Package org.apache.wss4j.dom

Class WSConstants

  • public final class WSConstants
extends WSS4JConstants
    Constants in WS-Security spec.

    • Field Detail

      • BINARY_TOKEN

        public static final QName BINARY_TOKEN
        wsse:BinarySecurityToken as defined by WS Security specification

      • USERNAME_TOKEN

        public static final QName USERNAME_TOKEN
        wsse:UsernameToken as defined by WS Security specification

      • TIMESTAMP

        public static final QName TIMESTAMP
        wsu:Timestamp as defined by OASIS WS Security specification,

      • SIGNATURE_CONFIRMATION

        public static final QName SIGNATURE_CONFIRMATION
        wsse11:signatureConfirmation as defined by OASIS WS Security specification,

      • SIGNATURE

        public static final QName SIGNATURE
        ds:Signature as defined by XML Signature specification, enhanced by WS Security specification

      • ENCRYPTED_KEY

        public static final QName ENCRYPTED_KEY
        xenc:EncryptedKey as defined by XML Encryption specification, enhanced by WS Security specification

      • ENCRYPTED_DATA

        public static final QName ENCRYPTED_DATA
        xenc:EncryptedData as defined by XML Encryption specification, enhanced by WS Security specification

      • REFERENCE_LIST

        public static final QName REFERENCE_LIST
        xenc:ReferenceList as defined by XML Encryption specification,

      • SAML_TOKEN

        public static final QName SAML_TOKEN
        saml:Assertion as defined by SAML v1.1 specification

      • SAML2_TOKEN

        public static final QName SAML2_TOKEN
        saml:Assertion as defined by SAML v2.0 specification

      • ENCRYPTED_ASSERTION

        public static final QName ENCRYPTED_ASSERTION
        saml:EncryptedAssertion as defined by SAML v2.0 specification

      • DERIVED_KEY_TOKEN_05_02

        public static final QName DERIVED_KEY_TOKEN_05_02
        wsc:DerivedKeyToken as defined by WS-SecureConversation specification

      • SECURITY_CONTEXT_TOKEN_05_02

        public static final QName SECURITY_CONTEXT_TOKEN_05_02
        wsc:SecurityContextToken as defined by WS-SecureConversation specification

      • DERIVED_KEY_TOKEN_05_12

        public static final QName DERIVED_KEY_TOKEN_05_12
        wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX

      • SECURITY_CONTEXT_TOKEN_05_12

        public static final QName SECURITY_CONTEXT_TOKEN_05_12
        wsc:SecurityContextToken as defined by WS-SecureConversation specification in WS-SX

      • UNSUPPORTED_SECURITY_TOKEN

        public static final QName UNSUPPORTED_SECURITY_TOKEN
        An unsupported token was provided

      • UNSUPPORTED_ALGORITHM

        public static final QName UNSUPPORTED_ALGORITHM
        An unsupported signature or encryption algorithm was used

      • INVALID_SECURITY

        public static final QName INVALID_SECURITY
        An error was discovered processing the header

      • INVALID_SECURITY_TOKEN

        public static final QName INVALID_SECURITY_TOKEN
        An invalid security token was provided

      • FAILED_AUTHENTICATION

        public static final QName FAILED_AUTHENTICATION
        The security token could not be authenticated or authorized

      • FAILED_CHECK

        public static final QName FAILED_CHECK
        The signature or decryption was invalid

      • SECURITY_TOKEN_UNAVAILABLE

        public static final QName SECURITY_TOKEN_UNAVAILABLE
        Referenced security token could not be retrieved

      • MESSAGE_EXPIRED

        public static final QName MESSAGE_EXPIRED
        The message has expired

      • BST_DIRECT_REFERENCE

        public static final int BST_DIRECT_REFERENCE
        Sets the org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader) method to send the signing certificate as a BinarySecurityToken.

        The signing method takes the signing certificate, converts it to a BinarySecurityToken, puts it in the security header, and inserts a Reference to the binary security token into the wsse:SecurityReferenceToken. Thus the whole signing certificate is transfered to the receiver. The X509 profile recommends to use ISSUER_SERIAL instead of sending the whole certificate.

        Please refer to WS Security specification X509 1.1 profile, chapter 3.3.2 and to WS Security SOAP Message security 1.1 specification, chapter 7.2

        Note: only local references to BinarySecurityToken are supported

        See Also:
        Constant Field Values

      • ISSUER_SERIAL

        public static final int ISSUER_SERIAL
        Sets the WSSecSignature.build(Crypto) or the WSSecEncrypt.build(Crypto, SecretKey) method to send the issuer name and the serial number of a certificate to the receiver.

        In contrast to BST_DIRECT_REFERENCE only the issuer name and the serial number of the signing certificate are sent to the receiver. This reduces the amount of data being sent. The encryption method uses the public key associated with this certificate to encrypt the symmetric key used to encrypt data. The name format will delimit unicode characters with a '\' which is not compatible with Microsoft's WCF stack. To send issuer name with format that is compatible with WCF and Java use ISSUER_SERIAL_QUOTE_FORMAT

        Please refer to WS Security specification X509 1.1 profile, chapter 3.3.3

        See Also:
        Constant Field Values

      • X509_KEY_IDENTIFIER

        public static final int X509_KEY_IDENTIFIER
        Sets the org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader) or the org.apache.wss4j.dom.message.WSSecEncrypt#build(Document, Crypto, WSSecHeader)method to send the certificate used to encrypt the symmetric key.

