1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.stax.ext;
20
21 import java.util.ArrayList;
22 import java.util.EnumSet;
23 import java.util.HashMap;
24 import java.util.List;
25 import java.util.Map;
26
27 import javax.xml.namespace.QName;
28
29 import org.apache.wss4j.common.ConfigurationConstants;
30 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
31
32
33
34
35 public class WSSConstants extends XMLSecurityConstants {
36
37 protected WSSConstants() {
38 }
39
40 public static final String TRANSPORT_SECURITY_ACTIVE = "transportSecurityActive";
41
42 public static final String TIMESTAMP_PROCESSED = "TimestampProcessed";
43
44 public static final String PROP_ALLOW_RSA15_KEYTRANSPORT_ALGORITHM = "secureProcessing.AllowRSA15KeyTransportAlgorithm";
45 public static final String PROP_ALLOW_USERNAMETOKEN_NOPASSWORD = "secureProcessing.AllowUsernameTokenNoPassword";
46
47 public static final String NS_WSSE10 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
48 public static final String NS_WSSE11 = "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
49 public static final String NS_WSU10 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
50 public static final String NS_SOAP11 = "http://schemas.xmlsoap.org/soap/envelope/";
51 public static final String NS_SOAP12 = "http://www.w3.org/2003/05/soap-envelope";
52
53 public static final String NS_WST = "http://schemas.xmlsoap.org/ws/2005/02/trust";
54 public static final String NS_WST_05_12 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
55 public static final String NS_WSC_SCT = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
56
57 public static final String NS_SAML = "urn:oasis:names:tc:SAML:1.0:assertion";
58 public static final String NS_SAML2 = "urn:oasis:names:tc:SAML:2.0:assertion";
59
60 public static final String PREFIX_SOAPENV = "soap";
61 public static final String TAG_SOAP_ENVELOPE_LN = "Envelope";
62 public static final String TAG_SOAP_HEADER_LN = "Header";
63 public static final String TAG_SOAP_BODY_LN = "Body";
64
65 public static final QName TAG_SOAP11_ENVELOPE = new QName(NS_SOAP11, TAG_SOAP_ENVELOPE_LN, PREFIX_SOAPENV);
66 public static final QName TAG_SOAP11_HEADER = new QName(NS_SOAP11, TAG_SOAP_HEADER_LN, PREFIX_SOAPENV);
67 public static final QName TAG_SOAP11_BODY = new QName(NS_SOAP11, TAG_SOAP_BODY_LN, PREFIX_SOAPENV);
68 public static final QName ATT_SOAP11_ACTOR = new QName(NS_SOAP11, "actor", PREFIX_SOAPENV);
69 public static final QName ATT_SOAP11_MUST_UNDERSTAND = new QName(NS_SOAP11, "mustUnderstand", PREFIX_SOAPENV);
70
71 public static final QName TAG_SOAP12_ENVELOPE = new QName(NS_SOAP12, TAG_SOAP_ENVELOPE_LN, PREFIX_SOAPENV);
72 public static final QName TAG_SOAP12_HEADER = new QName(NS_SOAP12, TAG_SOAP_HEADER_LN, PREFIX_SOAPENV);
73 public static final QName TAG_SOAP12_BODY = new QName(NS_SOAP12, TAG_SOAP_BODY_LN, PREFIX_SOAPENV);
74 public static final QName ATT_SOAP12_ROLE = new QName(NS_SOAP12, "role", PREFIX_SOAPENV);
75 public static final QName ATT_SOAP12_MUST_UNDERSTAND = new QName(NS_SOAP12, "mustUnderstand", PREFIX_SOAPENV);
76
77 public static final String PREFIX_WSSE = "wsse";
78 public static final String PREFIX_WSSE11 = "wsse11";
79 public static final QName TAG_WSSE_SECURITY = new QName(NS_WSSE10, "Security", PREFIX_WSSE);
80
81 public static final QName TAG_WSSE_SECURITY_TOKEN_REFERENCE = new QName(NS_WSSE10, "SecurityTokenReference", PREFIX_WSSE);
