View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.stax.ext;
20  
21  import java.net.URL;
22  import java.security.KeyStore;
23  import java.security.cert.CertStore;
24  import java.security.cert.CertificateFactory;
25  import java.security.cert.CollectionCertStoreParameters;
26  import java.security.cert.X509CRL;
27  import java.util.ArrayList;
28  import java.util.Collection;
29  import java.util.Collections;
30  import java.util.HashMap;
31  import java.util.LinkedList;
32  import java.util.List;
33  import java.util.Map;
34  import java.util.Properties;
35  import java.util.regex.Pattern;
36  
37  import javax.security.auth.callback.CallbackHandler;
38  import javax.xml.namespace.QName;
39  
40  import org.apache.wss4j.common.bsp.BSPRule;
41  import org.apache.wss4j.common.cache.ReplayCache;
42  import org.apache.wss4j.common.crypto.Crypto;
43  import org.apache.wss4j.common.crypto.Merlin;
44  import org.apache.wss4j.common.crypto.PasswordEncryptor;
45  import org.apache.wss4j.common.ext.WSSecurityException;
46  import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
47  import org.apache.wss4j.stax.validate.Validator;
48  import org.apache.xml.security.stax.ext.XMLSecurityProperties;
49  
50  /**
51   * Main configuration class to supply keys etc.
52   * This class is subject to change in the future.
53   * Probably we will allow to configure the framework per WSDL
54   */
55  public class WSSSecurityProperties extends XMLSecurityProperties {
56  
57      private boolean mustUnderstand = true;
58      private String actor;
59      private CallbackHandler callbackHandler;
60      private CallbackHandler samlCallbackHandler;
61      private final List<BSPRule> ignoredBSPRules = new LinkedList<>();
62      private boolean disableBSPEnforcement;
63      private final Map<QName, Validator> validators = new HashMap<>();
64  
65      private Integer timestampTTL = 300;
66      private Integer timeStampFutureTTL = 60;
67      private boolean strictTimestampCheck = true;
68      private Integer utTTL = 300;
69      private Integer utFutureTTL = 60;
70      private Integer derivedKeyIterations = 1000;
71      private boolean addUsernameTokenNonce;
72      private boolean addUsernameTokenCreated;
73      private boolean encryptSymmetricEncrytionKey = true;
74      private boolean use200512Namespace = true;
75  
76      /**
77       * This variable controls whether types other than PasswordDigest or PasswordText
78       * are allowed when processing UsernameTokens.
79       *
80       * By default this is set to false so that the user doesn't have to explicitly
81       * reject custom token types in the callback handler.
82       */
83      private boolean handleCustomPasswordTypes = false;
84      private boolean allowUsernameTokenNoPassword = false;
85      private boolean allowRSA15KeyTransportAlgorithm = false;
86      private boolean useDerivedKeyForMAC = true;
87      private WSSConstants.UsernameTokenPasswordType usernameTokenPasswordType;
88      private String tokenUser;
89  
90      private WSSecurityTokenConstants.KeyIdentifier derivedKeyKeyIdentifier;
91      private WSSConstants.DerivedKeyTokenReference derivedKeyTokenReference;
92      private int derivedSignatureKeyLength;
93      private int derivedEncryptionKeyLength;
94  
95      private WSSCrypto signatureWSSCrypto;
96      private String signatureUser;
97      private boolean enableSignatureConfirmationVerification = false;
98      private boolean includeSignatureToken;
99      private boolean includeEncryptionToken;
100     private WSSCrypto signatureVerificationWSSCrypto;
101     private CertStore crlCertStore;
102     private WSSCrypto decryptionWSSCrypto;
103     private WSSCrypto encryptionWSSCrypto;
104     private String encryptionUser;
105     private boolean useReqSigCertForEncryption = false;
106     private String encryptionCompressionAlgorithm;
107     private boolean enableRevocation = false;
108     private ReplayCache timestampReplayCache;
109     private ReplayCache nonceReplayCache;
110     private ReplayCache samlOneTimeUseReplayCache;
111     private boolean validateSamlSubjectConfirmation = true;
112     private Collection<Pattern> subjectDNPatterns = new ArrayList<>();
113     private Collection<Pattern> issuerDNPatterns = new ArrayList<>();
114     private List<String> audienceRestrictions = new ArrayList<>();
115     private boolean requireTimestampExpires;
116 
117     private CallbackHandler attachmentCallbackHandler;
118     private Object msgContext;
119     private boolean soap12;
