Package org.apache.wss4j.dom
Class WSConstants
- java.lang.Object
-
- org.apache.wss4j.common.WSS4JConstants
-
- org.apache.wss4j.dom.WSConstants
-
public final class WSConstants extends WSS4JConstants
Constants in WS-Security spec.
-
-
Field Summary
Fields Modifier and Type Field Description static QName
BINARY_TOKEN
wsse:BinarySecurityToken
as defined by WS Security specificationstatic int
BST
static int
BST_DIRECT_REFERENCE
Sets theorg.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
method to send the signing certificate as aBinarySecurityToken
.static int
CUSTOM_KEY_IDENTIFIER
CUSTOM_KEY_IDENTIFIER
is used to set a KeyIdentifier to a particular ID The reference id and value type are set externally.static int
CUSTOM_SYMM_SIGNING
CUSTOM_SYMM_SIGNING
is used internally only to set a specific Signature behavior.static int
CUSTOM_SYMM_SIGNING_DIRECT
CUSTOM_SYMM_SIGNING_DIRECT
is used internally only to set a specific Signature behavior.static int
CUSTOM_TOKEN
static QName
DERIVED_KEY_TOKEN_05_02
wsc:DerivedKeyToken
as defined by WS-SecureConversation specificationstatic QName
DERIVED_KEY_TOKEN_05_12
wsc:DerivedKeyToken
as defined by WS-SecureConversation specification in WS-SXstatic int
DKT
static int
DKT_ENCR
static int
DKT_SIGN
static int
EMBED_SECURITY_TOKEN_REF
Deprecated.static int
EMBEDDED_KEYNAME
Deprecated.static int
ENCR
static QName
ENCRYPTED_ASSERTION
saml:EncryptedAssertion
as defined by SAML v2.0 specificationstatic QName
ENCRYPTED_DATA
xenc:EncryptedData
as defined by XML Encryption specification, enhanced by WS Security specificationstatic QName
ENCRYPTED_KEY
xenc:EncryptedKey
as defined by XML Encryption specification, enhanced by WS Security specificationstatic int
ENCRYPTED_KEY_SHA1_IDENTIFIER
ENCRYPTED_KEY_SHA1_IDENTIFIER
is used to set the specific key identifier EncryptedKeySHA1.static int
ENDPOINT_KEY_IDENTIFIER
ENDPOINT_KEY_IDENTIFIER
is used to specify service endpoint as public key identifier.static QName
FAILED_AUTHENTICATION
The security token could not be authenticated or authorizedstatic QName
FAILED_CHECK
The signature or decryption was invalidstatic QName
INVALID_SECURITY
An error was discovered processing theheader static QName
INVALID_SECURITY_TOKEN
An invalid security token was providedstatic int
ISSUER_SERIAL
Sets theWSSecSignature.build(Crypto)
or theWSSecEncrypt.build(Crypto, SecretKey)
method to send the issuer name and the serial number of a certificate to the receiver.static int
ISSUER_SERIAL_QUOTE_FORMAT
Sets theWSSecSignature.build(Crypto)
or theWSSecEncrypt.build(Crypto, SecretKey)
method to send the issuer name and the serial number of a certificate to the receiver.static int
KEY_VALUE
KEY_VALUE
is used to set a ds:KeyInfo/ds:KeyValue element to refer to either an RSA or DSA public key.static QName
MESSAGE_EXPIRED
The message has expiredstatic int
NO_SECURITY
static int
NO_SERIALIZE
static QName
REFERENCE_LIST
xenc:ReferenceList
as defined by XML Encryption specification,static QName
SAML_TOKEN
saml:Assertion
as defined by SAML v1.1 specificationstatic QName
SAML2_TOKEN
saml:Assertion
as defined by SAML v2.0 specificationstatic int
SC
static int
SCT
static QName
SECURITY_CONTEXT_TOKEN_05_02
wsc:SecurityContextToken
as defined by WS-SecureConversation specificationstatic QName
SECURITY_CONTEXT_TOKEN_05_12
wsc:SecurityContextToken
as defined by WS-SecureConversation specification in WS-SXstatic QName
SECURITY_TOKEN_UNAVAILABLE
Referenced security token could not be retrievedstatic int
SERIALIZE
static int
SIGN
static QName
SIGNATURE
ds:Signature
as defined by XML Signature specification, enhanced by WS Security specificationstatic QName