82 public static final QName TAG_WSSE_REFERENCE = new QName(NS_WSSE10, "Reference", PREFIX_WSSE);
83 public static final QName ATT_WSSE_USAGE = new QName(NS_WSSE10, "Usage", PREFIX_WSSE);
84 public static final QName ATT_WSSE11_TOKEN_TYPE = new QName(NS_WSSE11, "TokenType", PREFIX_WSSE11);
85
86 public static final QName TAG_WSSE_KEY_IDENTIFIER = new QName(NS_WSSE10, "KeyIdentifier", PREFIX_WSSE);
87 public static final QName ATT_NULL_ENCODING_TYPE = new QName(null, "EncodingType");
88 public static final QName ATT_NULL_VALUE_TYPE = new QName(null, "ValueType");
89
90 public static final QName TAG_WSSE_BINARY_SECURITY_TOKEN = new QName(NS_WSSE10, "BinarySecurityToken", PREFIX_WSSE);
91 public static final String PREFIX_WSU = "wsu";
92 public static final QName ATT_WSU_ID = new QName(NS_WSU10, "Id", PREFIX_WSU);
93
94 public static final QName TAG_WSSE11_ENCRYPTED_HEADER = new QName(NS_WSSE11, "EncryptedHeader", PREFIX_WSSE11);
95
96 public static final QName TAG_WSSE_TRANSFORMATION_PARAMETERS = new QName(NS_WSSE10, "TransformationParameters", PREFIX_WSSE);
97
98 public static final QName TAG_WSU_TIMESTAMP = new QName(NS_WSU10, "Timestamp", PREFIX_WSU);
99 public static final QName TAG_WSU_CREATED = new QName(NS_WSU10, "Created", PREFIX_WSU);
100 public static final QName TAG_WSU_EXPIRES = new QName(NS_WSU10, "Expires", PREFIX_WSU);
101
102 public static final String NS10_SOAPMESSAGE_SECURITY =
103 "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0";
104 public static final String NS11_SOAPMESSAGE_SECURITY =
105 "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1";
106
107 public static final String NS_X509TOKEN_PROFILE =
108 "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0";
109
110 public static final String NS_X509_V3_TYPE = NS_X509TOKEN_PROFILE + "#X509v3";
111 public static final String NS_X509_PKIPATH_V1 = NS_X509TOKEN_PROFILE + "#X509PKIPathv1";
112 public static final String NS_X509_SKI = NS_X509TOKEN_PROFILE + "#X509SubjectKeyIdentifier";
113 public static final String NS_THUMBPRINT = NS11_SOAPMESSAGE_SECURITY + "#ThumbprintSHA1";
114
115 public static final String NS_ENCRYPTED_KEY_SHA1 = NS11_SOAPMESSAGE_SECURITY + "#EncryptedKeySHA1";
116
117 public static final String SOAPMESSAGE_NS10_BASE64_ENCODING = NS10_SOAPMESSAGE_SECURITY + "#Base64Binary";
118
119 public static final QName TAG_WSSE_USERNAME_TOKEN = new QName(NS_WSSE10, "UsernameToken", PREFIX_WSSE);
120 public static final QName TAG_WSSE_USERNAME = new QName(NS_WSSE10, "Username", PREFIX_WSSE);
121 public static final QName TAG_WSSE_PASSWORD = new QName(NS_WSSE10, "Password", PREFIX_WSSE);
122 public static final QName TAG_WSSE_NONCE = new QName(NS_WSSE10, "Nonce", PREFIX_WSSE);
123 public static final QName TAG_WSSE11_SALT = new QName(NS_WSSE11, "Salt", PREFIX_WSSE11);
124 public static final QName TAG_WSSE11_ITERATION = new QName(NS_WSSE11, "Iteration", PREFIX_WSSE11);
125
126 public static final String NS_USERNAMETOKEN_PROFILE11 =
127 "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0";
128 public static final String NS_PASSWORD_DIGEST = NS_USERNAMETOKEN_PROFILE11 + "#PasswordDigest";
129 public static final String NS_PASSWORD_TEXT = NS_USERNAMETOKEN_PROFILE11 + "#PasswordText";
130 public static final String NS_USERNAMETOKEN_PROFILE_USERNAME_TOKEN = NS_USERNAMETOKEN_PROFILE11 + "#UsernameToken";
131
132 public static final QName TAG_WSSE11_SIG_CONF = new QName(NS_WSSE11, "SignatureConfirmation", PREFIX_WSSE11);
133 public static final QName ATT_NULL_VALUE = new QName(null, "Value");