120     private DocumentCreator documentCreator;
121 
122     public WSSSecurityProperties() {
123         super();
124         setAddExcC14NInclusivePrefixes(true);
125     }
126 
127     public WSSSecurityProperties(WSSSecurityProperties wssSecurityProperties) {
128         super(wssSecurityProperties);
129 
130         this.mustUnderstand = wssSecurityProperties.mustUnderstand;
131         this.actor = wssSecurityProperties.actor;
132         this.callbackHandler = wssSecurityProperties.callbackHandler;
133         this.samlCallbackHandler = wssSecurityProperties.samlCallbackHandler;
134         this.ignoredBSPRules.addAll(wssSecurityProperties.ignoredBSPRules);
135         this.disableBSPEnforcement = wssSecurityProperties.disableBSPEnforcement;
136         this.validators.putAll(wssSecurityProperties.validators);
137         this.timestampTTL = wssSecurityProperties.timestampTTL;
138         this.timeStampFutureTTL = wssSecurityProperties.timeStampFutureTTL;
139         this.utTTL = wssSecurityProperties.utTTL;
140         this.utFutureTTL = wssSecurityProperties.utFutureTTL;
141         this.strictTimestampCheck = wssSecurityProperties.strictTimestampCheck;
142         this.handleCustomPasswordTypes = wssSecurityProperties.handleCustomPasswordTypes;
143         this.usernameTokenPasswordType = wssSecurityProperties.usernameTokenPasswordType;
144         this.allowUsernameTokenNoPassword = wssSecurityProperties.allowUsernameTokenNoPassword;
145         this.tokenUser = wssSecurityProperties.tokenUser;
146         this.use200512Namespace = wssSecurityProperties.use200512Namespace;
147         this.derivedKeyKeyIdentifier = wssSecurityProperties.derivedKeyKeyIdentifier;
148         this.derivedKeyTokenReference = wssSecurityProperties.derivedKeyTokenReference;
149         this.derivedSignatureKeyLength = wssSecurityProperties.derivedSignatureKeyLength;
150         this.derivedEncryptionKeyLength = wssSecurityProperties.derivedEncryptionKeyLength;
151         this.signatureWSSCrypto = wssSecurityProperties.signatureWSSCrypto;
152         this.signatureUser = wssSecurityProperties.signatureUser;
153         this.enableSignatureConfirmationVerification = wssSecurityProperties.enableSignatureConfirmationVerification;
154         this.includeSignatureToken = wssSecurityProperties.includeSignatureToken;
155         this.includeEncryptionToken = wssSecurityProperties.includeEncryptionToken;
156         this.signatureVerificationWSSCrypto = wssSecurityProperties.signatureVerificationWSSCrypto;
157         this.crlCertStore = wssSecurityProperties.crlCertStore;
158         this.decryptionWSSCrypto = wssSecurityProperties.decryptionWSSCrypto;
159         this.encryptionWSSCrypto = wssSecurityProperties.encryptionWSSCrypto;
160         this.encryptionUser = wssSecurityProperties.encryptionUser;
161         this.useReqSigCertForEncryption = wssSecurityProperties.useReqSigCertForEncryption;
162         this.encryptionCompressionAlgorithm = wssSecurityProperties.encryptionCompressionAlgorithm;
163         this.enableRevocation = wssSecurityProperties.enableRevocation;
164         this.timestampReplayCache = wssSecurityProperties.timestampReplayCache;
165         this.nonceReplayCache = wssSecurityProperties.nonceReplayCache;
166         this.samlOneTimeUseReplayCache = wssSecurityProperties.samlOneTimeUseReplayCache;
167         this.allowRSA15KeyTransportAlgorithm = wssSecurityProperties.allowRSA15KeyTransportAlgorithm;
168         this.derivedKeyIterations = wssSecurityProperties.derivedKeyIterations;
169         this.useDerivedKeyForMAC = wssSecurityProperties.useDerivedKeyForMAC;
170         this.addUsernameTokenNonce = wssSecurityProperties.addUsernameTokenNonce;
171         this.addUsernameTokenCreated = wssSecurityProperties.addUsernameTokenCreated;
172         this.validateSamlSubjectConfirmation = wssSecurityProperties.validateSamlSubjectConfirmation;
173         this.encryptSymmetricEncrytionKey = wssSecurityProperties.encryptSymmetricEncrytionKey;
174         this.subjectDNPatterns = wssSecurityProperties.subjectDNPatterns;
175         this.issuerDNPatterns = wssSecurityProperties.issuerDNPatterns;
176         this.attachmentCallbackHandler = wssSecurityProperties.attachmentCallbackHandler;
177         this.msgContext = wssSecurityProperties.msgContext;
178         this.audienceRestrictions = wssSecurityProperties.audienceRestrictions;
179         this.requireTimestampExpires = wssSecurityProperties.requireTimestampExpires;
180         this.soap12 = wssSecurityProperties.soap12;