SIGNATURE_CONFIRMATION
wsse11:signatureConfirmation
as defined by OASIS WS Security specification,static int
SKI_KEY_IDENTIFIER
Sets theorg.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
method to send aSubjectKeyIdentifier
to identify the signing certificate.static int
ST_SIGNED
static int
ST_UNSIGNED
static int
THUMBPRINT_IDENTIFIER
THUMPRINT_IDENTIFIER
is used to set the specific key identifier ThumbprintSHA1.static QName
TIMESTAMP
wsu:Timestamp
as defined by OASIS WS Security specification,static int
TS
static QName
UNSUPPORTED_ALGORITHM
An unsupported signature or encryption algorithm was usedstatic QName
UNSUPPORTED_SECURITY_TOKEN
An unsupported token was providedstatic QName
USERNAME_TOKEN
wsse:UsernameToken
as defined by WS Security specificationstatic int
UT
static int
UT_NOPASSWORD
static int
UT_SIGN
static int
UT_SIGNING
UT_SIGNING
is used internally only to set a specific Signature behavior.static int
X509_KEY_IDENTIFIER
Sets theorg.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
or theorg.apache.wss4j.dom.message.WSSecEncrypt#build(Document, Crypto, WSSecHeader)
method to send the certificate used to encrypt the symmetric key.-
Fields inherited from class org.apache.wss4j.common.WSS4JConstants
AES_128, AES_128_GCM, AES_192, AES_192_GCM, AES_256, AES_256_GCM, ASSERTION_LN, ATTR_ACTOR, ATTR_MUST_UNDERSTAND, ATTR_ROLE, BASE64_ENCODING, BINARY_TOKEN_LN, C14N_EXCL_OMIT_COMMENTS, C14N_EXCL_OMIT_COMMENTS_PREFIX, C14N_EXCL_WITH_COMMENTS, C14N_OMIT_COMMENTS, C14N_WITH_COMMENTS, CREATED_LN, DEFAULT_SOAP_PREFIX, DSA, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, ELEM_BODY, ELEM_ENVELOPE, ELEM_HEADER, ENC_DATA_LN, ENC_KEY_LN, ENC_KEY_SHA1_URI, ENC_KEY_VALUE_TYPE, ENC_NS, ENC_PREFIX, ENC11_NS, ENC11_PREFIX, ENCRYPED_ASSERTION_LN, ENCRYPTED_HEADER, EXPIRES_LN, HMAC_MD5, HMAC_SHA1, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512, ITERATION_LN, KERBEROS_NS11, KEYINFO_LN, KEYTRANSPORT_RSA15, KEYTRANSPORT_RSAOAEP, KEYTRANSPORT_RSAOAEP_XENC11, KEYVALUE_LN, MGF_SHA1, MGF_SHA224, MGF_SHA256, MGF_SHA384, MGF_SHA512, NONCE_LN, NS_XMLDSIG_ENVELOPED_SIGNATURE, NS_XMLDSIG_FILTER2, NULL_NS, OLD_WSSE_NS, PASSWORD_DIGEST, PASSWORD_LN, PASSWORD_TEXT, PASSWORD_TYPE_ATTR, PW_DIGEST, PW_NONE, PW_TEXT, REF_LIST_LN, REF_LN, RSA, RSA_SHA1, RSA_SHA256, RSA_SHA512, SALT_LN, SAML_ASSERTION_ID, SAML_NS, SAML2_ASSERTION_ID, SAML2_NS, SAMLP_NS, SAMLP2_NS, SAMLTOKEN_NS, SAMLTOKEN_NS11, SHA1, SHA256, SHA384, SHA512, SIG_INFO_LN, SIG_LN, SIG_NS, SIG_PREFIX, SIGNATURE_CONFIRMATION_LN, SOAPMESSAGE_NS, SOAPMESSAGE_NS11, SWA_ATTACHMENT_CIPHERTEXT_TRANS, SWA_ATTACHMENT_COMPLETE_SIG_TRANS, SWA_ATTACHMENT_CONTENT_SIG_TRANS, SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_COMPLETE, SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_CONTENT_ONLY, THUMBPRINT, TIMESTAMP_TOKEN_LN, TOKEN_TYPE, TRIPLE_DES, URI_SOAP11_ENV, URI_SOAP11_NEXT_ACTOR, URI_SOAP12_ENV, URI_SOAP12_NEXT_ROLE, URI_SOAP12_NONE_ROLE, URI_SOAP12_ULTIMATE_ROLE, URIS_SOAP_ENV, USERNAME_LN, USERNAME_TOKEN_LN, USERNAMETOKEN_NS, WSC_SCT, WSC_SCT_05_12, WSS_ENC_KEY_VALUE_TYPE, WSS_GSS_KRB_V5_AP_REQ, WSS_GSS_KRB_V5_AP_REQ1510, WSS_GSS_KRB_V5_AP_REQ4120, WSS_KRB_KI_VALUE_TYPE, WSS_KRB_V5_AP_REQ, WSS_KRB_V5_AP_REQ1510, WSS_KRB_V5_AP_REQ4120, WSS_SAML_KI_VALUE_TYPE, WSS_SAML_TOKEN_TYPE, WSS_SAML2_KI_VALUE_TYPE, WSS_SAML2_TOKEN_TYPE, WSS_USERNAME_TOKEN_VALUE_TYPE, WSSE_LN, WSSE_NS, WSSE_PREFIX, WSSE11_NS, WSSE11_PREFIX, WST_NS, WST_NS_05_12, WST_NS_08_02, WSU_NS, WSU_PREFIX, X509_CERT_LN, X509_DATA_LN, X509_ISSUER_NAME_LN, X509_ISSUER_SERIAL_LN, X509_SERIAL_NUMBER_LN, X509TOKEN_NS, XML_NS, XMLNS_NS, XOP_NS
