Package org.apache.wss4j.stax.ext
Class WSSSecurityProperties
- java.lang.Object
-
- org.apache.xml.security.stax.ext.XMLSecurityProperties
-
- org.apache.wss4j.stax.ext.WSSSecurityProperties
-
public class WSSSecurityProperties extends org.apache.xml.security.stax.ext.XMLSecurityProperties
Main configuration class to supply keys etc. This class is subject to change in the future. Probably we will allow to configure the framework per WSDL
-
-
Constructor Summary
Constructors Constructor Description WSSSecurityProperties()
WSSSecurityProperties(WSSSecurityProperties wssSecurityProperties)
-
Method Summary
-
Methods inherited from class org.apache.xml.security.stax.ext.XMLSecurityProperties
addAction, addEncryptionPart, addInputProcessor, addKeyNameMapping, addSignaturePart, getActions, getAlgorithmParameterSpec, getDecryptionKey, getEncryptionKey, getEncryptionKeyIdentifier, getEncryptionKeyName, getEncryptionKeyTransportAlgorithm, getEncryptionKeyTransportDigestAlgorithm, getEncryptionKeyTransportMGFAlgorithm, getEncryptionKeyTransportOAEPParams, getEncryptionSecureParts, getEncryptionSymAlgorithm, getEncryptionTransportKey, getEncryptionUseThisCertificate, getIdAttributeNS, getInputProcessorList, getKeyNameMap, getSignatureAlgorithm, getSignatureCanonicalizationAlgorithm, getSignatureCerts, getSignatureDigestAlgorithm, getSignatureKey, getSignatureKeyIdentifier, getSignatureKeyIdentifiers, getSignatureKeyName, getSignaturePosition, getSignaturePositionQName, getSignatureSecureParts, getSignatureVerificationKey, isAddExcC14NInclusivePrefixes, isDisableSchemaValidation, isSignatureGenerateIds, isSignatureIncludeDigestTransform, isSignaturePositionStart, isSkipDocumentEvents, isUseSingleCert, setActions, setAddExcC14NInclusivePrefixes, setAlgorithmParameterSpec, setDecryptionKey, setDisableSchemaValidation, setEncryptionKey, setEncryptionKeyIdentifier, setEncryptionKeyName, setEncryptionKeyTransportAlgorithm, setEncryptionKeyTransportDigestAlgorithm, setEncryptionKeyTransportMGFAlgorithm, setEncryptionKeyTransportOAEPParams, setEncryptionSymAlgorithm, setEncryptionTransportKey, setEncryptionUseThisCertificate, setIdAttributeNS, setSignatureAlgorithm, setSignatureCanonicalizationAlgorithm, setSignatureCerts, setSignatureDigestAlgorithm, setSignatureGenerateIds, setSignatureIncludeDigestTransform, setSignatureKey, setSignatureKeyIdentifier, setSignatureKeyIdentifiers, setSignatureKeyName, setSignaturePosition, setSignaturePositionQName, setSignaturePositionStart, setSignatureVerificationKey, setSkipDocumentEvents, setUseSingleCert
-
-
-
-
Constructor Detail
-
WSSSecurityProperties
public WSSSecurityProperties()
-
WSSSecurityProperties
public WSSSecurityProperties(WSSSecurityProperties wssSecurityProperties)
-
-
Method Detail
-
getCallbackHandler
public CallbackHandler getCallbackHandler()
returns the password callback handler- Returns:
- the password callback handler
-
setCallbackHandler
public void setCallbackHandler(CallbackHandler callbackHandler)
sets the password callback handler- Parameters:
callbackHandler
- the password callback handler
-
getTimestampTTL
public Integer getTimestampTTL()
-
setTimestampTTL
public void setTimestampTTL(Integer timestampTTL)
-
isStrictTimestampCheck
public boolean isStrictTimestampCheck()
-
setStrictTimestampCheck
public void setStrictTimestampCheck(boolean strictTimestampCheck)
-
setHandleCustomPasswordTypes
public void setHandleCustomPasswordTypes(boolean handleCustomTypes)
- Parameters:
handleCustomTypes
- whether to handle custom UsernameToken password types or not
-
getHandleCustomPasswordTypes
public boolean getHandleCustomPasswordTypes()
- Returns:
- whether custom UsernameToken password types are allowed or not
-
getTokenUser
public String getTokenUser()
-
setTokenUser
public void setTokenUser(String tokenUser)
-
getUsernameTokenPasswordType
public WSSConstants.UsernameTokenPasswordType getUsernameTokenPasswordType()
-
setUsernameTokenPasswordType
public void setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType usernameTokenPasswordType)
-
isEnableSignatureConfirmationVerification