134
135 public static final String NS_C14N_EXCL = "http://www.w3.org/2001/10/xml-exc-c14n#";
136 public static final String PREFIX_C14N_EXCL = "c14nEx";
137
138 public static final QName TAG_WST_BINARY_SECRET = new QName(NS_WST, "BinarySecret");
139 public static final QName TAG_WST0512_BINARY_SECRET = new QName(NS_WST_05_12, "BinarySecret");
140
141 public static final String SOAPMESSAGE_NS10_STR_TRANSFORM = NS10_SOAPMESSAGE_SECURITY + "#STR-Transform";
142 public static final String SWA_ATTACHMENT_CONTENT_SIG_TRANS =
143 "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform";
144 public static final String SWA_ATTACHMENT_COMPLETE_SIG_TRANS =
145 "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform";
146 public static final String SWA_ATTACHMENT_CIPHERTEXT_TRANS =
147 "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform";
148 public static final String SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_CONTENT_ONLY =
149 "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only";
150 public static final String SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_COMPLETE =
151 "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete";
152
153 public static final QName TAG_SAML_ASSERTION = new QName(NS_SAML, "Assertion");
154 public static final QName TAG_SAML2_ASSERTION = new QName(NS_SAML2, "Assertion");
155 public static final QName TAG_SAML2_ENCRYPTED_ASSERTION = new QName(NS_SAML2, "EncryptedAssertion");
156
157 public static final String NS_SAML10_TOKEN_PROFILE = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0";
158 public static final String NS_SAML11_TOKEN_PROFILE = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1";
159 public static final String NS_SAML10_TYPE = NS_SAML10_TOKEN_PROFILE + "#SAMLAssertionID";
160 public static final String NS_SAML20_TYPE = NS_SAML11_TOKEN_PROFILE + "#SAMLID";
161 public static final String NS_SAML11_TOKEN_PROFILE_TYPE = NS_SAML11_TOKEN_PROFILE + "#SAMLV1.1";
162 public static final String NS_SAML20_TOKEN_PROFILE_TYPE = NS_SAML11_TOKEN_PROFILE + "#SAMLV2.0";
163
164 public static final String NS_KERBEROS11_TOKEN_PROFILE = "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#";
165 public static final String NS_GSS_KERBEROS5_AP_REQ = NS_KERBEROS11_TOKEN_PROFILE + "GSS_Kerberosv5_AP_REQ";
166 public static final String NS_GSS_KERBEROS5_AP_REQ1510 = NS_KERBEROS11_TOKEN_PROFILE + "GSS_Kerberosv5_AP_REQ1510";
167 public static final String NS_GSS_KERBEROS5_AP_REQ4120 = NS_KERBEROS11_TOKEN_PROFILE + "GSS_Kerberosv5_AP_REQ4120";
168 public static final String NS_KERBEROS5_AP_REQ = NS_KERBEROS11_TOKEN_PROFILE + "Kerberosv5_AP_REQ";
169 public static final String NS_KERBEROS5_AP_REQ_SHA1 = NS_KERBEROS11_TOKEN_PROFILE + "Kerberosv5APREQSHA1";
170 public static final String NS_KERBEROS5_AP_REQ1510 = NS_KERBEROS11_TOKEN_PROFILE + "Kerberosv5_AP_REQ1510";
171 public static final String NS_KERBEROS5_AP_REQ4120 = NS_KERBEROS11_TOKEN_PROFILE + "Kerberosv5_AP_REQ4120";
172
173
174 public static final QName ATT_NULL_ASSERTION_ID = new QName(null, "AssertionID");
175 public static final QName ATT_NULL_ID = new QName(null, "ID");
176
177
178 public static final String NS_WSC_05_02 = "http://schemas.xmlsoap.org/ws/2005/02/sc";
179 public static final String NS_WSC_05_12 = "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512";
180 public static final String PREFIX_WSC = "wsc";
181
