public final class WSConstants extends WSS4JConstants
Modifier and Type | Field and Description |
---|---|
static QName |
BINARY_TOKEN
wsse:BinarySecurityToken as defined by WS Security specification |
static int |
BST |
static int |
BST_DIRECT_REFERENCE
Sets the
org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
method to send the signing certificate as a BinarySecurityToken . |
static int |
CUSTOM_KEY_IDENTIFIER
CUSTOM_KEY_IDENTIFIER is used to set a KeyIdentifier to
a particular ID
The reference id and value type are set externally. |
static int |
CUSTOM_SYMM_SIGNING
CUSTOM_SYMM_SIGNING is used internally only to set a
specific Signature behavior. |
static int |
CUSTOM_SYMM_SIGNING_DIRECT
CUSTOM_SYMM_SIGNING_DIRECT is used internally only to set a
specific Signature behavior. |
static int |
CUSTOM_TOKEN |
static QName |
DERIVED_KEY_TOKEN_05_02
wsc:DerivedKeyToken as defined by WS-SecureConversation specification |
static QName |
DERIVED_KEY_TOKEN_05_12
wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX |
static int |
DKT |
static int |
DKT_ENCR |
static int |
DKT_SIGN |
static int |
EMBED_SECURITY_TOKEN_REF
Deprecated.
|
static int |
EMBEDDED_KEYNAME
Deprecated.
|
static int |
ENCR |
static QName |
ENCRYPTED_ASSERTION
saml:EncryptedAssertion as defined by SAML v2.0 specification |
static QName |
ENCRYPTED_DATA
xenc:EncryptedData as defined by XML Encryption specification,
enhanced by WS Security specification |
static QName |
ENCRYPTED_KEY
xenc:EncryptedKey as defined by XML Encryption specification,
enhanced by WS Security specification |
static int |
ENCRYPTED_KEY_SHA1_IDENTIFIER
ENCRYPTED_KEY_SHA1_IDENTIFIER is used to set the specific key identifier
EncryptedKeySHA1. |
static int |
ENDPOINT_KEY_IDENTIFIER
ENDPOINT_KEY_IDENTIFIER is used to specify service endpoint as public key
identifier. |
static QName |
FAILED_AUTHENTICATION
The security token could not be authenticated or authorized
|
static QName |
FAILED_CHECK
The signature or decryption was invalid
|
static QName |
INVALID_SECURITY
An error was discovered processing the
|
static QName |
INVALID_SECURITY_TOKEN
An invalid security token was provided
|
static int |
ISSUER_SERIAL
Sets the
org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
or the org.apache.wss4j.dom.message.WSSecEncrypt#build(Document, Crypto, WSSecHeader)
method to send the issuer name and the serial number of a certificate to
the receiver. |
static int |
KEY_VALUE
KEY_VALUE is used to set a ds:KeyInfo/ds:KeyValue element to refer to
either an RSA or DSA public key. |
static QName |
MESSAGE_EXPIRED
The message has expired
|
static int |
NO_SECURITY |
static int |
NO_SERIALIZE |
static QName |
REFERENCE_LIST
xenc:ReferenceList as defined by XML Encryption specification, |
static QName |
SAML_TOKEN
saml:Assertion as defined by SAML v1.1 specification |
static QName |
SAML2_TOKEN
saml:Assertion as defined by SAML v2.0 specification |
static int |
SC |
static int |
SCT |
static QName |
SECURITY_CONTEXT_TOKEN_05_02
wsc:SecurityContextToken as defined by WS-SecureConversation specification |
static QName |
SECURITY_CONTEXT_TOKEN_05_12
wsc:SecurityContextToken as defined by WS-SecureConversation specification in
WS-SX |
static QName |
SECURITY_TOKEN_UNAVAILABLE
Referenced security token could not be retrieved
|
static int |
SERIALIZE |
static int |
SIGN |
static QName |
SIGNATURE
ds:Signature as defined by XML Signature specification,
enhanced by WS Security specification |
static QName |
SIGNATURE_CONFIRMATION
wsse11:signatureConfirmation as defined by OASIS WS Security specification, |
static int |
SKI_KEY_IDENTIFIER
Sets the
org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
method to send a SubjectKeyIdentifier to identify
the signing certificate. |
static int |
ST_SIGNED |
static int |
ST_UNSIGNED |
static int |
THUMBPRINT_IDENTIFIER
THUMPRINT_IDENTIFIER is used to set the specific key identifier
ThumbprintSHA1. |
static QName |
TIMESTAMP
wsu:Timestamp as defined by OASIS WS Security specification, |
static int |
TS |
static QName |
UNSUPPORTED_ALGORITHM
An unsupported signature or encryption algorithm was used
|
static QName |
UNSUPPORTED_SECURITY_TOKEN
An unsupported token was provided
|
static QName |
USERNAME_TOKEN
wsse:UsernameToken as defined by WS Security specification |
static int |
UT |
static int |
UT_NOPASSWORD |
static int |
UT_SIGN |
static int |
UT_SIGNING
UT_SIGNING is used internally only to set a specific Signature
behavior. |
static int |
X509_KEY_IDENTIFIER
Sets the
org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
or the org.apache.wss4j.dom.message.WSSecEncrypt#build(Document, Crypto, WSSecHeader)
method to send the certificate used to encrypt the symmetric key. |
AES_128, AES_128_GCM, AES_192, AES_192_GCM, AES_256, AES_256_GCM, ASSERTION_LN, ATTR_ACTOR, ATTR_MUST_UNDERSTAND, ATTR_ROLE, BASE64_ENCODING, BINARY_TOKEN_LN, C14N_EXCL_OMIT_COMMENTS, C14N_EXCL_OMIT_COMMENTS_PREFIX, C14N_EXCL_WITH_COMMENTS, C14N_OMIT_COMMENTS, C14N_WITH_COMMENTS, CREATED_LN, DEFAULT_SOAP_PREFIX, DSA, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, ELEM_BODY, ELEM_ENVELOPE, ELEM_HEADER, ENC_DATA_LN, ENC_KEY_LN, ENC_KEY_SHA1_URI, ENC_KEY_VALUE_TYPE, ENC_NS, ENC_PREFIX, ENC11_NS, ENC11_PREFIX, ENCRYPED_ASSERTION_LN, ENCRYPTED_HEADER, EXPIRES_LN, HMAC_MD5, HMAC_SHA1, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512, ITERATION_LN, KERBEROS_NS11, KEYINFO_LN, KEYTRANSPORT_RSA15, KEYTRANSPORT_RSAOAEP, KEYTRANSPORT_RSAOAEP_XENC11, KEYVALUE_LN, MGF_SHA1, MGF_SHA224, MGF_SHA256, MGF_SHA384, MGF_SHA512, NONCE_LN, NS_XMLDSIG_ENVELOPED_SIGNATURE, NS_XMLDSIG_FILTER2, NULL_NS, OLD_WSSE_NS, PASSWORD_DIGEST, PASSWORD_LN, PASSWORD_TEXT, PASSWORD_TYPE_ATTR, PW_DIGEST, PW_NONE, PW_TEXT, REF_LIST_LN, REF_LN, RSA, RSA_SHA1, RSA_SHA256, SALT_LN, SAML_ASSERTION_ID, SAML_NS, SAML2_ASSERTION_ID, SAML2_NS, SAMLP_NS, SAMLP2_NS, SAMLTOKEN_NS, SAMLTOKEN_NS11, SHA1, SHA256, SHA384, SHA512, SIG_INFO_LN, SIG_LN, SIG_NS, SIG_PREFIX, SIGNATURE_CONFIRMATION_LN, SOAPMESSAGE_NS, SOAPMESSAGE_NS11, SWA_ATTACHMENT_CIPHERTEXT_TRANS, SWA_ATTACHMENT_COMPLETE_SIG_TRANS, SWA_ATTACHMENT_CONTENT_SIG_TRANS, SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_COMPLETE, SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_CONTENT_ONLY, THUMBPRINT, TIMESTAMP_TOKEN_LN, TOKEN_TYPE, TRIPLE_DES, URI_SOAP11_ENV, URI_SOAP11_NEXT_ACTOR, URI_SOAP12_ENV, URI_SOAP12_NEXT_ROLE, URI_SOAP12_NONE_ROLE, URI_SOAP12_ULTIMATE_ROLE, URIS_SOAP_ENV, USERNAME_LN, USERNAME_TOKEN_LN