-
-
-
-
Field Detail
-
BINARY_TOKEN
public static final QName BINARY_TOKEN
wsse:BinarySecurityToken
as defined by WS Security specification
-
USERNAME_TOKEN
public static final QName USERNAME_TOKEN
wsse:UsernameToken
as defined by WS Security specification
-
TIMESTAMP
public static final QName TIMESTAMP
wsu:Timestamp
as defined by OASIS WS Security specification,
-
SIGNATURE_CONFIRMATION
public static final QName SIGNATURE_CONFIRMATION
wsse11:signatureConfirmation
as defined by OASIS WS Security specification,
-
SIGNATURE
public static final QName SIGNATURE
ds:Signature
as defined by XML Signature specification, enhanced by WS Security specification
-
ENCRYPTED_KEY
public static final QName ENCRYPTED_KEY
xenc:EncryptedKey
as defined by XML Encryption specification, enhanced by WS Security specification
-
ENCRYPTED_DATA
public static final QName ENCRYPTED_DATA
xenc:EncryptedData
as defined by XML Encryption specification, enhanced by WS Security specification
-
REFERENCE_LIST
public static final QName REFERENCE_LIST
xenc:ReferenceList
as defined by XML Encryption specification,
-
SAML_TOKEN
public static final QName SAML_TOKEN
saml:Assertion
as defined by SAML v1.1 specification
-
SAML2_TOKEN
public static final QName SAML2_TOKEN
saml:Assertion
as defined by SAML v2.0 specification
-
ENCRYPTED_ASSERTION
public static final QName ENCRYPTED_ASSERTION
saml:EncryptedAssertion
as defined by SAML v2.0 specification
-
DERIVED_KEY_TOKEN_05_02
public static final QName DERIVED_KEY_TOKEN_05_02
wsc:DerivedKeyToken
as defined by WS-SecureConversation specification
-
SECURITY_CONTEXT_TOKEN_05_02
public static final QName SECURITY_CONTEXT_TOKEN_05_02
wsc:SecurityContextToken
as defined by WS-SecureConversation specification
-
DERIVED_KEY_TOKEN_05_12
public static final QName DERIVED_KEY_TOKEN_05_12
wsc:DerivedKeyToken
as defined by WS-SecureConversation specification in WS-SX
-
SECURITY_CONTEXT_TOKEN_05_12
public static final QName SECURITY_CONTEXT_TOKEN_05_12
wsc:SecurityContextToken
as defined by WS-SecureConversation specification in WS-SX
-
UNSUPPORTED_SECURITY_TOKEN
public static final QName UNSUPPORTED_SECURITY_TOKEN
An unsupported token was provided
-
UNSUPPORTED_ALGORITHM
public static final QName UNSUPPORTED_ALGORITHM
An unsupported signature or encryption algorithm was used
-
INVALID_SECURITY
public static final QName INVALID_SECURITY
An error was discovered processing theheader
-
INVALID_SECURITY_TOKEN
public static final QName INVALID_SECURITY_TOKEN
An invalid security token was provided
-
FAILED_AUTHENTICATION
public static final QName FAILED_AUTHENTICATION
The security token could not be authenticated or authorized
-
FAILED_CHECK
public static final QName FAILED_CHECK
The signature or decryption was invalid
-
SECURITY_TOKEN_UNAVAILABLE
public static final QName SECURITY_TOKEN_UNAVAILABLE
Referenced security token could not be retrieved
-
MESSAGE_EXPIRED
public static final QName MESSAGE_EXPIRED
The message has expired
-
BST_DIRECT_REFERENCE
public static final int BST_DIRECT_REFERENCE
Sets theorg.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
method to send the signing certificate as aBinarySecurityToken
. The signing method takes the signing certificate, converts it to aBinarySecurityToken
, puts it in the security header, and inserts aReference
to the binary security token into thewsse:SecurityReferenceToken
. Thus the whole signing certificate is transfered to the receiver. The X509 profile recommends to useISSUER_SERIAL
