define the encoding of the password.
|
static String |
PW_CALLBACK_CLASS
This tag refers to the CallbackHandler implementation class used to obtain passwords.
|
static String |
PW_CALLBACK_REF
This tag refers to the CallbackHandler implementation object used to obtain
passwords.
|
static String |
REQUIRE_SIGNED_ENCRYPTED_DATA_ELEMENTS
Whether the engine needs to enforce EncryptedData elements are
in a signed subtree of the document.
|
static String |
REQUIRE_TIMESTAMP_EXPIRES
Set the value of this parameter to true to require that a Timestamp must have
an "Expires" Element.
|
static String |
SAML_CALLBACK_CLASS
This tag refers to the SAML CallbackHandler implementation class used to construct
SAML Assertions.
|
static String |
SAML_CALLBACK_REF
This tag refers to the SAML CallbackHandler implementation object used to construct
SAML Assertions.
|
static String |
SAML_ONE_TIME_USE_CACHE_INSTANCE
This holds a reference to a ReplayCache instance used to cache SAML2 Token Identifier
Strings (if the token contains a OneTimeUse Condition).
|
static String |
SAML_TOKEN_SIGNED
Perform a signed SAML Token action.
|
static String |
SAML_TOKEN_UNSIGNED
Perform an unsigned SAML Token action.
|
static String |
SIG_ALGO
Defines which signature algorithm to use.
|
static String |
SIG_C14N_ALGO
Defines which signature c14n (canonicalization) algorithm to use.
|
static String |
SIG_CERT_CONSTRAINTS_SEPARATOR
This configuration tag refers to the separator that is used to parse certificate constraints
configured in the SIG_SUBJECT_CERT_CONSTRAINTS and SIG_ISSUER_CERT_CONSTRAINTS configuration
tags.
|
static String |
SIG_DIGEST_ALGO
Defines which signature digest algorithm to use.
|
static String |
SIG_ISSUER_CERT_CONSTRAINTS
This configuration tag is a String (separated by the value specified for SIG_CERT_CONSTRAINTS_SEPARATOR)
of regular expressions which will be applied to the issuer DN of the certificate used for signature
validation, after trust verification of the certificate chain associated with the
certificate.
|
static String |
SIG_KEY_ID
Defines which key identifier type to use for signature.
|
static String |
SIG_PROP_FILE
The path of the crypto property file to use for Signature creation.
|
static String |
SIG_PROP_REF_ID
The key that holds a reference to the object holding complete information about
the signature Crypto implementation.
|
static String |
SIG_SUBJECT_CERT_CONSTRAINTS
This configuration tag is a String (separated by the value specified for SIG_CERT_CONSTRAINTS_SEPARATOR)
of regular expressions which will be applied to the subject DN of the certificate used for signature
validation, after trust verification of the certificate chain associated with the
certificate.
|
static String |
SIG_VER_PROP_FILE
The path of the crypto property file to use for Signature verification.
|
static String |
SIG_VER_PROP_REF_ID
The key that holds a reference to the object holding complete information about
the signature verification Crypto implementation.
|
static String |
SIGNATURE
Perform a Signature action.
|
static String |
SIGNATURE_DERIVED
Perform a Signature action with derived keys.
|
static String |
SIGNATURE_PARTS
Parameter to define which parts of the request shall be signed.
|
static String |
SIGNATURE_USER
The user's name for signature.
|
static String |
SIGNATURE_WITH_KERBEROS_TOKEN
Perform a Signature action with a kerberos token.
|
static String |
STORE_BYTES_IN_ATTACHMENT
Whether to store bytes (CipherData or BinarySecurityToken) in an attachment.
|
static String |
TIMESTAMP
Add a timestamp to the security header.
|
static String |
TIMESTAMP_CACHE_INSTANCE
This holds a reference to a ReplayCache instance used to cache Timestamp Created Strings.
|
static String |
TIMESTAMP_PRECISION
Set whether Timestamps have precision in milliseconds.
|
static String |
TIMESTAMP_STRICT
Set the value of this parameter to true to enable strict timestamp
handling.
|
static String |
TTL_FUTURE_TIMESTAMP
This configuration tag specifies the time in seconds in the future within which
the Created time of an incoming Timestamp is valid.
|
static String |
TTL_FUTURE_USERNAMETOKEN
This configuration tag specifies the time in seconds in the future within which
the Created time of an incoming UsernameToken is valid.