181         this.documentCreator = wssSecurityProperties.documentCreator;
182     }
183 
184     /**
185      * returns the password callback handler
186      *
187      * @return the password callback handler
188      */
189     public CallbackHandler getCallbackHandler() {
190         return callbackHandler;
191     }
192 
193 
194     /**
195      * sets the password callback handler
196      *
197      * @param callbackHandler the password callback handler
198      */
199     public void setCallbackHandler(CallbackHandler callbackHandler) {
200         this.callbackHandler = callbackHandler;
201     }
202 
203     public Integer getTimestampTTL() {
204         return timestampTTL;
205     }
206 
207     public void setTimestampTTL(Integer timestampTTL) {
208         this.timestampTTL = timestampTTL;
209     }
210 
211     public boolean isStrictTimestampCheck() {
212         return strictTimestampCheck;
213     }
214 
215 
216     public void setStrictTimestampCheck(boolean strictTimestampCheck) {
217         this.strictTimestampCheck = strictTimestampCheck;
218     }
219 
220     /**
221      * @param handleCustomTypes
222      * whether to handle custom UsernameToken password types or not
223      */
224     public void setHandleCustomPasswordTypes(boolean handleCustomTypes) {
225         this.handleCustomPasswordTypes = handleCustomTypes;
226     }
227 
228     /**
229      * @return whether custom UsernameToken password types are allowed or not
230      */
231     public boolean getHandleCustomPasswordTypes() {
232         return handleCustomPasswordTypes;
233     }
234 
235     public String getTokenUser() {
236         return tokenUser;
237     }
238 
239     public void setTokenUser(String tokenUser) {
240         this.tokenUser = tokenUser;
241     }
242 
243     public WSSConstants.UsernameTokenPasswordType getUsernameTokenPasswordType() {
244         return usernameTokenPasswordType;
245     }
246 
247     public void setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType usernameTokenPasswordType) {
248         this.usernameTokenPasswordType = usernameTokenPasswordType;
249     }
250 
251     public boolean isEnableSignatureConfirmationVerification() {
252         return enableSignatureConfirmationVerification;
253     }
254 
255     public void setEnableSignatureConfirmationVerification(boolean enableSignatureConfirmationVerification) {
256         this.enableSignatureConfirmationVerification = enableSignatureConfirmationVerification;
257     }
258 
259     public boolean isUseReqSigCertForEncryption() {
260         return useReqSigCertForEncryption;
261     }
262 
263     public void setUseReqSigCertForEncryption(boolean useReqSigCertForEncryption) {
264         this.useReqSigCertForEncryption = useReqSigCertForEncryption;
265     }
266 
267     public String getActor() {
268         return actor;
269     }
270 
271 
272     public void setActor(String actor) {
273         this.actor = actor;
274     }
275 
276     public WSSecurityTokenConstants.KeyIdentifier getDerivedKeyKeyIdentifier() {
277         return derivedKeyKeyIdentifier;
278     }
279 
280     public void setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier derivedKeyKeyIdentifier) {
281         this.derivedKeyKeyIdentifier = derivedKeyKeyIdentifier;
282     }
283 
284     public WSSConstants.DerivedKeyTokenReference getDerivedKeyTokenReference() {
285         return derivedKeyTokenReference;
286     }
287 
288     public void setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference derivedKeyTokenReference) {
289         this.derivedKeyTokenReference = derivedKeyTokenReference;
290     }
291 
292     public void addIgnoreBSPRule(BSPRule bspRule) {
293         ignoredBSPRules.add(bspRule);
294     }
295 
296     public List<BSPRule> getIgnoredBSPRules() {
297         return Collections.unmodifiableList(ignoredBSPRules);
298     }
299 
300     public void addValidator(QName qName, Validator validator) {
301         validators.put(qName, validator);
302     }
303 
304     @SuppressWarnings("unchecked")
305     public <T extends Validator> T getValidator(QName qName) {
306         return (T)validators.get(qName);
307     }
308 
309     public void setSignatureUser(String signatureUser) {
310         this.signatureUser = signatureUser;
311     }
312 
313     public String getSignatureUser() {
314         return signatureUser;
315     }
316 
317     public KeyStore getSignatureKeyStore() {
318         if (signatureWSSCrypto != null) {
319             return signatureWSSCrypto.getKeyStore();
320         }
321         return null;
322     }
323 
324     public void loadSignatureKeyStore(URL url, char[] keyStorePassword) throws Exception {
325         KeyStore keyStore = KeyStore.getInstance("jks");
326         keyStore.load(url.openStream(), keyStorePassword);
327         if (signatureWSSCrypto == null) {
328             signatureWSSCrypto = new WSSCrypto();
329         }
330         signatureWSSCrypto.setKeyStore(keyStore);
331     }
332 
333     public Properties getSignatureCryptoProperties() {
334         if (signatureWSSCrypto != null) {
335             return signatureWSSCrypto.getCryptoProperties();
336         }
337         return null;    //NOPMD
338     }
339 
340     public void setSignatureCryptoProperties(Properties cryptoProperties) {
341         this.setSignatureCryptoProperties(cryptoProperties, null);
342     }
343 
344     public void setSignatureCryptoProperties(Properties cryptoProperties,
345                                              PasswordEncryptor passwordEncryptor) {
346         if (signatureWSSCrypto == null) {
347             signatureWSSCrypto = new WSSCrypto();
348         }
349         signatureWSSCrypto.setCryptoProperties(cryptoProperties);
350         signatureWSSCrypto.setPasswordEncryptor(passwordEncryptor);
351     }
352 
353     public Class<? extends Merlin> getSignatureCryptoClass() {
354         if (signatureWSSCrypto != null) {
355             return signatureWSSCrypto.getCryptoClass();
356         }
357         return Merlin.class;
358     }
359 
360     public void setSignatureCryptoClass(Class<? extends Merlin> signatureCryptoClass) {
361         if (signatureWSSCrypto == null) {
362             signatureWSSCrypto = new WSSCrypto();
363         }
364         this.signatureWSSCrypto.setCryptoClass(signatureCryptoClass);
365     }
366 
367     public Crypto getSignatureCrypto() throws WSSConfigurationException {
368         if (signatureWSSCrypto == null) {
369             return null;
370         }
371 
372         return signatureWSSCrypto.getCrypto();
373     }
374 
375     public void setSignatureCrypto(Crypto sigCrypto) {
376         if (signatureWSSCrypto == null) {
377             signatureWSSCrypto = new WSSCrypto();
378         }
379         signatureWSSCrypto.setCrypto(sigCrypto);
380     }
381 
382     public KeyStore getSignatureVerificationKeyStore() {
383         if (signatureVerificationWSSCrypto != null) {
384             return signatureVerificationWSSCrypto.getKeyStore();
385         }
386         return null;
387     }
388 
389     public void loadSignatureVerificationKeystore(URL url, char[] keyStorePassword) throws Exception {
390         KeyStore keyStore = KeyStore.getInstance("jks");
391         keyStore.load(url.openStream(), keyStorePassword);
392         if (signatureVerificationWSSCrypto == null) {
393             signatureVerificationWSSCrypto = new WSSCrypto();
394         }
395         signatureVerificationWSSCrypto.setKeyStore(keyStore);
396     }
397 
398     public void loadCRLCertStore(URL url) throws Exception {
399         CertificateFactory cf = CertificateFactory.getInstance("X.509");
400         X509CRL crl = (X509CRL)cf.generateCRL(url.openStream());
401         this.crlCertStore =
402             CertStore.getInstance(
403                 "Collection",
404                 new CollectionCertStoreParameters(Collections.singletonList(crl))
405             );
406     }
407 
408     public Properties getSignatureVerificationCryptoProperties() {
409         if (signatureVerificationWSSCrypto != null) {
410             return signatureVerificationWSSCrypto.getCryptoProperties();
411         }
412         return null;    //NOPMD
413     }
414 
415     public void setSignatureVerificationCryptoProperties(Properties cryptoProperties) {
416         this.setSignatureVerificationCryptoProperties(cryptoProperties, null);
417     }
418 
419     public void setSignatureVerificationCryptoProperties(Properties cryptoProperties,
420                                                          PasswordEncryptor passwordEncryptor) {
421         if (signatureVerificationWSSCrypto == null) {
422             signatureVerificationWSSCrypto = new WSSCrypto();
423         }
424         signatureVerificationWSSCrypto.setCryptoProperties(cryptoProperties);
425         signatureVerificationWSSCrypto.setPasswordEncryptor(passwordEncryptor);
426     }
427 
428     public Class<? extends Merlin> getSignatureVerificationCryptoClass() {
429         if (signatureVerificationWSSCrypto != null) {
430             return signatureVerificationWSSCrypto.getCryptoClass();
431         }
432         return Merlin.class;
433     }
434 
435     public void setSignatureVerificationCryptoClass(Class<? extends Merlin> signatureVerificationCryptoClass) {
436         if (signatureVerificationWSSCrypto == null) {
437             signatureVerificationWSSCrypto = new WSSCrypto();
438         }
439         this.signatureVerificationWSSCrypto.setCryptoClass(signatureVerificationCryptoClass);
440 
441     }
442 
443     public Crypto getSignatureVerificationCrypto() throws WSSConfigurationException {
444 
445         if (signatureVerificationWSSCrypto == null) {
446             return null;
447         }
448         signatureVerificationWSSCrypto.setCrlCertStore(crlCertStore);
449         return signatureVerificationWSSCrypto.getCrypto();
450     }
451 
452     public void setSignatureVerificationCrypto(Crypto sigVerCrypto) {
453         if (signatureVerificationWSSCrypto == null) {
454             signatureVerificationWSSCrypto = new WSSCrypto();
455         }
456         signatureVerificationWSSCrypto.setCrypto(sigVerCrypto);
457     }
458 
459     /**
460      * Returns the decryption keystore
461      *
462      * @return A keystore for decryption operation
463      */
464     public KeyStore getDecryptionKeyStore() {
465         if (decryptionWSSCrypto != null) {
466             return decryptionWSSCrypto.getKeyStore();
467         }
468         return null;
469     }
470 
471     /**
472      * loads a java keystore from the given url for decrypt operations
473      *
474      * @param url              The URL to the keystore
475      * @param keyStorePassword The keyStorePassword
476      * @throws Exception thrown if something goes wrong while loading the keystore
477      */
478     public void loadDecryptionKeystore(URL url, char[] keyStorePassword) throws Exception {
479         KeyStore keyStore = KeyStore.getInstance("jks");
480         keyStore.load(url.openStream(), keyStorePassword);
481         if (decryptionWSSCrypto == null) {
482             decryptionWSSCrypto = new WSSCrypto();
483         }
484         decryptionWSSCrypto.setKeyStore(keyStore);
485     }
486 
487     public Properties getDecryptionCryptoProperties() {
488         if (decryptionWSSCrypto != null) {
489             return decryptionWSSCrypto.getCryptoProperties();
490         }
491         return null;    //NOPMD
492     }
493 
494     public void setDecryptionCryptoProperties(Properties cryptoProperties) {
495         this.setDecryptionCryptoProperties(cryptoProperties, null);
496     }
497 
498     public void setDecryptionCryptoProperties(Properties cryptoProperties,
499                                               PasswordEncryptor passwordEncryptor) {
500         if (decryptionWSSCrypto == null) {
501             decryptionWSSCrypto = new WSSCrypto();
502         }
503         decryptionWSSCrypto.setCryptoProperties(cryptoProperties);
504         decryptionWSSCrypto.setPasswordEncryptor(passwordEncryptor);
505     }
506 
507     /**
508      * Returns the decryption crypto class
509      *
510      * @return the decryption crypto class
511      */
512     public Class<? extends Merlin> getDecryptionCryptoClass() {
513         if (decryptionWSSCrypto != null) {
514             return decryptionWSSCrypto.getCryptoClass();
515         }
516         return Merlin.class;
517     }
518 
519     /**
520      * Sets a custom decryption class
521      *
522      * @param decryptionCryptoClass
523      */
524     public void setDecryptionCryptoClass(Class<? extends Merlin> decryptionCryptoClass) {
525         if (decryptionWSSCrypto == null) {
526             decryptionWSSCrypto = new WSSCrypto();
527         }
528         decryptionWSSCrypto.setCryptoClass(decryptionCryptoClass);
529     }
530 
531     /**
532      * returns the decryptionCrypto for the key-management
533      *
534      * @return A Crypto instance
535      * @throws WSSConfigurationException thrown if something goes wrong
536      */
537     public Crypto getDecryptionCrypto() throws WSSConfigurationException {
538 
539         if (decryptionWSSCrypto == null) {
540             return null;
541         }
542 
543         return decryptionWSSCrypto.getCrypto();
544     }
545 
546     public void setDecryptionCrypto(Crypto decCrypto) {
547         if (decryptionWSSCrypto == null) {
548             decryptionWSSCrypto = new WSSCrypto();
549         }
550         decryptionWSSCrypto.setCrypto(decCrypto);
551     }
552 
553     /**
554      * Returns the encryption keystore
555      *
556      * @return A keystore for encryption operation
557      */
558     public KeyStore getEncryptionKeyStore() {
559         if (encryptionWSSCrypto != null) {
560             return encryptionWSSCrypto.getKeyStore();
561         }
562         return null;
563     }
564 
565     /**
566      * loads a java keystore from the given url for encrypt operations
567      *
568      * @param url              The URL to the keystore
569      * @param keyStorePassword The keyStorePassword
570      * @throws Exception thrown if something goes wrong while loading the keystore
571      */
572     public void loadEncryptionKeystore(URL url, char[] keyStorePassword) throws Exception {
573         KeyStore keyStore = KeyStore.getInstance("jks");
574         keyStore.load(url.openStream(), keyStorePassword);
575         if (encryptionWSSCrypto == null) {
576             encryptionWSSCrypto = new WSSCrypto();
577         }
578         encryptionWSSCrypto.setKeyStore(keyStore);
579     }
580 
581     public Properties getEncryptionCryptoProperties() {
582         if (encryptionWSSCrypto != null) {
583             return encryptionWSSCrypto.getCryptoProperties();
584         }
585         return null;    //NOPMD
586     }
587 
588     public void setEncryptionCryptoProperties(Properties cryptoProperties) {
589         this.setEncryptionCryptoProperties(cryptoProperties, null);
590     }
591 
592     public void setEncryptionCryptoProperties(Properties cryptoProperties,
593                                               PasswordEncryptor passwordEncryptor) {
594         if (encryptionWSSCrypto == null) {
595             encryptionWSSCrypto = new WSSCrypto();
596         }
597         encryptionWSSCrypto.setCryptoProperties(cryptoProperties);
598         encryptionWSSCrypto.setPasswordEncryptor(passwordEncryptor);
599     }
600 
601     /**
602      * Returns the encryption crypto class
603      *
604      * @return the encryption crypto class
605      */
606     public Class<? extends Merlin> getEncryptionCryptoClass() {
607         if (encryptionWSSCrypto != null) {
608             return encryptionWSSCrypto.getCryptoClass();
609         }
610         return Merlin.class;
611     }
612 
613     /**
614      * Sets a custom encryption class
615      *
616      * @param encryptionCryptoClass
617      */
618     public void setEncryptionCryptoClass(Class<? extends Merlin> encryptionCryptoClass) {
619         if (encryptionWSSCrypto == null) {
620             encryptionWSSCrypto = new WSSCrypto();
621         }
622         encryptionWSSCrypto.setCryptoClass(encryptionCryptoClass);
623     }
624 
625     /**
626      * returns the encryptionCrypto for the key-management
627      *
628      * @return A Crypto instance
629      * @throws WSSConfigurationException thrown if something goes wrong
630      */
631     public Crypto getEncryptionCrypto() throws WSSConfigurationException {
632 
633         if (encryptionWSSCrypto == null) {
634             return null;
635         }
636 
637         encryptionWSSCrypto.setCrlCertStore(this.getCrlCertStore());
638         return encryptionWSSCrypto.getCrypto();
639     }
640 
641     public void setEncryptionCrypto(Crypto encCrypto) {
642         if (encryptionWSSCrypto == null) {
643             encryptionWSSCrypto = new WSSCrypto();
644         }
645         encryptionWSSCrypto.setCrypto(encCrypto);
646     }
647 
648     /**
649      * Returns the alias for the encryption key in the keystore
650      *
651      * @return the alias for the encryption key in the keystore as string
652      */
653     public String getEncryptionUser() {
654         return encryptionUser;
655     }
656 
657     /**
658      * Specifies the the alias for the encryption key in the keystore
659      *
660      * @param encryptionUser the the alias for the encryption key in the keystore as string
661      */
662     public void setEncryptionUser(String encryptionUser) {
663         this.encryptionUser = encryptionUser;
664     }
665 
666     public String getEncryptionCompressionAlgorithm() {
667         return encryptionCompressionAlgorithm;
668     }
669 
670     public void setEncryptionCompressionAlgorithm(String encryptionCompressionAlgorithm) {
671         this.encryptionCompressionAlgorithm = encryptionCompressionAlgorithm;
672     }
673 
674     public boolean isAllowUsernameTokenNoPassword() {
675         return allowUsernameTokenNoPassword;
676     }
677 
678     public void setAllowUsernameTokenNoPassword(boolean allowUsernameTokenNoPassword) {
679         this.allowUsernameTokenNoPassword = allowUsernameTokenNoPassword;
680     }
681 
682     public boolean isEnableRevocation() {
683         return enableRevocation;
684     }
685 
686     public void setEnableRevocation(boolean enableRevocation) {
687         this.enableRevocation = enableRevocation;
688     }
689 
690     public CertStore getCrlCertStore() {
691         return crlCertStore;
692     }
693 
694     public void setCrlCertStore(CertStore crlCertStore) {
695         this.crlCertStore = crlCertStore;
696     }
697 
698     public Integer getTimeStampFutureTTL() {
699         return timeStampFutureTTL;
700     }
701 
702     public void setTimeStampFutureTTL(Integer timeStampFutureTTL) {
703         this.timeStampFutureTTL = timeStampFutureTTL;
704     }
705 
706     public Integer getUtTTL() {
707         return utTTL;
708     }
709 
710     public void setUtTTL(Integer utTTL) {
711         this.utTTL = utTTL;
712     }
713 
714     public Integer getUtFutureTTL() {
715         return utFutureTTL;
716     }
717 
718     public void setUtFutureTTL(Integer utFutureTTL) {
719         this.utFutureTTL = utFutureTTL;
720     }
721 
722     /**
723      * Set the replay cache for Timestamps
724      */
725     public void setTimestampReplayCache(ReplayCache newCache) {
726         timestampReplayCache = newCache;
727     }
728 
729     /**
730      * Get the replay cache for Timestamps
731      * @throws WSSecurityException
732      */
733     public ReplayCache getTimestampReplayCache() throws WSSecurityException {
734         return timestampReplayCache;
735     }
736 
737     /**
738      * Set the replay cache for Nonces
739      */
740     public void setNonceReplayCache(ReplayCache newCache) {
741         nonceReplayCache = newCache;
742     }
743 
744     /**
745      * Get the replay cache for Nonces
746      * @throws WSSecurityException
747      */
748     public ReplayCache getNonceReplayCache() throws WSSecurityException {
749         return nonceReplayCache;
750     }
751 
752     /**
753      * Set the replay cache for SAML2 OneTimeUse Assertions
754      */
755     public void setSamlOneTimeUseReplayCache(ReplayCache newCache) {
756         samlOneTimeUseReplayCache = newCache;
757     }
758 
759     /**
760      * Get the replay cache for SAML2 OneTimeUse Assertions
761      * @throws WSSecurityException
762      */
763     public ReplayCache getSamlOneTimeUseReplayCache() throws WSSecurityException {
764         return samlOneTimeUseReplayCache;
765     }
766 
767     public boolean isDisableBSPEnforcement() {
768         return disableBSPEnforcement;
769     }
770 
771     public void setDisableBSPEnforcement(boolean disableBSPEnforcement) {
772         this.disableBSPEnforcement = disableBSPEnforcement;
773     }
774 
775     public boolean isAllowRSA15KeyTransportAlgorithm() {
776         return allowRSA15KeyTransportAlgorithm;
777     }
778 
779     public void setAllowRSA15KeyTransportAlgorithm(boolean allowRSA15KeyTransportAlgorithm) {
780         this.allowRSA15KeyTransportAlgorithm = allowRSA15KeyTransportAlgorithm;
781     }
782 
783     public Integer getDerivedKeyIterations() {
784         return derivedKeyIterations;
785     }
786 
787     public void setDerivedKeyIterations(Integer derivedKeyIterations) {
788         this.derivedKeyIterations = derivedKeyIterations;
789     }
790 
791     public boolean isUseDerivedKeyForMAC() {
792         return useDerivedKeyForMAC;
793     }
794 
795     public void setUseDerivedKeyForMAC(boolean useDerivedKeyForMAC) {
796         this.useDerivedKeyForMAC = useDerivedKeyForMAC;
797     }
798 
799     public boolean isAddUsernameTokenNonce() {
800         return addUsernameTokenNonce;
801     }
802 
803     public void setAddUsernameTokenNonce(boolean addUsernameTokenNonce) {
804         this.addUsernameTokenNonce = addUsernameTokenNonce;
805     }
806 
807     public boolean isAddUsernameTokenCreated() {
808         return addUsernameTokenCreated;
809     }
810 
811     public void setAddUsernameTokenCreated(boolean addUsernameTokenCreated) {
812         this.addUsernameTokenCreated = addUsernameTokenCreated;
813     }
814 
815     public CallbackHandler getSamlCallbackHandler() {
816         return samlCallbackHandler;
817     }
818 
819     public void setSamlCallbackHandler(CallbackHandler samlCallbackHandler) {
820         this.samlCallbackHandler = samlCallbackHandler;
821     }
822 
823     public boolean isValidateSamlSubjectConfirmation() {
824         return validateSamlSubjectConfirmation;
825     }
826 
827     public void setValidateSamlSubjectConfirmation(boolean validateSamlSubjectConfirmation) {
828         this.validateSamlSubjectConfirmation = validateSamlSubjectConfirmation;
829     }
830 
831     public boolean isMustUnderstand() {
832         return mustUnderstand;
833     }
834 
835     public void setMustUnderstand(boolean mustUnderstand) {
836         this.mustUnderstand = mustUnderstand;
837     }
838 
839     public boolean isIncludeSignatureToken() {
840         return includeSignatureToken;
841     }
842 
843     public void setIncludeSignatureToken(boolean includeSignatureToken) {
844         this.includeSignatureToken = includeSignatureToken;
845     }
846 
847     public boolean isIncludeEncryptionToken() {
848         return includeEncryptionToken;
849     }
850 
851     public void setIncludeEncryptionToken(boolean includeEncryptionToken) {
852         this.includeEncryptionToken = includeEncryptionToken;
853     }
854 
855     public boolean isEncryptSymmetricEncryptionKey() {
856         return encryptSymmetricEncrytionKey;
857     }
858 
859     public void setEncryptSymmetricEncryptionKey(boolean encryptSymmetricEncrytionKey) {
860         this.encryptSymmetricEncrytionKey = encryptSymmetricEncrytionKey;
861     }
862 
863     /**
864      * Set the Signature Subject Cert Constraints
865      */
866     public void setSubjectCertConstraints(Collection<Pattern> subjectCertConstraints) {
867         if (subjectCertConstraints != null) {
868             subjectDNPatterns.addAll(subjectCertConstraints);
869         }
870     }
871 
872     /**
873      * Get the Signature Subject Cert Constraints
874      */
875     public Collection<Pattern> getSubjectCertConstraints() {
876         return subjectDNPatterns;
877     }
878     /**
879      * Set the Signature Issuer Cert Constraints
880      */
881     public void setIssuerDNConstraints(Collection<Pattern> issuerDNPatterns) {
882         this.issuerDNPatterns = issuerDNPatterns;
883     }
884     /**
885      * Get the Signature Issuer Cert Constraints
886      */
887     public Collection<Pattern> getIssuerDNConstraints() {
888         return issuerDNPatterns;
889     }
890 
891 
892 
893     /**
894      * Set the Audience Restrictions
895      */
896     public void setAudienceRestrictions(List<String> audienceRestrictions) {
897         if (audienceRestrictions != null) {
898             this.audienceRestrictions.addAll(audienceRestrictions);
899         }
900     }
901 
902     /**
903      * Get the Audience Restrictions
904      */
905     public List<String> getAudienceRestrictions() {
906         return audienceRestrictions;
907     }
908 
909     public int getDerivedSignatureKeyLength() {
910         return derivedSignatureKeyLength;
911     }
912 
913     public void setDerivedSignatureKeyLength(int derivedSignatureKeyLength) {
914         this.derivedSignatureKeyLength = derivedSignatureKeyLength;
915     }
916 
917     public int getDerivedEncryptionKeyLength() {
918         return derivedEncryptionKeyLength;
919     }
920 
921     public void setDerivedEncryptionKeyLength(int derivedEncryptionKeyLength) {
922         this.derivedEncryptionKeyLength = derivedEncryptionKeyLength;
923     }
924 
925     public boolean isUse200512Namespace() {
926         return use200512Namespace;
927     }
928 
929     public void setUse200512Namespace(boolean use200512Namespace) {
930         this.use200512Namespace = use200512Namespace;
931     }
932 
933     public CallbackHandler getAttachmentCallbackHandler() {
934         return attachmentCallbackHandler;
935     }
936 
937     public void setAttachmentCallbackHandler(CallbackHandler attachmentCallbackHandler) {
938         this.attachmentCallbackHandler = attachmentCallbackHandler;
939     }
940 
941     public Object getMsgContext() {
942         return msgContext;
943     }
944 
945     public void setMsgContext(Object msgContext) {
946         this.msgContext = msgContext;
947     }
948 
949     public boolean isRequireTimestampExpires() {
950         return requireTimestampExpires;
951     }
952 
953     public void setRequireTimestampExpires(boolean requireTimestampExpires) {
954         this.requireTimestampExpires = requireTimestampExpires;
955     }
956 
957     public boolean isSoap12() {
958         return soap12;
959     }
960 
961     public void setSoap12(boolean soap12) {
962         this.soap12 = soap12;
963     }
964 
965     public DocumentCreator getDocumentCreator() {
966         return documentCreator;
967     }
968 
969     public void setDocumentCreator(DocumentCreator documentCreator) {
970         this.documentCreator = documentCreator;
971     }
972 }