instead of sending the whole certificate. Please refer to WS Security specification X509 1.1 profile, chapter 3.3.2 and to WS Security SOAP Message security 1.1 specification, chapter 7.2 Note: only local references to BinarySecurityToken are supported- See Also:
- Constant Field Values
-
ISSUER_SERIAL
public static final int ISSUER_SERIAL
Sets theWSSecSignature.build(Crypto)
or theWSSecEncrypt.build(Crypto, SecretKey)
method to send the issuer name and the serial number of a certificate to the receiver. In contrast toBST_DIRECT_REFERENCE
only the issuer name and the serial number of the signing certificate are sent to the receiver. This reduces the amount of data being sent. The encryption method uses the public key associated with this certificate to encrypt the symmetric key used to encrypt data. The name format will delimit unicode characters with a '\' which is not compatible with Microsoft's WCF stack. To send issuer name with format that is compatible with WCF and Java useISSUER_SERIAL_QUOTE_FORMAT
Please refer to WS Security specification X509 1.1 profile, chapter 3.3.3- See Also:
- Constant Field Values
-
X509_KEY_IDENTIFIER
public static final int X509_KEY_IDENTIFIER
Sets theorg.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
or theorg.apache.wss4j.dom.message.WSSecEncrypt#build(Document, Crypto, WSSecHeader)
method to send the certificate used to encrypt the symmetric key. The encryption method uses the public key associated with this certificate to encrypt the symmetric key used to encrypt data. The certificate is converted into aKeyIdentifier
token and sent to the receiver. Thus the complete certificate data is transferred to receiver. The X509 profile recommends to useISSUER_SERIAL
instead of sending the whole certificate. Please refer to WS Security SOAP Message security 1.1 specification, chapter 7.3. Note that this is a NON-STANDARD method. The standard way to refer to an X.509 Certificate via a KeyIdentifier is to useSKI_KEY_IDENTIFIER
- See Also:
- Constant Field Values
-
SKI_KEY_IDENTIFIER
public static final int SKI_KEY_IDENTIFIER
Sets theorg.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
method to send aSubjectKeyIdentifier
to identify the signing certificate. Refer to WS Security specification X509 1.1 profile, chapter 3.3.1- See Also:
- Constant Field Values
-
EMBEDDED_KEYNAME
@Deprecated public static final int EMBEDDED_KEYNAME
Deprecated.Embeds a keyinfo/key name into the EncryptedData element.- See Also:
- Constant Field Values
-
EMBED_SECURITY_TOKEN_REF
@Deprecated public static final int EMBED_SECURITY_TOKEN_REF
Deprecated.Embeds a keyinfo/wsse:SecurityTokenReference into EncryptedData element.- See Also:
- Constant Field Values
-
UT_SIGNING
public static final int UT_SIGNING
UT_SIGNING
is used internally only to set a specific Signature behavior. The signing token is constructed from values in the UsernameToken according to WS-Trust specification.- See Also:
- Constant Field Values
-
THUMBPRINT_IDENTIFIER
public static final int THUMBPRINT_IDENTIFIER
THUMPRINT_IDENTIFIER
is used to set the specific key identifier ThumbprintSHA1. This identifier uses the SHA-1 digest of a security token to identify the security token. Please refer to chapter 7.2 of the OASIS WSS 1.1 specification.- See Also:
- Constant Field Values
-
CUSTOM_SYMM_SIGNING
public static final int CUSTOM_SYMM_SIGNING
CUSTOM_SYMM_SIGNING
is used internally only to set a specific Signature behavior. The signing key, reference id and value type are set externally.- See Also:
- Constant Field Values
-
ENCRYPTED_KEY_SHA1_IDENTIFIER
public static final int ENCRYPTED_KEY_SHA1_IDENTIFIER
ENCRYPTED_KEY_SHA1_IDENTIFIER