|
static String |
TTL_TIMESTAMP
Time-To-Live is the time difference between creation and expiry time in
seconds in the WSS Timestamp.
|
static String |
TTL_USERNAMETOKEN
Time-To-Live is the time difference between creation and expiry time in
seconds of the UsernameToken Created value.
|
static String |
USE_2005_12_NAMESPACE
Whether to use the "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
namespace for SecureConversation + Derived Keys.
|
static String |
USE_DERIVED_KEY_FOR_MAC
This parameter sets whether to use the Username Token derived key for a MAC
or not.
|
static String |
USE_REQ_SIG_CERT
Specifying this name as
ENCRYPTION_USER
triggers a special action to get the public key to use for encryption. |
static String |
USE_SINGLE_CERTIFICATE
This parameter sets whether to use a single certificate or a whole certificate
chain when constructing a BinarySecurityToken used for direct reference in
signature.
|
static String |
USER
The user's name.
|
static String |
USERNAME_TOKEN
Perform a UsernameToken action.
|
static String |
USERNAME_TOKEN_NO_PASSWORD
Perform a UsernameToken action with no password.
|
static String |
USERNAME_TOKEN_SIGNATURE
Perform a UsernameTokenSignature action.
|
static String |
VALIDATE_SAML_SUBJECT_CONFIRMATION
Whether to validate the SubjectConfirmation requirements of a received SAML Token
(sender-vouches or holder-of-key).
|
static String |
VALIDATOR_MAP
This tag refers to a Map of QName, Object (Validator) instances to be used to
validate tokens identified by their QName.
|
Modifier | Constructor and Description |
---|---|
protected |
ConfigurationConstants() |
public static final String ACTION
call.setProperty(ConfigurationConstants.ACTION, ConfigurationConstants.USERNAME_TOKEN);
public static final String USERNAME_TOKEN
public static final String USERNAME_TOKEN_SIGNATURE
public static final String USERNAME_TOKEN_NO_PASSWORD
public static final String SAML_TOKEN_UNSIGNED
public static final String SAML_TOKEN_SIGNED
public static final String SIGNATURE
public static final String ENCRYPT
public static final String TIMESTAMP
public static final String SIGNATURE_DERIVED
public static final String ENCRYPT_DERIVED
public static final String SIGNATURE_WITH_KERBEROS_TOKEN
public static final String ENCRYPT_WITH_KERBEROS_TOKEN
public static final String KERBEROS_TOKEN
public static final String CUSTOM_TOKEN
public static final String ACTOR
wsse:Security
header. If this parameter
is omitted, the actor name is not set.
The value of the actor or role has to match the receiver's setting
or may contain standard values.
The application may set this parameter using the following method:
call.setProperty(ConfigurationConstants.ACTOR, "ActorName");
public static final String USER
UsernameToken
.
SIGNATURE_USER
is not used.
ENCRYPTION_USER
is not used.
public static final String ENCRYPTION_USER
USER
parameter to get the
certificate.
If only encryption of the SOAP body data is requested,
it is recommended to use this parameter to define the username.
The application may set this parameter using the following method:
call.setProperty(ConfigurationConstants.ENCRYPTION_USER, "encryptionUser");
public static final String SIGNATURE_USER
USER
parameter.
The application may set this parameter using the following method:
call.setProperty(ConfigurationConstants.SIGNATURE_USER, "signatureUser");
public static final String USE_REQ_SIG_CERT
ENCRYPTION_USER
triggers a special action to get the public key to use for encryption.
The handler uses the public key of the sender's certificate. Using this
way to define an encryption key simplifies certificate management to
a large extent.public static final String PW_CALLBACK_CLASS
CallbackHandler
instance.
The callback function
CallbackHandler.handle(
javax.security.auth.callback.Callback[])
gets an array of
WSPasswordCallback
objects. Only the first entry of the
array is used. This object contains the username/keyname as identifier. The callback
handler must set the password or key associated with this identifier before it returns.
The application may set this parameter using the following method:
call.setProperty(ConfigurationConstants.PW_CALLBACK_CLASS, "PWCallbackClass");
public static final String PW_CALLBACK_REF
CallbackHandler
instance.
Refer to PW_CALLBACK_CLASS
for further information about password callback
handling.public static final String SAML_CALLBACK_CLASS
CallbackHandler
instance.public static final String SAML_CALLBACK_REF
CallbackHandler
instance.public static final String SIG_PROP_FILE
Crypto
interface implementation the property file must contain the property
org.apache.wss4j.crypto.provider
. The value of
this property is the classname of the implementation class.