182 public static final QName TAG_WSC0502_SCT = new QName(NS_WSC_05_02, "SecurityContextToken", PREFIX_WSC);
183 public static final QName TAG_WSC0512_SCT = new QName(NS_WSC_05_12, "SecurityContextToken", PREFIX_WSC);
184 public static final QName TAG_WSC0502_IDENTIFIER = new QName(NS_WSC_05_02, "Identifier", PREFIX_WSC);
185 public static final QName TAG_WSC0512_IDENTIFIER = new QName(NS_WSC_05_12, "Identifier", PREFIX_WSC);
186
187 public static final QName TAG_WSC0502_DKT = new QName(NS_WSC_05_02, "DerivedKeyToken", PREFIX_WSC);
188 public static final QName TAG_WSC0512_DKT = new QName(NS_WSC_05_12, "DerivedKeyToken", PREFIX_WSC);
189 public static final QName TAG_WSC0502_PROPERTIES = new QName(NS_WSC_05_02, "Properties", PREFIX_WSC);
190 public static final QName TAG_WSC0512_PROPERTIES = new QName(NS_WSC_05_12, "Properties", PREFIX_WSC);
191 public static final QName TAG_WSC0502_LENGTH = new QName(NS_WSC_05_02, "Length", PREFIX_WSC);
192 public static final QName TAG_WSC0512_LENGTH = new QName(NS_WSC_05_12, "Length", PREFIX_WSC);
193 public static final QName TAG_WSC0502_GENERATION = new QName(NS_WSC_05_02, "Generation", PREFIX_WSC);
194 public static final QName TAG_WSC0512_GENERATION = new QName(NS_WSC_05_12, "Generation", PREFIX_WSC);
195 public static final QName TAG_WSC0502_OFFSET = new QName(NS_WSC_05_02, "Offset", PREFIX_WSC);
196 public static final QName TAG_WSC0512_OFFSET = new QName(NS_WSC_05_12, "Offset", PREFIX_WSC);
197 public static final QName TAG_WSC0502_LABEL = new QName(NS_WSC_05_02, "Label", PREFIX_WSC);
198 public static final QName TAG_WSC0512_LABEL = new QName(NS_WSC_05_12, "Label", PREFIX_WSC);
199 public static final QName TAG_WSC0502_NONCE = new QName(NS_WSC_05_02, "Nonce", PREFIX_WSC);
200 public static final QName TAG_WSC0512_NONCE = new QName(NS_WSC_05_12, "Nonce", PREFIX_WSC);
201
202 public static final String P_SHA_1 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
203 public static final String P_SHA_1_2005_12 = "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1";
204 public static final String WS_SEC_CONV_DEFAULT_LABEL = "WS-SecureConversation";
205
206 public static final String NS_WSS_ENC_KEY_VALUE_TYPE = NS11_SOAPMESSAGE_SECURITY + "#EncryptedKey";
207
208 public static final String PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS = "PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS";
209 public static final String PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY = "PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY";
210 public static final String PROP_USE_THIS_TOKEN_ID_FOR_SECURITYCONTEXTTOKEN = "PROP_USE_THIS_TOKEN_ID_FOR_SECURITYCONTEXTTOKEN";
211 public static final String PROP_USE_THIS_TOKEN_ID_FOR_CUSTOM_TOKEN = "PROP_USE_THIS_TOKEN_ID_FOR_CUSTOM_TOKEN";
212
213 public static final String PROP_TIMESTAMP_SECURITYEVENT = "PROP_TIMESTAMP";
214
215 public static final String PROP_ENCRYPTED_DATA_REFS = "PROP_ENCRYPTED_DATA_REFS";
216
217 public static final Action TIMESTAMP = new Action(ConfigurationConstants.TIMESTAMP);
218 public static final Action USERNAMETOKEN = new Action(ConfigurationConstants.USERNAME_TOKEN);
219 public static final Action USERNAMETOKEN_SIGNED = new Action(ConfigurationConstants.USERNAME_TOKEN_SIGNATURE);
220 public static final Action SIGNATURE_CONFIRMATION = new Action("SignatureConfirmation");
221 public static final Action SIGNATURE_WITH_DERIVED_KEY = new Action("SignatureWithDerivedKey");
222 public static final Action ENCRYPTION_WITH_DERIVED_KEY = new Action("EncryptionWithDerivedKey");
