Package org.apache.wss4j.dom

Class WSConstants

java.lang.Object
org.apache.wss4j.common.WSS4JConstants
org.apache.wss4j.dom.WSConstants
public final class WSConstants extends WSS4JConstants
Constants in WS-Security spec.

  • Field Details

    • BINARY_TOKEN

      public static final QName BINARY_TOKEN
      wsse:BinarySecurityToken as defined by WS Security specification

    • USERNAME_TOKEN

      public static final QName USERNAME_TOKEN
      wsse:UsernameToken as defined by WS Security specification

    • TIMESTAMP

      public static final QName TIMESTAMP
      wsu:Timestamp as defined by OASIS WS Security specification,

    • SIGNATURE_CONFIRMATION

      public static final QName SIGNATURE_CONFIRMATION
      wsse11:signatureConfirmation as defined by OASIS WS Security specification,

    • SIGNATURE

      public static final QName SIGNATURE
      ds:Signature as defined by XML Signature specification, enhanced by WS Security specification

    • ENCRYPTED_KEY

      public static final QName ENCRYPTED_KEY
      xenc:EncryptedKey as defined by XML Encryption specification, enhanced by WS Security specification

    • ENCRYPTED_DATA

      public static final QName ENCRYPTED_DATA
      xenc:EncryptedData as defined by XML Encryption specification, enhanced by WS Security specification

    • REFERENCE_LIST

      public static final QName REFERENCE_LIST
      xenc:ReferenceList as defined by XML Encryption specification,

    • SAML_TOKEN

      public static final QName SAML_TOKEN
      saml:Assertion as defined by SAML v1.1 specification

    • SAML2_TOKEN

      public static final QName SAML2_TOKEN
      saml:Assertion as defined by SAML v2.0 specification

    • ENCRYPTED_ASSERTION

      public static final QName ENCRYPTED_ASSERTION
      saml:EncryptedAssertion as defined by SAML v2.0 specification

    • DERIVED_KEY_TOKEN_05_02

      public static final QName DERIVED_KEY_TOKEN_05_02
      wsc:DerivedKeyToken as defined by WS-SecureConversation specification

    • SECURITY_CONTEXT_TOKEN_05_02

      public static final QName SECURITY_CONTEXT_TOKEN_05_02
      wsc:SecurityContextToken as defined by WS-SecureConversation specification

    • DERIVED_KEY_TOKEN_05_12

      public static final QName DERIVED_KEY_TOKEN_05_12
      wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX

    • SECURITY_CONTEXT_TOKEN_05_12

      public static final QName SECURITY_CONTEXT_TOKEN_05_12
      wsc:SecurityContextToken as defined by WS-SecureConversation specification in WS-SX

    • UNSUPPORTED_SECURITY_TOKEN

      public static final QName UNSUPPORTED_SECURITY_TOKEN
      An unsupported token was provided

    • UNSUPPORTED_ALGORITHM

      public static final QName UNSUPPORTED_ALGORITHM
      An unsupported signature or encryption algorithm was used

    • INVALID_SECURITY

      public static final QName INVALID_SECURITY
      An error was discovered processing the header

    • INVALID_SECURITY_TOKEN

      public static final QName INVALID_SECURITY_TOKEN
      An invalid security token was provided

    • FAILED_AUTHENTICATION

      public static final QName FAILED_AUTHENTICATION
      The security token could not be authenticated or authorized

    • FAILED_CHECK

      public static final QName FAILED_CHECK
      The signature or decryption was invalid

    • SECURITY_TOKEN_UNAVAILABLE

      public static final QName SECURITY_TOKEN_UNAVAILABLE
      Referenced security token could not be retrieved

    • MESSAGE_EXPIRED

      public static final QName MESSAGE_EXPIRED
      The message has expired

    • BST_DIRECT_REFERENCE

      public static final int BST_DIRECT_REFERENCE
      Sets the org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader) method to send the signing certificate as a BinarySecurityToken.