public boolean isEnableSignatureConfirmationVerification()
-
setEnableSignatureConfirmationVerification
public void setEnableSignatureConfirmationVerification(boolean enableSignatureConfirmationVerification)
-
isUseReqSigCertForEncryption
public boolean isUseReqSigCertForEncryption()
-
setUseReqSigCertForEncryption
public void setUseReqSigCertForEncryption(boolean useReqSigCertForEncryption)
-
getActor
public String getActor()
-
setActor
public void setActor(String actor)
-
getDerivedKeyKeyIdentifier
public org.apache.xml.security.stax.securityToken.SecurityTokenConstants.KeyIdentifier getDerivedKeyKeyIdentifier()
-
setDerivedKeyKeyIdentifier
public void setDerivedKeyKeyIdentifier(org.apache.xml.security.stax.securityToken.SecurityTokenConstants.KeyIdentifier derivedKeyKeyIdentifier)
-
getDerivedKeyTokenReference
public WSSConstants.DerivedKeyTokenReference getDerivedKeyTokenReference()
-
setDerivedKeyTokenReference
public void setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference derivedKeyTokenReference)
-
addIgnoreBSPRule
public void addIgnoreBSPRule(BSPRule bspRule)
-
setSignatureUser
public void setSignatureUser(String signatureUser)
-
getSignatureUser
public String getSignatureUser()
-
getSignatureKeyStore
public KeyStore getSignatureKeyStore()
-
loadSignatureKeyStore
public void loadSignatureKeyStore(URL url, char[] keyStorePassword) throws Exception
- Throws:
Exception
-
getSignatureCryptoProperties
public Properties getSignatureCryptoProperties()
-
setSignatureCryptoProperties
public void setSignatureCryptoProperties(Properties cryptoProperties)
-
setSignatureCryptoProperties
public void setSignatureCryptoProperties(Properties cryptoProperties, PasswordEncryptor passwordEncryptor)
-
setSignatureCryptoClass
public void setSignatureCryptoClass(Class<? extends Merlin> signatureCryptoClass)
-
getSignatureCrypto
public Crypto getSignatureCrypto() throws WSSConfigurationException
- Throws:
WSSConfigurationException
-
setSignatureCrypto
public void setSignatureCrypto(Crypto sigCrypto)
-
getSignatureVerificationKeyStore
public KeyStore getSignatureVerificationKeyStore()
-
loadSignatureVerificationKeystore
public void loadSignatureVerificationKeystore(URL url, char[] keyStorePassword) throws Exception
- Throws:
Exception
-
getSignatureVerificationCryptoProperties
public Properties getSignatureVerificationCryptoProperties()
-
setSignatureVerificationCryptoProperties
public void setSignatureVerificationCryptoProperties(Properties cryptoProperties)
-
setSignatureVerificationCryptoProperties
public void setSignatureVerificationCryptoProperties(Properties cryptoProperties, PasswordEncryptor passwordEncryptor)
-
getSignatureVerificationCryptoClass
public Class<? extends Merlin> getSignatureVerificationCryptoClass()
-
setSignatureVerificationCryptoClass
public void setSignatureVerificationCryptoClass(Class<? extends Merlin> signatureVerificationCryptoClass)
-
getSignatureVerificationCrypto
public Crypto getSignatureVerificationCrypto() throws WSSConfigurationException
- Throws:
WSSConfigurationException
-
setSignatureVerificationCrypto
public void setSignatureVerificationCrypto(Crypto sigVerCrypto)
-
getDecryptionKeyStore
public KeyStore getDecryptionKeyStore()
Returns the decryption keystore- Returns:
- A keystore for decryption operation
-
loadDecryptionKeystore
public void loadDecryptionKeystore(URL url, char[] keyStorePassword) throws Exception
loads a java keystore from the given url for decrypt operations- Parameters:
url
- The URL to the keystorekeyStorePassword
- The keyStorePassword- Throws:
Exception
- thrown if something goes wrong while loading the keystore
-
getDecryptionCryptoProperties
public Properties getDecryptionCryptoProperties()
-
setDecryptionCryptoProperties
public void setDecryptionCryptoProperties(Properties cryptoProperties)
-
setDecryptionCryptoProperties
public void setDecryptionCryptoProperties(Properties cryptoProperties, PasswordEncryptor passwordEncryptor)
-
getDecryptionCryptoClass
public Class<? extends Merlin> getDecryptionCryptoClass()
Returns the decryption crypto class- Returns:
- the decryption crypto class
-
setDecryptionCryptoClass
public void setDecryptionCryptoClass(Class<? extends Merlin> decryptionCryptoClass)
Sets a custom decryption class- Parameters:
decryptionCryptoClass
-
-
getDecryptionCrypto
public Crypto getDecryptionCrypto() throws WSSConfigurationException
returns the decryptionCrypto for the key-management- Returns:
- A Crypto instance
- Throws:
WSSConfigurationException
- thrown if something goes wrong
-
setDecryptionCrypto
public void setDecryptionCrypto(Crypto decCrypto)
-
getEncryptionKeyStore
public KeyStore getEncryptionKeyStore()
Returns the encryption keystore- Returns:
- A keystore for encryption operation
-
loadEncryptionKeystore
public void loadEncryptionKeystore(URL url, char[] keyStorePassword) throws Exception
loads a java keystore from the given url for encrypt operations- Parameters:
url
- The URL to the keystorekeyStorePassword
- The keyStorePassword- Throws:
Exception
- thrown if something goes wrong while loading the keystore
-
getEncryptionCryptoProperties
public Properties getEncryptionCryptoProperties()
-
setEncryptionCryptoProperties
public void setEncryptionCryptoProperties(Properties cryptoProperties)
-
setEncryptionCryptoProperties
public void setEncryptionCryptoProperties(Properties cryptoProperties, PasswordEncryptor passwordEncryptor)
-
getEncryptionCryptoClass
public Class<? extends Merlin> getEncryptionCryptoClass()
Returns the encryption crypto class- Returns:
- the encryption crypto class
-
setEncryptionCryptoClass
public void setEncryptionCryptoClass(Class<? extends Merlin> encryptionCryptoClass)
Sets a custom encryption class- Parameters:
encryptionCryptoClass
-
-
getEncryptionCrypto
public Crypto getEncryptionCrypto() throws WSSConfigurationException
returns the encryptionCrypto for the key-management- Returns:
- A Crypto instance
- Throws:
WSSConfigurationException
- thrown if something goes wrong
-
setEncryptionCrypto
public void setEncryptionCrypto(Crypto encCrypto)
-
getEncryptionUser
public String getEncryptionUser()
Returns the alias for the encryption key in the keystore- Returns:
- the alias for the encryption key in the keystore as string
-
setEncryptionUser
public void setEncryptionUser(String encryptionUser)
Specifies the the alias for the encryption key in the keystore- Parameters:
encryptionUser
- the the alias for the encryption key in the keystore as string
-
getEncryptionCompressionAlgorithm
public String getEncryptionCompressionAlgorithm()
-
setEncryptionCompressionAlgorithm
public void setEncryptionCompressionAlgorithm(String encryptionCompressionAlgorithm)
-
isAllowUsernameTokenNoPassword
public boolean isAllowUsernameTokenNoPassword()
-
setAllowUsernameTokenNoPassword
public void setAllowUsernameTokenNoPassword(boolean allowUsernameTokenNoPassword)
-
isEnableRevocation
public boolean isEnableRevocation()
-
setEnableRevocation
public void setEnableRevocation(boolean enableRevocation)
-
getCrlCertStore
public CertStore getCrlCertStore()
-
setCrlCertStore
public void setCrlCertStore(CertStore crlCertStore)
-
getTimeStampFutureTTL
public Integer getTimeStampFutureTTL()
-
setTimeStampFutureTTL
public void setTimeStampFutureTTL(Integer timeStampFutureTTL)
-
getUtTTL
public Integer getUtTTL()
-
setUtTTL
public void setUtTTL(Integer utTTL)
-
getUtFutureTTL
public Integer getUtFutureTTL()
-
setUtFutureTTL
public void setUtFutureTTL(Integer utFutureTTL)
-
setTimestampReplayCache
public void setTimestampReplayCache(ReplayCache newCache)
Set the replay cache for Timestamps
-
getTimestampReplayCache
public ReplayCache getTimestampReplayCache() throws WSSecurityException
Get the replay cache for Timestamps- Throws:
WSSecurityException
-
setNonceReplayCache
public void setNonceReplayCache(ReplayCache newCache)
Set the replay cache for Nonces
-
getNonceReplayCache
public ReplayCache getNonceReplayCache() throws WSSecurityException
Get the replay cache for Nonces- Throws:
WSSecurityException
-
setSamlOneTimeUseReplayCache
public void setSamlOneTimeUseReplayCache(ReplayCache newCache)
Set the replay cache for SAML2 OneTimeUse Assertions
-
getSamlOneTimeUseReplayCache