is used to set the specific key identifier EncryptedKeySHA1. This identifier uses the SHA-1 digest of a security token to identify the security token. Please refer to chapter 7.3 of the OASIS WSS 1.1 specification.- See Also:
- Constant Field Values
-
CUSTOM_SYMM_SIGNING_DIRECT
public static final int CUSTOM_SYMM_SIGNING_DIRECT
CUSTOM_SYMM_SIGNING_DIRECT
is used internally only to set a specific Signature behavior. The signing key, reference id and value type are set externally.- See Also:
- Constant Field Values
-
CUSTOM_KEY_IDENTIFIER
public static final int CUSTOM_KEY_IDENTIFIER
CUSTOM_KEY_IDENTIFIER
is used to set a KeyIdentifier to a particular ID The reference id and value type are set externally.- See Also:
- Constant Field Values
-
KEY_VALUE
public static final int KEY_VALUE
KEY_VALUE
is used to set a ds:KeyInfo/ds:KeyValue element to refer to either an RSA or DSA public key.- See Also:
- Constant Field Values
-
ENDPOINT_KEY_IDENTIFIER
public static final int ENDPOINT_KEY_IDENTIFIER
ENDPOINT_KEY_IDENTIFIER
is used to specify service endpoint as public key identifier. Constant is useful in case of symmetric holder of key, where token service can determine target service public key to encrypt shared secret.- See Also:
- Constant Field Values
-
ISSUER_SERIAL_QUOTE_FORMAT
public static final int ISSUER_SERIAL_QUOTE_FORMAT
Sets theWSSecSignature.build(Crypto)
or theWSSecEncrypt.build(Crypto, SecretKey)
method to send the issuer name and the serial number of a certificate to the receiver. In contrast toBST_DIRECT_REFERENCE
only the issuer name and the serial number of the signing certificate are sent to the receiver. This reduces the amount of data being sent. The encryption method uses the public key associated with this certificate to encrypt the symmetric key used to encrypt data. The issuer name format will use a quote delimited Rfc 2253 format if necessary which is recognized by the Microsoft's WCF stack. It also places a space before each subsequent RDN also required for WCF interoperability. In addition, this format is know to be correctly interpreted by Java. Please refer to WS Security specification X509 1.1 profile, chapter 3.3.3- See Also:
- Constant Field Values
-
NO_SECURITY
public static final int NO_SECURITY
- See Also:
- Constant Field Values
-
UT
public static final int UT
- See Also:
- Constant Field Values
-
SIGN
public static final int SIGN
- See Also:
- Constant Field Values
-
ENCR
public static final int ENCR
- See Also:
- Constant Field Values
-
ST_UNSIGNED
public static final int ST_UNSIGNED
- See Also:
- Constant Field Values
-
ST_SIGNED
public static final int ST_SIGNED
- See Also:
- Constant Field Values
-
TS
public static final int TS
- See Also:
- Constant Field Values
-
UT_SIGN
public static final int UT_SIGN
- See Also:
- Constant Field Values
-
SC
public static final int SC
- See Also:
- Constant Field Values
-
NO_SERIALIZE
public static final int NO_SERIALIZE
- See Also:
- Constant Field Values
-
SERIALIZE
public static final int SERIALIZE
- See Also:
- Constant Field Values
-
SCT
public static final int SCT
- See Also:
- Constant Field Values
-
DKT
public static final int DKT
- See Also:
- Constant Field Values
-
BST
public static final int BST
- See Also:
- Constant Field Values
-
UT_NOPASSWORD
public static final int UT_NOPASSWORD
- See Also:
- Constant Field Values
-
CUSTOM_TOKEN
public static final int CUSTOM_TOKEN
- See Also:
- Constant Field Values
-
DKT_SIGN
public static final int DKT_SIGN
- See Also:
- Constant Field Values
-
DKT_ENCR
public static final int DKT_ENCR
- See Also:
- Constant Field Values
-
-