, USERNAMETOKEN_NS, WSC_SCT, WSC_SCT_05_12, WSS_ENC_KEY_VALUE_TYPE, WSS_GSS_KRB_V5_AP_REQ, WSS_GSS_KRB_V5_AP_REQ1510, WSS_GSS_KRB_V5_AP_REQ4120, WSS_KRB_KI_VALUE_TYPE, WSS_KRB_V5_AP_REQ, WSS_KRB_V5_AP_REQ1510, WSS_KRB_V5_AP_REQ4120, WSS_SAML_KI_VALUE_TYPE, WSS_SAML_TOKEN_TYPE, WSS_SAML2_KI_VALUE_TYPE, WSS_SAML2_TOKEN_TYPE, WSS_USERNAME_TOKEN_VALUE_TYPE, WSSE_LN, WSSE_NS, WSSE_PREFIX, WSSE11_NS, WSSE11_PREFIX, WST_NS, WST_NS_05_12, WST_NS_08_02, WSU_NS, WSU_PREFIX, X509_CERT_LN, X509_DATA_LN, X509_ISSUER_NAME_LN, X509_ISSUER_SERIAL_LN, X509_SERIAL_NUMBER_LN, X509TOKEN_NS, XML_NS, XMLNS_NS, XOP_NS
public static final QName BINARY_TOKEN
wsse:BinarySecurityToken
as defined by WS Security specificationpublic static final QName USERNAME_TOKEN
wsse:UsernameToken
as defined by WS Security specificationpublic static final QName TIMESTAMP
wsu:Timestamp
as defined by OASIS WS Security specification,public static final QName SIGNATURE_CONFIRMATION
wsse11:signatureConfirmation
as defined by OASIS WS Security specification,public static final QName SIGNATURE
ds:Signature
as defined by XML Signature specification,
enhanced by WS Security specificationpublic static final QName ENCRYPTED_KEY
xenc:EncryptedKey
as defined by XML Encryption specification,
enhanced by WS Security specificationpublic static final QName ENCRYPTED_DATA
xenc:EncryptedData
as defined by XML Encryption specification,
enhanced by WS Security specificationpublic static final QName REFERENCE_LIST
xenc:ReferenceList
as defined by XML Encryption specification,public static final QName SAML_TOKEN
saml:Assertion
as defined by SAML v1.1 specificationpublic static final QName SAML2_TOKEN
saml:Assertion
as defined by SAML v2.0 specificationpublic static final QName ENCRYPTED_ASSERTION
saml:EncryptedAssertion
as defined by SAML v2.0 specificationpublic static final QName DERIVED_KEY_TOKEN_05_02
wsc:DerivedKeyToken
as defined by WS-SecureConversation specificationpublic static final QName SECURITY_CONTEXT_TOKEN_05_02
wsc:SecurityContextToken
as defined by WS-SecureConversation specificationpublic static final QName DERIVED_KEY_TOKEN_05_12
wsc:DerivedKeyToken
as defined by WS-SecureConversation specification in WS-SXpublic static final QName SECURITY_CONTEXT_TOKEN_05_12
wsc:SecurityContextToken
as defined by WS-SecureConversation specification in
WS-SXpublic static final QName UNSUPPORTED_SECURITY_TOKEN
public static final QName UNSUPPORTED_ALGORITHM
public static final QName INVALID_SECURITY
public static final QName INVALID_SECURITY_TOKEN
public static final QName FAILED_AUTHENTICATION
public static final QName FAILED_CHECK
public static final QName SECURITY_TOKEN_UNAVAILABLE
public static final QName MESSAGE_EXPIRED
public static final int BST_DIRECT_REFERENCE
org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
method to send the signing certificate as a BinarySecurityToken
.
The signing method takes the signing certificate, converts it to a
BinarySecurityToken
, puts it in the security header,
and inserts a Reference
to the binary security token
into the wsse:SecurityReferenceToken
. Thus the whole
signing certificate is transfered to the receiver.
The X509 profile recommends to use ISSUER_SERIAL
instead
of sending the whole certificate.