223 @Deprecated
224 public static final Action ENCRYPT_WITH_DERIVED_KEY = ENCRYPTION_WITH_DERIVED_KEY;
225 public static final Action SAML_TOKEN_SIGNED = new Action(ConfigurationConstants.SAML_TOKEN_SIGNED);
226 public static final Action SAML_TOKEN_UNSIGNED = new Action(ConfigurationConstants.SAML_TOKEN_UNSIGNED);
227 public static final Action SIGNATURE_WITH_KERBEROS_TOKEN = new Action("SignatureWithKerberosToken");
228 public static final Action ENCRYPTION_WITH_KERBEROS_TOKEN = new Action("EncryptionWithKerberosToken");
229 @Deprecated
230 public static final Action ENCRYPT_WITH_KERBEROS_TOKEN = ENCRYPTION_WITH_KERBEROS_TOKEN;
231 public static final Action KERBEROS_TOKEN = new Action("KerberosToken");
232 public static final Action CUSTOM_TOKEN = new Action("CustomToken");
233
234 public static final AlgorithmUsage COMP_KEY = new AlgorithmUsage("Comp_Key");
235 public static final AlgorithmUsage ENC_KD = new AlgorithmUsage("ENC_KD");
236 public static final AlgorithmUsage SIG_KD = new AlgorithmUsage("SIG_KD");
237 public static final AlgorithmUsage SOAP_NORM = new AlgorithmUsage("Soap_Norm");
238 public static final AlgorithmUsage STR_TRANS = new AlgorithmUsage("STR_Trans");
239 public static final AlgorithmUsage XPATH = new AlgorithmUsage("XPath");
240
241 public enum DerivedKeyTokenReference {
242 DirectReference,
243 EncryptedKey,
244 SecurityContextToken,
245 }
246
247 public enum UsernameTokenPasswordType {
248 PASSWORD_NONE(null),
249 PASSWORD_TEXT(NS_PASSWORD_TEXT),
250 PASSWORD_DIGEST(NS_PASSWORD_DIGEST);
251
252 private final String namespace;
253 private static final Map<String, UsernameTokenPasswordType> LOOKUP = new HashMap<>();
254
255 static {
256 for (UsernameTokenPasswordType u : EnumSet.allOf(UsernameTokenPasswordType.class)) {
257 LOOKUP.put(u.getNamespace(), u);
258 }
259 }
260
261 UsernameTokenPasswordType(String namespace) {
262 this.namespace = namespace;
263 }
264
265 public String getNamespace() {
266 return namespace;
267 }
268
269 public static UsernameTokenPasswordType getUsernameTokenPasswordType(String namespace) {
270 return LOOKUP.get(namespace);
271 }
272 }
273
274 public static final List<QName> SOAP_11_BODY_PATH = new ArrayList<>(2);
275 public static final List<QName> SOAP_12_BODY_PATH = new ArrayList<>(2);
276 public static final List<QName> SOAP_11_HEADER_PATH = new ArrayList<>(2);
277 public static final List<QName> SOAP_12_HEADER_PATH = new ArrayList<>(2);
278 public static final List<QName> SOAP_11_WSSE_SECURITY_HEADER_PATH = new ArrayList<>(3);
279 public static final List<QName> SOAP_12_WSSE_SECURITY_HEADER_PATH = new ArrayList<>(3);
280
281 static {
282 SOAP_11_BODY_PATH.add(WSSConstants.TAG_SOAP11_ENVELOPE);
283 SOAP_11_BODY_PATH.add(WSSConstants.TAG_SOAP11_BODY);
284
285 SOAP_12_BODY_PATH.add(WSSConstants.TAG_SOAP12_ENVELOPE);
286 SOAP_12_BODY_PATH.add(WSSConstants.TAG_SOAP12_BODY);
287
288 SOAP_11_HEADER_PATH.add(WSSConstants.TAG_SOAP11_ENVELOPE);
289 SOAP_11_HEADER_PATH.add(WSSConstants.TAG_SOAP11_HEADER);
290
291 SOAP_12_HEADER_PATH.add(WSSConstants.TAG_SOAP12_ENVELOPE);
292 SOAP_12_HEADER_PATH.add(WSSConstants.TAG_SOAP12_HEADER);
293
294 SOAP_11_WSSE_SECURITY_HEADER_PATH.addAll(SOAP_11_HEADER_PATH);
295 SOAP_11_WSSE_SECURITY_HEADER_PATH.add(WSSConstants.TAG_WSSE_SECURITY);
296
297 SOAP_12_WSSE_SECURITY_HEADER_PATH.addAll(SOAP_12_HEADER_PATH);
298 SOAP_12_WSSE_SECURITY_HEADER_PATH.add(WSSConstants.TAG_WSSE_SECURITY);
299
300 }
301 }