      The signing method takes the signing certificate, converts it to a BinarySecurityToken, puts it in the security header, and inserts a Reference to the binary security token into the wsse:SecurityReferenceToken. Thus the whole signing certificate is transfered to the receiver. The X509 profile recommends to use ISSUER_SERIAL instead of sending the whole certificate.

      Please refer to WS Security specification X509 1.1 profile, chapter 3.3.2 and to WS Security SOAP Message security 1.1 specification, chapter 7.2

      Note: only local references to BinarySecurityToken are supported

      See Also:

    • ISSUER_SERIAL

      public static final int ISSUER_SERIAL
      Sets the WSSecSignature.build(Crypto) or the WSSecEncrypt.build(Crypto, SecretKey) method to send the issuer name and the serial number of a certificate to the receiver.

      In contrast to BST_DIRECT_REFERENCE only the issuer name and the serial number of the signing certificate are sent to the receiver. This reduces the amount of data being sent. The encryption method uses the public key associated with this certificate to encrypt the symmetric key used to encrypt data. The name format will delimit unicode characters with a '\' which is not compatible with Microsoft's WCF stack. To send issuer name with format that is compatible with WCF and Java use ISSUER_SERIAL_QUOTE_FORMAT

      Please refer to WS Security specification X509 1.1 profile, chapter 3.3.3

      See Also:

    • X509_KEY_IDENTIFIER

      public static final int X509_KEY_IDENTIFIER
      Sets the org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader) or the org.apache.wss4j.dom.message.WSSecEncrypt#build(Document, Crypto, WSSecHeader)method to send the certificate used to encrypt the symmetric key.

      The encryption method uses the public key associated with this certificate to encrypt the symmetric key used to encrypt data. The certificate is converted into a KeyIdentifier token and sent to the receiver. Thus the complete certificate data is transferred to receiver. The X509 profile recommends to use ISSUER_SERIAL instead of sending the whole certificate.

      Please refer to WS Security SOAP Message security 1.1 specification, chapter 7.3. Note that this is a NON-STANDARD method. The standard way to refer to an X.509 Certificate via a KeyIdentifier is to use SKI_KEY_IDENTIFIER

      See Also:

    • SKI_KEY_IDENTIFIER

      public static final int SKI_KEY_IDENTIFIER
      Sets the org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader) method to send a SubjectKeyIdentifier to identify the signing certificate.

      Refer to WS Security specification X509 1.1 profile, chapter 3.3.1

      See Also:

    • EMBEDDED_KEYNAME

      @Deprecated public static final int EMBEDDED_KEYNAME
      Deprecated.
      Embeds a keyinfo/key name into the EncryptedData element.

      See Also:

    • EMBED_SECURITY_TOKEN_REF

      @Deprecated public static final int EMBED_SECURITY_TOKEN_REF
      Deprecated.
      Embeds a keyinfo/wsse:SecurityTokenReference into EncryptedData element.
      See Also:

    • UT_SIGNING

      public static final int UT_SIGNING
      UT_SIGNING is used internally only to set a specific Signature behavior. The signing token is constructed from values in the UsernameToken according to WS-Trust specification.
      See Also:

    • THUMBPRINT_IDENTIFIER

      public static final int THUMBPRINT_IDENTIFIER
      THUMPRINT_IDENTIFIER is used to set the specific key identifier ThumbprintSHA1. This identifier uses the SHA-1 digest of a security token to identify the security token. Please refer to chapter 7.2 of the OASIS WSS 1.1 specification.
      See Also:

    • CUSTOM_SYMM_SIGNING

      public static final int CUSTOM_SYMM_SIGNING
      CUSTOM_SYMM_SIGNING is used internally only to set a specific Signature behavior. The signing key, reference id and value type are set externally.
      See Also:

    • ENCRYPTED_KEY_SHA1_IDENTIFIER

      public static final int ENCRYPTED_KEY_SHA1_IDENTIFIER
      ENCRYPTED_KEY_SHA1_IDENTIFIER is used to set the specific key identifier EncryptedKeySHA1. This identifier uses the SHA-1 digest of a security token to identify the security token. Please refer to chapter 7.3 of the OASIS WSS 1.1 specification.
      See Also:

    • CUSTOM_SYMM_SIGNING_DIRECT

      public static final int CUSTOM_SYMM_SIGNING_DIRECT
      CUSTOM_SYMM_SIGNING_DIRECT is used internally only to set a specific Signature behavior. The signing key, reference id and value type are set externally.
      See Also:

    • CUSTOM_KEY_IDENTIFIER

      public static final int CUSTOM_KEY_IDENTIFIER
      CUSTOM_KEY_IDENTIFIER is used to set a KeyIdentifier to a particular ID The reference id and value type are set externally.
      See Also:

    • KEY_VALUE

      public static final int KEY_VALUE
      KEY_VALUE is used to set a ds:KeyInfo/ds:KeyValue element to refer to either an RSA or DSA public key.
      See Also:

    • ENDPOINT_KEY_IDENTIFIER

      public static final int ENDPOINT_KEY_IDENTIFIER
      ENDPOINT_KEY_IDENTIFIER is used to specify service endpoint as public key identifier. Constant is useful in case of symmetric holder of key, where token service can determine target service public key to encrypt shared secret.
      See Also:

    • ISSUER_SERIAL_QUOTE_FORMAT

      public static final int ISSUER_SERIAL_QUOTE_FORMAT
      Sets the WSSecSignature.build(Crypto) or the WSSecEncrypt.build(Crypto, SecretKey) method to send the issuer name and the serial number of a certificate to the receiver.

      In contrast to BST_DIRECT_REFERENCE only the issuer name and the serial number of the signing certificate are sent to the receiver. This reduces the amount of data being sent. The encryption method uses the public key associated with this certificate to encrypt the symmetric key used to encrypt data. The issuer name format will use a quote delimited Rfc 2253 format if necessary which is recognized by the Microsoft's WCF stack. It also places a space before each subsequent RDN also required for WCF interoperability. In addition, this format is know to be correctly interpreted by Java.

      Please refer to WS Security specification X509 1.1 profile, chapter 3.3.3

      See Also:

    • X509_SKI

      public static final int X509_SKI
      X509_SKI is used to set a ds:X509Data/ds:KeyValue element to refer to the base64 encoded plain value of a X509 V.3 SubjectKeyIdentifier extension
      See Also:

    • NO_SECURITY

      public static final int NO_SECURITY
      See Also:

    • UT

      public static final int UT
      See Also:

    • SIGN

      public static final int SIGN
      See Also:

    • ENCR

      public static final int ENCR
      See Also:

    • ST_UNSIGNED

      public static final int ST_UNSIGNED
      See Also:

    • ST_SIGNED

      public static final int ST_SIGNED
      See Also:

    • TS

      public static final int TS
      See Also:

    • UT_SIGN

      public static final int UT_SIGN
      See Also:

    • SC

      public static final int SC
      See Also:

    • NO_SERIALIZE

      public static final int NO_SERIALIZE
      See Also:

    • SERIALIZE

      public static final int SERIALIZE
      See Also:

    • SCT

      public static final int SCT
      See Also:

    • DKT

      public static final int DKT
      See Also:

    • BST

      public static final int BST
      See Also:

    • UT_NOPASSWORD

      public static final int UT_NOPASSWORD
      See Also:

    • CUSTOM_TOKEN

      public static final int CUSTOM_TOKEN
      See Also:

    • DKT_SIGN

      public static final int DKT_SIGN
      See Also:

    • DKT_ENCR

      public static final int DKT_ENCR
      See Also: