1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.stax.ext;
20
21 import java.net.URL;
22 import java.security.KeyStore;
23 import java.security.cert.CertStore;
24 import java.security.cert.CertificateFactory;
25 import java.security.cert.CollectionCertStoreParameters;
26 import java.security.cert.X509CRL;
27 import java.util.ArrayList;
28 import java.util.Collection;
29 import java.util.Collections;
30 import java.util.HashMap;
31 import java.util.LinkedList;
32 import java.util.List;
33 import java.util.Map;
34 import java.util.Properties;
35 import java.util.regex.Pattern;
36
37 import javax.security.auth.callback.CallbackHandler;
38 import javax.xml.namespace.QName;
39
40 import org.apache.wss4j.common.bsp.BSPRule;
41 import org.apache.wss4j.common.cache.ReplayCache;
42 import org.apache.wss4j.common.crypto.Crypto;
43 import org.apache.wss4j.common.crypto.Merlin;
44 import org.apache.wss4j.common.crypto.PasswordEncryptor;
45 import org.apache.wss4j.common.ext.WSSecurityException;
46 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
47 import org.apache.wss4j.stax.validate.Validator;
48 import org.apache.xml.security.stax.ext.XMLSecurityProperties;
49
50
51
52
53
54
55 public class WSSSecurityProperties extends XMLSecurityProperties {
56
57 private boolean mustUnderstand = true;
58 private String actor;
59 private CallbackHandler callbackHandler;
60 private CallbackHandler samlCallbackHandler;
61 private final List<BSPRule> ignoredBSPRules = new LinkedList<>();
62 private boolean disableBSPEnforcement;
63 private final Map<QName, Validator> validators = new HashMap<>();
64
65 private Integer timestampTTL = 300;
66 private Integer timeStampFutureTTL = 60;
67 private boolean strictTimestampCheck = true;
68 private Integer utTTL = 300;
69 private Integer utFutureTTL = 60;
70 private Integer derivedKeyIterations = 1000;
71 private boolean addUsernameTokenNonce;
72 private boolean addUsernameTokenCreated;
73 private boolean encryptSymmetricEncrytionKey = true;
74 private boolean use200512Namespace = true;
75
76
77
78
79
80
81
82
83 private boolean handleCustomPasswordTypes = false;
84 private boolean allowUsernameTokenNoPassword = false;
85 private boolean allowRSA15KeyTransportAlgorithm = false;
86 private boolean useDerivedKeyForMAC = true;
87 private WSSConstants.UsernameTokenPasswordType usernameTokenPasswordType;
88 private String tokenUser;
89
90 private WSSecurityTokenConstants.KeyIdentifier derivedKeyKeyIdentifier;
91 private WSSConstants.DerivedKeyTokenReference derivedKeyTokenReference;
92 private int derivedSignatureKeyLength;
93 private int derivedEncryptionKeyLength;
94
95 private WSSCrypto signatureWSSCrypto;
96 private String signatureUser;
97 private boolean enableSignatureConfirmationVerification = false;
98 private boolean includeSignatureToken;
99 private boolean includeEncryptionToken;
100 private WSSCrypto signatureVerificationWSSCrypto;
101 private CertStore crlCertStore;
102 private WSSCrypto decryptionWSSCrypto;
103 private WSSCrypto encryptionWSSCrypto;
104 private String encryptionUser;
105 private boolean useReqSigCertForEncryption = false;
106 private String encryptionCompressionAlgorithm;
107 private boolean enableRevocation = false;
108 private ReplayCache timestampReplayCache;
109 private ReplayCache nonceReplayCache;
110 private ReplayCache samlOneTimeUseReplayCache;
111 private boolean validateSamlSubjectConfirmation = true;
112 private Collection<Pattern> subjectDNPatterns = new ArrayList<>();
113 private Collection<Pattern> issuerDNPatterns = new ArrayList<>();
114 private List<String> audienceRestrictions = new ArrayList<>();
115 private boolean requireTimestampExpires;
116
117 private CallbackHandler attachmentCallbackHandler;
118 private Object msgContext;
119 private boolean soap12;
120 private DocumentCreator documentCreator;
121
122 public WSSSecurityProperties() {
123 super();
124 setAddExcC14NInclusivePrefixes(true);
125 }
126
127 public WSSSecurityProperties(WSSSecurityProperties wssSecurityProperties) {
128 super(wssSecurityProperties);
129
130 this.mustUnderstand = wssSecurityProperties.mustUnderstand;
131 this.actor = wssSecurityProperties.actor;
132 this.callbackHandler = wssSecurityProperties.callbackHandler;
133 this.samlCallbackHandler = wssSecurityProperties.samlCallbackHandler;
134 this.ignoredBSPRules.addAll(wssSecurityProperties.ignoredBSPRules);
135 this.disableBSPEnforcement = wssSecurityProperties.disableBSPEnforcement;
136 this.validators.putAll(wssSecurityProperties.validators);
137 this.timestampTTL = wssSecurityProperties.timestampTTL;
138 this.timeStampFutureTTL = wssSecurityProperties.timeStampFutureTTL;
139 this.utTTL = wssSecurityProperties.utTTL;
140 this.utFutureTTL = wssSecurityProperties.utFutureTTL;
141 this.strictTimestampCheck = wssSecurityProperties.strictTimestampCheck;
142 this.handleCustomPasswordTypes = wssSecurityProperties.handleCustomPasswordTypes;
143 this.usernameTokenPasswordType = wssSecurityProperties.usernameTokenPasswordType;
144 this.allowUsernameTokenNoPassword = wssSecurityProperties.allowUsernameTokenNoPassword;
145 this.tokenUser = wssSecurityProperties.tokenUser;
146 this.use200512Namespace = wssSecurityProperties.use200512Namespace;
147 this.derivedKeyKeyIdentifier = wssSecurityProperties.derivedKeyKeyIdentifier;
148 this.derivedKeyTokenReference = wssSecurityProperties.derivedKeyTokenReference;
149 this.derivedSignatureKeyLength = wssSecurityProperties.derivedSignatureKeyLength;
150 this.derivedEncryptionKeyLength = wssSecurityProperties.derivedEncryptionKeyLength;
151 this.signatureWSSCrypto = wssSecurityProperties.signatureWSSCrypto;
152 this.signatureUser = wssSecurityProperties.signatureUser;
153 this.enableSignatureConfirmationVerification = wssSecurityProperties.enableSignatureConfirmationVerification;
154 this.includeSignatureToken = wssSecurityProperties.includeSignatureToken;
155 this.includeEncryptionToken = wssSecurityProperties.includeEncryptionToken;
156 this.signatureVerificationWSSCrypto = wssSecurityProperties.signatureVerificationWSSCrypto;
157 this.crlCertStore = wssSecurityProperties.crlCertStore;
158 this.decryptionWSSCrypto = wssSecurityProperties.decryptionWSSCrypto;
159 this.encryptionWSSCrypto = wssSecurityProperties.encryptionWSSCrypto;
160 this.encryptionUser = wssSecurityProperties.encryptionUser;
161 this.useReqSigCertForEncryption = wssSecurityProperties.useReqSigCertForEncryption;
162 this.encryptionCompressionAlgorithm = wssSecurityProperties.encryptionCompressionAlgorithm;
163 this.enableRevocation = wssSecurityProperties.enableRevocation;
164 this.timestampReplayCache = wssSecurityProperties.timestampReplayCache;
165 this.nonceReplayCache = wssSecurityProperties.nonceReplayCache;
166 this.samlOneTimeUseReplayCache = wssSecurityProperties.samlOneTimeUseReplayCache;
167 this.allowRSA15KeyTransportAlgorithm = wssSecurityProperties.allowRSA15KeyTransportAlgorithm;
168 this.derivedKeyIterations = wssSecurityProperties.derivedKeyIterations;
169 this.useDerivedKeyForMAC = wssSecurityProperties.useDerivedKeyForMAC;
170 this.addUsernameTokenNonce = wssSecurityProperties.addUsernameTokenNonce;
171 this.addUsernameTokenCreated = wssSecurityProperties.addUsernameTokenCreated;
172 this.validateSamlSubjectConfirmation = wssSecurityProperties.validateSamlSubjectConfirmation;
173 this.encryptSymmetricEncrytionKey = wssSecurityProperties.encryptSymmetricEncrytionKey;
174 this.subjectDNPatterns = wssSecurityProperties.subjectDNPatterns;
175 this.issuerDNPatterns = wssSecurityProperties.issuerDNPatterns;
176 this.attachmentCallbackHandler = wssSecurityProperties.attachmentCallbackHandler;
177 this.msgContext = wssSecurityProperties.msgContext;
178 this.audienceRestrictions = wssSecurityProperties.audienceRestrictions;
179 this.requireTimestampExpires = wssSecurityProperties.requireTimestampExpires;
180 this.soap12 = wssSecurityProperties.soap12;
181 this.documentCreator = wssSecurityProperties.documentCreator;
182 }
183
184
185
186
187
188
189 public CallbackHandler getCallbackHandler() {
190 return callbackHandler;
191 }
192
193
194
195
196
197
198
199 public void setCallbackHandler(CallbackHandler callbackHandler) {
200 this.callbackHandler = callbackHandler;
201 }
202
203 public Integer getTimestampTTL() {
204 return timestampTTL;
205 }
206
207 public void setTimestampTTL(Integer timestampTTL) {
208 this.timestampTTL = timestampTTL;
209 }
210
211 public boolean isStrictTimestampCheck() {
212 return strictTimestampCheck;
213 }
214
215
216 public void setStrictTimestampCheck(boolean strictTimestampCheck) {
217 this.strictTimestampCheck = strictTimestampCheck;
218 }
219
220
221
222
223
224 public void setHandleCustomPasswordTypes(boolean handleCustomTypes) {
225 this.handleCustomPasswordTypes = handleCustomTypes;
226 }
227
228
229
230
231 public boolean getHandleCustomPasswordTypes() {
232 return handleCustomPasswordTypes;
233 }
234
235 public String getTokenUser() {
236 return tokenUser;
237 }
238
239 public void setTokenUser(String tokenUser) {
240 this.tokenUser = tokenUser;
241 }
242
243 public WSSConstants.UsernameTokenPasswordType getUsernameTokenPasswordType() {
244 return usernameTokenPasswordType;
245 }
246
247 public void setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType usernameTokenPasswordType) {
248 this.usernameTokenPasswordType = usernameTokenPasswordType;
249 }
250
251 public boolean isEnableSignatureConfirmationVerification() {
252 return enableSignatureConfirmationVerification;
253 }
254
255 public void setEnableSignatureConfirmationVerification(boolean enableSignatureConfirmationVerification) {
256 this.enableSignatureConfirmationVerification = enableSignatureConfirmationVerification;
257 }
258
259 public boolean isUseReqSigCertForEncryption() {
260 return useReqSigCertForEncryption;
261 }
262
263 public void setUseReqSigCertForEncryption(boolean useReqSigCertForEncryption) {
264 this.useReqSigCertForEncryption = useReqSigCertForEncryption;
265 }
266
267 public String getActor() {
268 return actor;
269 }
270
271
272 public void setActor(String actor) {
273 this.actor = actor;
274 }
275
276 public WSSecurityTokenConstants.KeyIdentifier getDerivedKeyKeyIdentifier() {
277 return derivedKeyKeyIdentifier;
278 }
279
280 public void setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier derivedKeyKeyIdentifier) {
281 this.derivedKeyKeyIdentifier = derivedKeyKeyIdentifier;
282 }
283
284 public WSSConstants.DerivedKeyTokenReference getDerivedKeyTokenReference() {
285 return derivedKeyTokenReference;
286 }
287
288 public void setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference derivedKeyTokenReference) {
289 this.derivedKeyTokenReference = derivedKeyTokenReference;
290 }
291
292 public void addIgnoreBSPRule(BSPRule bspRule) {
293 ignoredBSPRules.add(bspRule);
294 }
295
296 public List<BSPRule> getIgnoredBSPRules() {
297 return Collections.unmodifiableList(ignoredBSPRules);
298 }
299
300 public void addValidator(QName qName, Validator validator) {
301 validators.put(qName, validator);
302 }
303
304 @SuppressWarnings("unchecked")
305 public <T extends Validator> T getValidator(QName qName) {
306 return (T)validators.get(qName);
307 }
308
309 public void setSignatureUser(String signatureUser) {
310 this.signatureUser = signatureUser;
311 }
312
313 public String getSignatureUser() {
314 return signatureUser;
315 }
316
317 public KeyStore getSignatureKeyStore() {
318 if (signatureWSSCrypto != null) {
319 return signatureWSSCrypto.getKeyStore();
320 }
321 return null;
322 }
323
324 public void loadSignatureKeyStore(URL url, char[] keyStorePassword) throws Exception {
325 KeyStore keyStore = KeyStore.getInstance("jks");
326 keyStore.load(url.openStream(), keyStorePassword);
327 if (signatureWSSCrypto == null) {
328 signatureWSSCrypto = new WSSCrypto();
329 }
330 signatureWSSCrypto.setKeyStore(keyStore);
331 }
332
333 public Properties getSignatureCryptoProperties() {
334 if (signatureWSSCrypto != null) {
335 return signatureWSSCrypto.getCryptoProperties();
336 }
337 return null;
338 }
339
340 public void setSignatureCryptoProperties(Properties cryptoProperties) {
341 this.setSignatureCryptoProperties(cryptoProperties, null);
342 }
343
344 public void setSignatureCryptoProperties(Properties cryptoProperties,
345 PasswordEncryptor passwordEncryptor) {
346 if (signatureWSSCrypto == null) {
347 signatureWSSCrypto = new WSSCrypto();
348 }
349 signatureWSSCrypto.setCryptoProperties(cryptoProperties);
350 signatureWSSCrypto.setPasswordEncryptor(passwordEncryptor);
351 }
352
353 public Class<? extends Merlin> getSignatureCryptoClass() {
354 if (signatureWSSCrypto != null) {
355 return signatureWSSCrypto.getCryptoClass();
356 }
357 return Merlin.class;
358 }
359
360 public void setSignatureCryptoClass(Class<? extends Merlin> signatureCryptoClass) {
361 if (signatureWSSCrypto == null) {
362 signatureWSSCrypto = new WSSCrypto();
363 }
364 this.signatureWSSCrypto.setCryptoClass(signatureCryptoClass);
365 }
366
367 public Crypto getSignatureCrypto() throws WSSConfigurationException {
368 if (signatureWSSCrypto == null) {
369 return null;
370 }
371
372 return signatureWSSCrypto.getCrypto();
373 }
374
375 public void setSignatureCrypto(Crypto sigCrypto) {
376 if (signatureWSSCrypto == null) {
377 signatureWSSCrypto = new WSSCrypto();
378 }
379 signatureWSSCrypto.setCrypto(sigCrypto);
380 }
381
382 public KeyStore getSignatureVerificationKeyStore() {
383 if (signatureVerificationWSSCrypto != null) {
384 return signatureVerificationWSSCrypto.getKeyStore();
385 }
386 return null;
387 }
388
389 public void loadSignatureVerificationKeystore(URL url, char[] keyStorePassword) throws Exception {
390 KeyStore keyStore = KeyStore.getInstance("jks");
391 keyStore.load(url.openStream(), keyStorePassword);
392 if (signatureVerificationWSSCrypto == null) {
393 signatureVerificationWSSCrypto = new WSSCrypto();
394 }
395 signatureVerificationWSSCrypto.setKeyStore(keyStore);
396 }
397
398 public void loadCRLCertStore(URL url) throws Exception {
399 CertificateFactory cf = CertificateFactory.getInstance("X.509");
400 X509CRL crl = (X509CRL)cf.generateCRL(url.openStream());
401 this.crlCertStore =
402 CertStore.getInstance(
403 "Collection",
404 new CollectionCertStoreParameters(Collections.singletonList(crl))
405 );
406 }
407
408 public Properties getSignatureVerificationCryptoProperties() {
409 if (signatureVerificationWSSCrypto != null) {
410 return signatureVerificationWSSCrypto.getCryptoProperties();
411 }
412 return null;
413 }
414
415 public void setSignatureVerificationCryptoProperties(Properties cryptoProperties) {
416 this.setSignatureVerificationCryptoProperties(cryptoProperties, null);
417 }
418
419 public void setSignatureVerificationCryptoProperties(Properties cryptoProperties,
420 PasswordEncryptor passwordEncryptor) {
421 if (signatureVerificationWSSCrypto == null) {
422 signatureVerificationWSSCrypto = new WSSCrypto();
423 }
424 signatureVerificationWSSCrypto.setCryptoProperties(cryptoProperties);
425 signatureVerificationWSSCrypto.setPasswordEncryptor(passwordEncryptor);
426 }
427
428 public Class<? extends Merlin> getSignatureVerificationCryptoClass() {
429 if (signatureVerificationWSSCrypto != null) {
430 return signatureVerificationWSSCrypto.getCryptoClass();
431 }
432 return Merlin.class;
433 }
434
435 public void setSignatureVerificationCryptoClass(Class<? extends Merlin> signatureVerificationCryptoClass) {
436 if (signatureVerificationWSSCrypto == null) {
437 signatureVerificationWSSCrypto = new WSSCrypto();
438 }
439 this.signatureVerificationWSSCrypto.setCryptoClass(signatureVerificationCryptoClass);
440
441 }
442
443 public Crypto getSignatureVerificationCrypto() throws WSSConfigurationException {
444
445 if (signatureVerificationWSSCrypto == null) {
446 return null;
447 }
448 signatureVerificationWSSCrypto.setCrlCertStore(crlCertStore);
449 return signatureVerificationWSSCrypto.getCrypto();
450 }
451
452 public void setSignatureVerificationCrypto(Crypto sigVerCrypto) {
453 if (signatureVerificationWSSCrypto == null) {
454 signatureVerificationWSSCrypto = new WSSCrypto();
455 }
456 signatureVerificationWSSCrypto.setCrypto(sigVerCrypto);
457 }
458
459
460
461
462
463
464 public KeyStore getDecryptionKeyStore() {
465 if (decryptionWSSCrypto != null) {
466 return decryptionWSSCrypto.getKeyStore();
467 }
468 return null;
469 }
470
471
472
473
474
475
476
477
478 public void loadDecryptionKeystore(URL url, char[] keyStorePassword) throws Exception {
479 KeyStore keyStore = KeyStore.getInstance("jks");
480 keyStore.load(url.openStream(), keyStorePassword);
481 if (decryptionWSSCrypto == null) {
482 decryptionWSSCrypto = new WSSCrypto();
483 }
484 decryptionWSSCrypto.setKeyStore(keyStore);
485 }
486
487 public Properties getDecryptionCryptoProperties() {
488 if (decryptionWSSCrypto != null) {
489 return decryptionWSSCrypto.getCryptoProperties();
490 }
491 return null;
492 }
493
494 public void setDecryptionCryptoProperties(Properties cryptoProperties) {
495 this.setDecryptionCryptoProperties(cryptoProperties, null);
496 }
497
498 public void setDecryptionCryptoProperties(Properties cryptoProperties,
499 PasswordEncryptor passwordEncryptor) {
500 if (decryptionWSSCrypto == null) {
501 decryptionWSSCrypto = new WSSCrypto();
502 }
503 decryptionWSSCrypto.setCryptoProperties(cryptoProperties);
504 decryptionWSSCrypto.setPasswordEncryptor(passwordEncryptor);
505 }
506
507
508
509
510
511
512 public Class<? extends Merlin> getDecryptionCryptoClass() {
513 if (decryptionWSSCrypto != null) {
514 return decryptionWSSCrypto.getCryptoClass();
515 }
516 return Merlin.class;
517 }
518
519
520
521
522
523
524 public void setDecryptionCryptoClass(Class<? extends Merlin> decryptionCryptoClass) {
525 if (decryptionWSSCrypto == null) {
526 decryptionWSSCrypto = new WSSCrypto();
527 }
528 decryptionWSSCrypto.setCryptoClass(decryptionCryptoClass);
529 }
530
531
532
533
534
535
536
537 public Crypto getDecryptionCrypto() throws WSSConfigurationException {
538
539 if (decryptionWSSCrypto == null) {
540 return null;
541 }
542
543 return decryptionWSSCrypto.getCrypto();
544 }
545
546 public void setDecryptionCrypto(Crypto decCrypto) {
547 if (decryptionWSSCrypto == null) {
548 decryptionWSSCrypto = new WSSCrypto();
549 }
550 decryptionWSSCrypto.setCrypto(decCrypto);
551 }
552
553
554
555
556
557
558 public KeyStore getEncryptionKeyStore() {
559 if (encryptionWSSCrypto != null) {
560 return encryptionWSSCrypto.getKeyStore();
561 }
562 return null;
563 }
564
565
566
567
568
569
570
571
572 public void loadEncryptionKeystore(URL url, char[] keyStorePassword) throws Exception {
573 KeyStore keyStore = KeyStore.getInstance("jks");
574 keyStore.load(url.openStream(), keyStorePassword);
575 if (encryptionWSSCrypto == null) {
576 encryptionWSSCrypto = new WSSCrypto();
577 }
578 encryptionWSSCrypto.setKeyStore(keyStore);
579 }
580
581 public Properties getEncryptionCryptoProperties() {
582 if (encryptionWSSCrypto != null) {
583 return encryptionWSSCrypto.getCryptoProperties();
584 }
585 return null;
586 }
587
588 public void setEncryptionCryptoProperties(Properties cryptoProperties) {
589 this.setEncryptionCryptoProperties(cryptoProperties, null);
590 }
591
592 public void setEncryptionCryptoProperties(Properties cryptoProperties,
593 PasswordEncryptor passwordEncryptor) {
594 if (encryptionWSSCrypto == null) {
595 encryptionWSSCrypto = new WSSCrypto();
596 }
597 encryptionWSSCrypto.setCryptoProperties(cryptoProperties);
598 encryptionWSSCrypto.setPasswordEncryptor(passwordEncryptor);
599 }
600
601
602
603
604
605
606 public Class<? extends Merlin> getEncryptionCryptoClass() {
607 if (encryptionWSSCrypto != null) {
608 return encryptionWSSCrypto.getCryptoClass();
609 }
610 return Merlin.class;
611 }
612
613
614
615
616
617
618 public void setEncryptionCryptoClass(Class<? extends Merlin> encryptionCryptoClass) {
619 if (encryptionWSSCrypto == null) {
620 encryptionWSSCrypto = new WSSCrypto();
621 }
622 encryptionWSSCrypto.setCryptoClass(encryptionCryptoClass);
623 }
624
625
626
627
628
629
630
631 public Crypto getEncryptionCrypto() throws WSSConfigurationException {
632
633 if (encryptionWSSCrypto == null) {
634 return null;
635 }
636
637 encryptionWSSCrypto.setCrlCertStore(this.getCrlCertStore());
638 return encryptionWSSCrypto.getCrypto();
639 }
640
641 public void setEncryptionCrypto(Crypto encCrypto) {
642 if (encryptionWSSCrypto == null) {
643 encryptionWSSCrypto = new WSSCrypto();
644 }
645 encryptionWSSCrypto.setCrypto(encCrypto);
646 }
647
648
649
650
651
652
653 public String getEncryptionUser() {
654 return encryptionUser;
655 }
656
657
658
659
660
661
662 public void setEncryptionUser(String encryptionUser) {
663 this.encryptionUser = encryptionUser;
664 }
665
666 public String getEncryptionCompressionAlgorithm() {
667 return encryptionCompressionAlgorithm;
668 }
669
670 public void setEncryptionCompressionAlgorithm(String encryptionCompressionAlgorithm) {
671 this.encryptionCompressionAlgorithm = encryptionCompressionAlgorithm;
672 }
673
674 public boolean isAllowUsernameTokenNoPassword() {
675 return allowUsernameTokenNoPassword;
676 }
677
678 public void setAllowUsernameTokenNoPassword(boolean allowUsernameTokenNoPassword) {
679 this.allowUsernameTokenNoPassword = allowUsernameTokenNoPassword;
680 }
681
682 public boolean isEnableRevocation() {
683 return enableRevocation;
684 }
685
686 public void setEnableRevocation(boolean enableRevocation) {
687 this.enableRevocation = enableRevocation;
688 }
689
690 public CertStore getCrlCertStore() {
691 return crlCertStore;
692 }
693
694 public void setCrlCertStore(CertStore crlCertStore) {
695 this.crlCertStore = crlCertStore;
696 }
697
698 public Integer getTimeStampFutureTTL() {
699 return timeStampFutureTTL;
700 }
701
702 public void setTimeStampFutureTTL(Integer timeStampFutureTTL) {
703 this.timeStampFutureTTL = timeStampFutureTTL;
704 }
705
706 public Integer getUtTTL() {
707 return utTTL;
708 }
709
710 public void setUtTTL(Integer utTTL) {
711 this.utTTL = utTTL;
712 }
713
714 public Integer getUtFutureTTL() {
715 return utFutureTTL;
716 }
717
718 public void setUtFutureTTL(Integer utFutureTTL) {
719 this.utFutureTTL = utFutureTTL;
720 }
721
722
723
724
725 public void setTimestampReplayCache(ReplayCache newCache) {
726 timestampReplayCache = newCache;
727 }
728
729
730
731
732
733 public ReplayCache getTimestampReplayCache() throws WSSecurityException {
734 return timestampReplayCache;
735 }
736
737
738
739
740 public void setNonceReplayCache(ReplayCache newCache) {
741 nonceReplayCache = newCache;
742 }
743
744
745
746
747
748 public ReplayCache getNonceReplayCache() throws WSSecurityException {
749 return nonceReplayCache;
750 }
751
752
753
754
755 public void setSamlOneTimeUseReplayCache(ReplayCache newCache) {
756 samlOneTimeUseReplayCache = newCache;
757 }
758
759
760
761
762
763 public ReplayCache getSamlOneTimeUseReplayCache() throws WSSecurityException {
764 return samlOneTimeUseReplayCache;
765 }
766
767 public boolean isDisableBSPEnforcement() {
768 return disableBSPEnforcement;
769 }
770
771 public void setDisableBSPEnforcement(boolean disableBSPEnforcement) {
772 this.disableBSPEnforcement = disableBSPEnforcement;
773 }
774
775 public boolean isAllowRSA15KeyTransportAlgorithm() {
776 return allowRSA15KeyTransportAlgorithm;
777 }
778
779 public void setAllowRSA15KeyTransportAlgorithm(boolean allowRSA15KeyTransportAlgorithm) {
780 this.allowRSA15KeyTransportAlgorithm = allowRSA15KeyTransportAlgorithm;
781 }
782
783 public Integer getDerivedKeyIterations() {
784 return derivedKeyIterations;
785 }
786
787 public void setDerivedKeyIterations(Integer derivedKeyIterations) {
788 this.derivedKeyIterations = derivedKeyIterations;
789 }
790
791 public boolean isUseDerivedKeyForMAC() {
792 return useDerivedKeyForMAC;
793 }
794
795 public void setUseDerivedKeyForMAC(boolean useDerivedKeyForMAC) {
796 this.useDerivedKeyForMAC = useDerivedKeyForMAC;
797 }
798
799 public boolean isAddUsernameTokenNonce() {
800 return addUsernameTokenNonce;
801 }
802
803 public void setAddUsernameTokenNonce(boolean addUsernameTokenNonce) {
804 this.addUsernameTokenNonce = addUsernameTokenNonce;
805 }
806
807 public boolean isAddUsernameTokenCreated() {
808 return addUsernameTokenCreated;
809 }
810
811 public void setAddUsernameTokenCreated(boolean addUsernameTokenCreated) {
812 this.addUsernameTokenCreated = addUsernameTokenCreated;
813 }
814
815 public CallbackHandler getSamlCallbackHandler() {
816 return samlCallbackHandler;
817 }
818
819 public void setSamlCallbackHandler(CallbackHandler samlCallbackHandler) {
820 this.samlCallbackHandler = samlCallbackHandler;
821 }
822
823 public boolean isValidateSamlSubjectConfirmation() {
824 return validateSamlSubjectConfirmation;
825 }
826
827 public void setValidateSamlSubjectConfirmation(boolean validateSamlSubjectConfirmation) {
828 this.validateSamlSubjectConfirmation = validateSamlSubjectConfirmation;
829 }
830
831 public boolean isMustUnderstand() {
832 return mustUnderstand;
833 }
834
835 public void setMustUnderstand(boolean mustUnderstand) {
836 this.mustUnderstand = mustUnderstand;
837 }
838
839 public boolean isIncludeSignatureToken() {
840 return includeSignatureToken;
841 }
842
843 public void setIncludeSignatureToken(boolean includeSignatureToken) {
844 this.includeSignatureToken = includeSignatureToken;
845 }
846
847 public boolean isIncludeEncryptionToken() {
848 return includeEncryptionToken;
849 }
850
851 public void setIncludeEncryptionToken(boolean includeEncryptionToken) {
852 this.includeEncryptionToken = includeEncryptionToken;
853 }
854
855 public boolean isEncryptSymmetricEncryptionKey() {
856 return encryptSymmetricEncrytionKey;
857 }
858
859 public void setEncryptSymmetricEncryptionKey(boolean encryptSymmetricEncrytionKey) {
860 this.encryptSymmetricEncrytionKey = encryptSymmetricEncrytionKey;
861 }
862
863
864
865
866 public void setSubjectCertConstraints(Collection<Pattern> subjectCertConstraints) {
867 if (subjectCertConstraints != null) {
868 subjectDNPatterns.addAll(subjectCertConstraints);
869 }
870 }
871
872
873
874
875 public Collection<Pattern> getSubjectCertConstraints() {
876 return subjectDNPatterns;
877 }
878
879
880
881 public void setIssuerDNConstraints(Collection<Pattern> issuerDNPatterns) {
882 this.issuerDNPatterns = issuerDNPatterns;
883 }
884
885
886
887 public Collection<Pattern> getIssuerDNConstraints() {
888 return issuerDNPatterns;
889 }
890
891
892
893
894
895
896 public void setAudienceRestrictions(List<String> audienceRestrictions) {
897 if (audienceRestrictions != null) {
898 this.audienceRestrictions.addAll(audienceRestrictions);
899 }
900 }
901
902
903
904
905 public List<String> getAudienceRestrictions() {
906 return audienceRestrictions;
907 }
908
909 public int getDerivedSignatureKeyLength() {
910 return derivedSignatureKeyLength;
911 }
912
913 public void setDerivedSignatureKeyLength(int derivedSignatureKeyLength) {
914 this.derivedSignatureKeyLength = derivedSignatureKeyLength;
915 }
916
917 public int getDerivedEncryptionKeyLength() {
918 return derivedEncryptionKeyLength;
919 }
920
921 public void setDerivedEncryptionKeyLength(int derivedEncryptionKeyLength) {
922 this.derivedEncryptionKeyLength = derivedEncryptionKeyLength;
923 }
924
925 public boolean isUse200512Namespace() {
926 return use200512Namespace;
927 }
928
929 public void setUse200512Namespace(boolean use200512Namespace) {
930 this.use200512Namespace = use200512Namespace;
931 }
932
933 public CallbackHandler getAttachmentCallbackHandler() {
934 return attachmentCallbackHandler;
935 }
936
937 public void setAttachmentCallbackHandler(CallbackHandler attachmentCallbackHandler) {
938 this.attachmentCallbackHandler = attachmentCallbackHandler;
939 }
940
941 public Object getMsgContext() {
942 return msgContext;
943 }
944
945 public void setMsgContext(Object msgContext) {
946 this.msgContext = msgContext;
947 }
948
949 public boolean isRequireTimestampExpires() {
950 return requireTimestampExpires;
951 }
952
953 public void setRequireTimestampExpires(boolean requireTimestampExpires) {
954 this.requireTimestampExpires = requireTimestampExpires;
955 }
956
957 public boolean isSoap12() {
958 return soap12;
959 }
960
961 public void setSoap12(boolean soap12) {
962 this.soap12 = soap12;
963 }
964
965 public DocumentCreator getDocumentCreator() {
966 return documentCreator;
967 }
968
969 public void setDocumentCreator(DocumentCreator documentCreator) {
970 this.documentCreator = documentCreator;
971 }
972 }