The following line defines the standard implementation:
org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.MerlinThe other contents of the property file depend on the implementation of the
Crypto
interface. Please see the WSS4J website for more information on the Merlin property
tags and values.
The application may set this parameter using the following method:
call.setProperty(ConfigurationConstants.SIG_PROP_FILE, "myCrypto.properties");
public static final String SIG_PROP_REF_ID
java.util.Properties
file, which should contain all information that
would contain in an equivalent properties file which includes the Crypto implementation
class name.
Refer to documentation of SIG_PROP_FILE
.public static final String SIG_VER_PROP_FILE
SIG_PROP_FILE
.public static final String SIG_VER_PROP_REF_ID
java.util.Properties
file, which should contain all
information that would contain in an equivalent properties file which includes the
Crypto implementation class name.
Refer to documentation of SIG_VER_PROP_FILE
.public static final String DEC_PROP_FILE
SIG_PROP_FILE
for more information about the contents of the Properties file.
The application may set this parameter using the following method:
call.setProperty(ConfigurationConstants.DEC_PROP_FILE, "myCrypto.properties");
public static final String DEC_PROP_REF_ID
java.util.Properties
file, which should contain all information that
would contain in an equivalent properties file which includes the Crypto implementation
class name.
Refer to documentation of DEC_PROP_FILE
.public static final String ENC_PROP_FILE
SIG_PROP_FILE
for more information about the contents of the Properties file.
The application may set this parameter using the following method:
call.setProperty(ConfigurationConstants.ENC_PROP_FILE, "myCrypto.properties");
public static final String ENC_PROP_REF_ID
java.util.Properties
file, which should contain all information that
would contain in an equivalent properties file which includes the Crypto implementation
class name.
Refer to documentation of ENC_PROP_FILE
.public static final String ENABLE_SIGNATURE_CONFIRMATION
public static final String MUST_UNDERSTAND
call.setProperty(ConfigurationConstants.MUST_UNDERSTAND, "false");
public static final String IS_BSP_COMPLIANT
call.setProperty(ConfigurationConstants.IS_BSP_COMPLIANT, "false");
public static final String ADD_INCLUSIVE_PREFIXES
public static final String ADD_USERNAMETOKEN_NONCE
public static final String ADD_USERNAMETOKEN_CREATED
public static final String HANDLE_CUSTOM_PASSWORD_TYPES
public static final String ALLOW_USERNAMETOKEN_NOPASSWORD
public static final String ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES
public static final String ENABLE_REVOCATION
public static final String USE_SINGLE_CERTIFICATE
public static final String USE_DERIVED_KEY_FOR_MAC
public static final String TIMESTAMP_PRECISION
public static final String TIMESTAMP_STRICT
Expires
element and the semantics of the request are
expired, i.e. the current time at the receiver is past the expires time.public static final String REQUIRE_TIMESTAMP_EXPIRES
public static final String ENC_SYM_ENC_KEY
call.setProperty(ConfigurationConstants.ENC_SYM_ENC_KEY, "false");
public static final String REQUIRE_SIGNED_ENCRYPTED_DATA_ELEMENTS
public static final String ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM
public static final String VALIDATE_SAML_SUBJECT_CONFIRMATION
public static final String INCLUDE_SIGNATURE_TOKEN
public static final String INCLUDE_ENCRYPTION_TOKEN
public static final String USE_2005_12_NAMESPACE
public static final String GET_SECRET_KEY_FROM_CALLBACK_HANDLER
public static final String STORE_BYTES_IN_ATTACHMENT
@Deprecated public static final String EXPAND_XOP_INCLUDE_FOR_SIGNATURE
public static final String EXPAND_XOP_INCLUDE
public static final String PASSWORD_TYPE
public static final String SIG_KEY_ID
IssuerSerial
.
For signature IssuerSerial
, DirectReference
,
X509KeyIdentifier
, Thumbprint
, SKIKeyIdentifier
and KeyValue
are valid only.
The default is IssuerSerial
.
The application may set this parameter using the following method:
call.setProperty(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
public static final String SIG_ALGO
call.setProperty( ConfigurationConstants.SIG_ALGO, "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" );
public static final String SIG_DIGEST_ALGO
call.setProperty( ConfigurationConstants.SIG_DIGEST_ALGO, "http://www.w3.org/2001/04/xmlenc#sha256" );
public static final String SIG_C14N_ALGO
public static final String SIGNATURE_PARTS
ENCRYPTION_PARTS
for a detailed description of
the format of the value string.
If this parameter is not specified the handler signs the SOAP Body
by default, i.e.:
<parameter name="signatureParts" value="{}{http://schemas.xmlsoap.org/soap/envelope/}Body;" />To specify an element without a namespace use the string
Null
as the namespace name (this is a case sensitive
string)
If there is no other element in the request with a local name of
Body
then the SOAP namespace identifier can be empty
({}
).public static final String OPTIONAL_SIGNATURE_PARTS
ENCRYPTION_PARTS
for a detailed description of
the format of the value string.
public static final String DERIVED_KEY_ITERATIONS
public static final String ENC_KEY_ID
IssuerSerial
. For encryption
IssuerSerial
, DirectReference
, X509KeyIdentifier
,
Thumbprint
, SKIKeyIdentifier
, EncryptedKeySHA1
and EmbeddedKeyName
are valid only.
The default is IssuerSerial
.
The application may set this parameter using the following method:
call.setProperty(ConfigurationConstants.ENC_KEY_ID, "X509KeyIdentifier");
public static final String ENC_SYM_ALGO
call.setProperty(ConfigurationConstants.ENC_SYM_ALGO, WSConstants.AES_256);
public static final String ENC_KEY_TRANSPORT
call.setProperty(ConfigurationConstants.ENC_KEY_TRANSPORT, WSConstants.KEYTRANSPORT_RSA15);
public static final String ENCRYPTION_PARTS
{Content}
or
{Element}
. Please refer to the W3C XML Encryption
specification about the differences between Element and Content
encryption. The encryption mode defaults to Content
if it is omitted. Example of a list:
<parameter name="encryptionParts" value="{Content}{http://example.org/paymentv2}CreditCard; {Element}{}UserName" />The the first entry of the list identifies the element
CreditCard
in the namespace
http://example.org/paymentv2
, and will encrypt its content.
Be aware that the element name, the namespace identifier, and the
encryption modifier are case sensitive.
The encryption modifier and the namespace identifier can be ommited.
In this case the encryption mode defaults to Content
and
the namespace is set to the SOAP namespace.
An empty encryption mode defaults to Content
, an empty
namespace identifier defaults to the SOAP namespace.
The second line of the example defines Element
as
encryption mode for an UserName
element in the SOAP
namespace.
Note that the special value "{}cid:Attachments;" means that all of the message
attachments should be encrypted.
To specify an element without a namespace use the string
Null
as the namespace name (this is a case sensitive
string)
If no list is specified, the handler encrypts the SOAP Body in
Content
mode by default.public static final String OPTIONAL_ENCRYPTION_PARTS
ENCRYPTION_PARTS
for a detailed description of
the format of the value string.
public static final String ENC_DIGEST_ALGO
call.setProperty( ConfigurationConstants.ENC_DIGEST_ALGO, "http://www.w3.org/2001/04/xmlenc#sha256" );
public static final String ENC_MGF_ALGO
call.setProperty( ConfigurationConstants.ENC_MGF_ALGO, "http://www.w3.org/2009/xmlenc11#mgf1sha256" );
public static final String TTL_USERNAMETOKEN
public static final String TTL_FUTURE_USERNAMETOKEN
public static final String SIG_SUBJECT_CERT_CONSTRAINTS
public static final String SIG_ISSUER_CERT_CONSTRAINTS
public static final String SIG_CERT_CONSTRAINTS_SEPARATOR
public static final String TTL_TIMESTAMP
public static final String TTL_FUTURE_TIMESTAMP
public static final String VALIDATOR_MAP
public static final String NONCE_CACHE_INSTANCE
public static final String TIMESTAMP_CACHE_INSTANCE
public static final String SAML_ONE_TIME_USE_CACHE_INSTANCE
public static final String PASSWORD_ENCRYPTOR_INSTANCE
public static final String DERIVED_TOKEN_REFERENCE
public static final String DERIVED_TOKEN_KEY_ID
public static final String DERIVED_SIGNATURE_KEY_LENGTH
public static final String DERIVED_ENCRYPTION_KEY_LENGTH
Copyright © 2021 JBoss by Red Hat. All rights reserved.