public ReplayCache getSamlOneTimeUseReplayCache() throws WSSecurityException
Get the replay cache for SAML2 OneTimeUse Assertions- Throws:
WSSecurityException
-
isDisableBSPEnforcement
public boolean isDisableBSPEnforcement()
-
setDisableBSPEnforcement
public void setDisableBSPEnforcement(boolean disableBSPEnforcement)
-
isAllowRSA15KeyTransportAlgorithm
public boolean isAllowRSA15KeyTransportAlgorithm()
-
setAllowRSA15KeyTransportAlgorithm
public void setAllowRSA15KeyTransportAlgorithm(boolean allowRSA15KeyTransportAlgorithm)
-
getDerivedKeyIterations
public Integer getDerivedKeyIterations()
-
setDerivedKeyIterations
public void setDerivedKeyIterations(Integer derivedKeyIterations)
-
isUseDerivedKeyForMAC
public boolean isUseDerivedKeyForMAC()
-
setUseDerivedKeyForMAC
public void setUseDerivedKeyForMAC(boolean useDerivedKeyForMAC)
-
isAddUsernameTokenNonce
public boolean isAddUsernameTokenNonce()
-
setAddUsernameTokenNonce
public void setAddUsernameTokenNonce(boolean addUsernameTokenNonce)
-
isAddUsernameTokenCreated
public boolean isAddUsernameTokenCreated()
-
setAddUsernameTokenCreated
public void setAddUsernameTokenCreated(boolean addUsernameTokenCreated)
-
getSamlCallbackHandler
public CallbackHandler getSamlCallbackHandler()
-
setSamlCallbackHandler
public void setSamlCallbackHandler(CallbackHandler samlCallbackHandler)
-
isValidateSamlSubjectConfirmation
public boolean isValidateSamlSubjectConfirmation()
-
setValidateSamlSubjectConfirmation
public void setValidateSamlSubjectConfirmation(boolean validateSamlSubjectConfirmation)
-
isMustUnderstand
public boolean isMustUnderstand()
-
setMustUnderstand
public void setMustUnderstand(boolean mustUnderstand)
-
isIncludeSignatureToken
public boolean isIncludeSignatureToken()
-
setIncludeSignatureToken
public void setIncludeSignatureToken(boolean includeSignatureToken)
-
isIncludeEncryptionToken
public boolean isIncludeEncryptionToken()
-
setIncludeEncryptionToken
public void setIncludeEncryptionToken(boolean includeEncryptionToken)
-
isEncryptSymmetricEncryptionKey
public boolean isEncryptSymmetricEncryptionKey()
-
setEncryptSymmetricEncryptionKey
public void setEncryptSymmetricEncryptionKey(boolean encryptSymmetricEncrytionKey)
-
setSubjectCertConstraints
public void setSubjectCertConstraints(Collection<Pattern> subjectCertConstraints)
Set the Signature Subject Cert Constraints
-
getSubjectCertConstraints
public Collection<Pattern> getSubjectCertConstraints()
Get the Signature Subject Cert Constraints
-
setIssuerDNConstraints
public void setIssuerDNConstraints(Collection<Pattern> issuerDNPatterns)
Set the Signature Issuer Cert Constraints
-
getIssuerDNConstraints
public Collection<Pattern> getIssuerDNConstraints()
Get the Signature Issuer Cert Constraints
-
setAudienceRestrictions
public void setAudienceRestrictions(List<String> audienceRestrictions)
Set the Audience Restrictions
-
getDerivedSignatureKeyLength
public int getDerivedSignatureKeyLength()
-
setDerivedSignatureKeyLength
public void setDerivedSignatureKeyLength(int derivedSignatureKeyLength)
-
getDerivedEncryptionKeyLength
public int getDerivedEncryptionKeyLength()
-
setDerivedEncryptionKeyLength
public void setDerivedEncryptionKeyLength(int derivedEncryptionKeyLength)
-
isUse200512Namespace
public boolean isUse200512Namespace()
-
setUse200512Namespace
public void setUse200512Namespace(boolean use200512Namespace)
-
getAttachmentCallbackHandler
public CallbackHandler getAttachmentCallbackHandler()
-
setAttachmentCallbackHandler
public void setAttachmentCallbackHandler(CallbackHandler attachmentCallbackHandler)
-
getMsgContext
public Object getMsgContext()
-
setMsgContext
public void setMsgContext(Object msgContext)
-
isRequireTimestampExpires
public boolean isRequireTimestampExpires()
-
setRequireTimestampExpires
public void setRequireTimestampExpires(boolean requireTimestampExpires)
-
isSoap12
public boolean isSoap12()
-
setSoap12
public void setSoap12(boolean soap12)
-
getDocumentCreator
public DocumentCreator getDocumentCreator()
-
setDocumentCreator
public void setDocumentCreator(DocumentCreator documentCreator)
-
-