Please refer to WS Security specification X509 1.1 profile, chapter 3.3.2
and to WS Security SOAP Message security 1.1 specification, chapter 7.2
Note: only local references to BinarySecurityToken are supportedpublic static final int ISSUER_SERIAL
org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
or the org.apache.wss4j.dom.message.WSSecEncrypt#build(Document, Crypto, WSSecHeader)
method to send the issuer name and the serial number of a certificate to
the receiver.
In contrast to BST_DIRECT_REFERENCE
only the issuer name
and the serial number of the signing certificate are sent to the
receiver. This reduces the amount of data being sent. The encryption
method uses the public key associated with this certificate to encrypt
the symmetric key used to encrypt data.
Please refer to WS Security specification X509 1.1 profile, chapter 3.3.3public static final int X509_KEY_IDENTIFIER
org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
or the org.apache.wss4j.dom.message.WSSecEncrypt#build(Document, Crypto, WSSecHeader)
method to send the certificate used to encrypt the symmetric key.
The encryption method uses the public key associated with this certificate
to encrypt the symmetric key used to encrypt data. The certificate is
converted into a KeyIdentifier
token and sent to the receiver.
Thus the complete certificate data is transfered to receiver.
The X509 profile recommends to use ISSUER_SERIAL
instead
of sending the whole certificate.
Please refer to WS Security SOAP Message security 1.1 specification,
chapter 7.3. Note that this is a NON-STANDARD method. The standard way to refer to
an X.509 Certificate via a KeyIdentifier is to use SKI_KEY_IDENTIFIER
public static final int SKI_KEY_IDENTIFIER
org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
method to send a SubjectKeyIdentifier
to identify
the signing certificate.
Refer to WS Security specification X509 1.1 profile, chapter 3.3.1@Deprecated public static final int EMBEDDED_KEYNAME
@Deprecated public static final int EMBED_SECURITY_TOKEN_REF
public static final int UT_SIGNING
UT_SIGNING
is used internally only to set a specific Signature
behavior.
The signing token is constructed from values in the UsernameToken according
to WS-Trust specification.public static final int THUMBPRINT_IDENTIFIER
THUMPRINT_IDENTIFIER
is used to set the specific key identifier
ThumbprintSHA1.
This identifier uses the SHA-1 digest of a security token to
identify the security token. Please refer to chapter 7.2 of the OASIS WSS 1.1
specification.public static final int CUSTOM_SYMM_SIGNING
CUSTOM_SYMM_SIGNING
is used internally only to set a
specific Signature behavior.
The signing key, reference id and value type are set externally.public static final int ENCRYPTED_KEY_SHA1_IDENTIFIER
ENCRYPTED_KEY_SHA1_IDENTIFIER
is used to set the specific key identifier
EncryptedKeySHA1.
This identifier uses the SHA-1 digest of a security token to
identify the security token. Please refer to chapter 7.3 of the OASIS WSS 1.1
specification.public static final int CUSTOM_SYMM_SIGNING_DIRECT
CUSTOM_SYMM_SIGNING_DIRECT
is used internally only to set a
specific Signature behavior.
The signing key, reference id and value type are set externally.public static final int CUSTOM_KEY_IDENTIFIER
CUSTOM_KEY_IDENTIFIER
is used to set a KeyIdentifier to
a particular ID
The reference id and value type are set externally.public static final int KEY_VALUE
KEY_VALUE
is used to set a ds:KeyInfo/ds:KeyValue element to refer to
either an RSA or DSA public key.public static final int ENDPOINT_KEY_IDENTIFIER
ENDPOINT_KEY_IDENTIFIER
is used to specify service endpoint as public key
identifier.
Constant is useful in case of symmetric holder of key, where token service can determine
target service public key to encrypt shared secret.public static final int NO_SECURITY
public static final int UT
public static final int SIGN
public static final int ENCR
public static final int ST_UNSIGNED
public static final int ST_SIGNED
public static final int TS
public static final int UT_SIGN
public static final int SC
public static final int NO_SERIALIZE
public static final int SERIALIZE
public static final int SCT
public static final int DKT
public static final int BST
public static final int UT_NOPASSWORD
public static final int CUSTOM_TOKEN
public static final int DKT_SIGN
public static final int DKT_ENCR
Copyright © 2021 JBoss by Red Hat. All rights reserved.