        The encryption method uses the public key associated with this certificate to encrypt the symmetric key used to encrypt data. The certificate is converted into a KeyIdentifier token and sent to the receiver. Thus the complete certificate data is transferred to receiver. The X509 profile recommends to use ISSUER_SERIAL instead of sending the whole certificate.

        Please refer to WS Security SOAP Message security 1.1 specification, chapter 7.3. Note that this is a NON-STANDARD method. The standard way to refer to an X.509 Certificate via a KeyIdentifier is to use SKI_KEY_IDENTIFIER

        See Also:
        Constant Field Values

      • SKI_KEY_IDENTIFIER

        public static final int SKI_KEY_IDENTIFIER
        Sets the org.apache.wss4j.dom.message.WSSecSignature#build(Document, Crypto, WSSecHeader) method to send a SubjectKeyIdentifier to identify the signing certificate.

        Refer to WS Security specification X509 1.1 profile, chapter 3.3.1

        See Also:
        Constant Field Values

      • EMBEDDED_KEYNAME

        @Deprecated
public static final int EMBEDDED_KEYNAME
        Deprecated.
        Embeds a keyinfo/key name into the EncryptedData element.

        See Also:
        Constant Field Values

      • EMBED_SECURITY_TOKEN_REF

        @Deprecated
public static final int EMBED_SECURITY_TOKEN_REF
        Deprecated.
        Embeds a keyinfo/wsse:SecurityTokenReference into EncryptedData element.
        See Also:
        Constant Field Values

      • UT_SIGNING

        public static final int UT_SIGNING
        UT_SIGNING is used internally only to set a specific Signature behavior. The signing token is constructed from values in the UsernameToken according to WS-Trust specification.
        See Also:
        Constant Field Values

      • THUMBPRINT_IDENTIFIER

        public static final int THUMBPRINT_IDENTIFIER
        THUMPRINT_IDENTIFIER is used to set the specific key identifier ThumbprintSHA1. This identifier uses the SHA-1 digest of a security token to identify the security token. Please refer to chapter 7.2 of the OASIS WSS 1.1 specification.
        See Also:
        Constant Field Values

      • CUSTOM_SYMM_SIGNING

        public static final int CUSTOM_SYMM_SIGNING
        CUSTOM_SYMM_SIGNING is used internally only to set a specific Signature behavior. The signing key, reference id and value type are set externally.
        See Also:
        Constant Field Values

      • ENCRYPTED_KEY_SHA1_IDENTIFIER

        public static final int ENCRYPTED_KEY_SHA1_IDENTIFIER
        ENCRYPTED_KEY_SHA1_IDENTIFIER is used to set the specific key identifier EncryptedKeySHA1. This identifier uses the SHA-1 digest of a security token to identify the security token. Please refer to chapter 7.3 of the OASIS WSS 1.1 specification.
        See Also:
        Constant Field Values

      • CUSTOM_SYMM_SIGNING_DIRECT

        public static final int CUSTOM_SYMM_SIGNING_DIRECT
        CUSTOM_SYMM_SIGNING_DIRECT is used internally only to set a specific Signature behavior. The signing key, reference id and value type are set externally.
        See Also:
        Constant Field Values

      • CUSTOM_KEY_IDENTIFIER

        public static final int CUSTOM_KEY_IDENTIFIER
        CUSTOM_KEY_IDENTIFIER is used to set a KeyIdentifier to a particular ID The reference id and value type are set externally.
        See Also:
        Constant Field Values

      • KEY_VALUE

        public static final int KEY_VALUE
        KEY_VALUE is used to set a ds:KeyInfo/ds:KeyValue element to refer to either an RSA or DSA public key.
        See Also:
        Constant Field Values

      • ENDPOINT_KEY_IDENTIFIER

        public static final int ENDPOINT_KEY_IDENTIFIER
        ENDPOINT_KEY_IDENTIFIER is used to specify service endpoint as public key identifier. Constant is useful in case of symmetric holder of key, where token service can determine target service public key to encrypt shared secret.
        See Also:
        Constant Field Values

      • ISSUER_SERIAL_QUOTE_FORMAT

        public static final int ISSUER_SERIAL_QUOTE_FORMAT
        Sets the WSSecSignature.build(Crypto) or the WSSecEncrypt.build(Crypto, SecretKey) method to send the issuer name and the serial number of a certificate to the receiver.

        In contrast to BST_DIRECT_REFERENCE only the issuer name and the serial number of the signing certificate are sent to the receiver. This reduces the amount of data being sent. The encryption method uses the public key associated with this certificate to encrypt the symmetric key used to encrypt data. The issuer name format will use a quote delimited Rfc 2253 format if necessary which is recognized by the Microsoft's WCF stack. It also places a space before each subsequent RDN also required for WCF interoperability. In addition, this format is know to be correctly interpreted by Java.

        Please refer to WS Security specification X509 1.1 profile, chapter 3.3.3

        See Also:
        Constant Field Values