Package com.helger.phase4.crypto

Enum ECryptoKeyIdentifierType

java.lang.Object

java.lang.Enum<ECryptoKeyIdentifierType>

com.helger.phase4.crypto.ECryptoKeyIdentifierType

All Implemented Interfaces:

com.helger.commons.id.IHasID<String>, Serializable, Comparable<ECryptoKeyIdentifierType>, java.lang.constant.Constable

public enum ECryptoKeyIdentifierType
extends Enum<ECryptoKeyIdentifierType>
implements com.helger.commons.id.IHasID<String>

Enumeration with all crypto key identification types (how the key identification is transmitted). Deprecated constants have been taken over deprecated.

Since:

0.11.0

Author:

Philip Helger

Nested Class Summary

Nested classes/interfaces inherited from class java.lang.Enum

Enum.EnumDesc<E extends Enum<E>>

Enum Constant Summary

Enum Constants

Enum Constant	Description
BST_DIRECT_REFERENCE	Send the signing certificate as a BinarySecurityToken.
CUSTOM_KEY_IDENTIFIER	CUSTOM_KEY_IDENTIFIER is used to set a KeyIdentifier to a particular ID The reference id and value type are set externally.
CUSTOM_SYMM_SIGNING	CUSTOM_SYMM_SIGNING is used internally only to set a specific Signature behavior.
CUSTOM_SYMM_SIGNING_DIRECT	CUSTOM_SYMM_SIGNING_DIRECT is used internally only to set a specific Signature behavior.
ENCRYPTED_KEY_SHA1_IDENTIFIER	ENCRYPTED_KEY_SHA1_IDENTIFIER is used to set the specific key identifier EncryptedKeySHA1.
ENDPOINT_KEY_IDENTIFIER	ENDPOINT_KEY_IDENTIFIER is used to specify service endpoint as public key identifier.
ISSUER_SERIAL	Send the issuer name and the serial number of a certificate to the receiver.
ISSUER_SERIAL_QUOTE_FORMAT	Sets the org.apache.wss4j.dom.message.WSSecSignature.build(Crypto) or the org.apache.wss4j.dom.message.WSSecEncrypt.build(Crypto, SecretKey) method to send the issuer name and the serial number of a certificate to the receiver. In contrast to BST_DIRECT_REFERENCE only the issuer name and the serial number of the signing certificate are sent to the receiver.
KEY_VALUE	KEY_VALUE is used to set a ds:KeyInfo/ds:KeyValue element to refer to either an RSA or DSA public key.
SKI_KEY_IDENTIFIER	Send a SubjectKeyIdentifier to identify the signing certificate.
THUMBPRINT_IDENTIFIER	THUMPRINT_IDENTIFIER is used to set the specific key identifier ThumbprintSHA1.
UT_SIGNING	UT_SIGNING is used internally only to set a specific Signature behavior.
X509_KEY_IDENTIFIER	Send the certificate used to encrypt the symmetric key.

Method Summary

Modifier and Type	Method	Description
static ECryptoKeyIdentifierType	getFromIDOrDefault(String sID, ECryptoKeyIdentifierType eDefault)
static ECryptoKeyIdentifierType	getFromIDOrNull(String sID)
static ECryptoKeyIdentifierType	getFromIDOrThrow(String sID)
static ECryptoKeyIdentifierType	getFromTypeIDOrNull(int nTypeID)
String	getID()	The String ID for usage in phase4.
int	getTypeID()
static ECryptoKeyIdentifierType	valueOf(String name)	Returns the enum constant of this type with the specified name.
static ECryptoKeyIdentifierType[]	values()	Returns an array containing the constants of this enum type, in the order they are declared.

Methods inherited from class java.lang.Enum

clone, compareTo, describeConstable, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Enum Constant Details

BST_DIRECT_REFERENCE

public static final ECryptoKeyIdentifierType BST_DIRECT_REFERENCE

Send the signing certificate as a BinarySecurityToken.
The signing method takes the signing certificate, converts it to a BinarySecurityToken, puts it in the security header, and inserts a Reference to the binary security token into the wsse:SecurityReferenceToken. Thus the whole signing certificate is transfered to the receiver. The X509 profile recommends to use ISSUER_SERIAL instead of sending the whole certificate.
Please refer to WS Security specification X509 1.1 profile, chapter 3.3.2 and to WS Security SOAP Message security 1.1 specification, chapter 7.2
Note: only local references to BinarySecurityToken are supported

ISSUER_SERIAL

public static final ECryptoKeyIdentifierType ISSUER_SERIAL

Send the issuer name and the serial number of a certificate to the receiver.
In contrast to BST_DIRECT_REFERENCE only the issuer name and the serial number of the signing certificate are sent to the receiver. This reduces the amount of data being sent. The encryption method uses the public key associated with this certificate to encrypt the symmetric key used to encrypt data.
Please refer to WS Security specification X509 1.1 profile, chapter 3.3.3

X509_KEY_IDENTIFIER

public static final ECryptoKeyIdentifierType X509_KEY_IDENTIFIER

Send the certificate used to encrypt the symmetric key.
The encryption method uses the public key associated with this certificate to encrypt the symmetric key used to encrypt data. The certificate is converted into a KeyIdentifier token and sent to the receiver. Thus the complete certificate data is transfered to receiver. The X509 profile recommends to use ISSUER_SERIAL instead of sending the whole certificate.
Please refer to WS Security SOAP Message security 1.1 specification, chapter 7.3. Note that this is a NON-STANDARD method. The standard way to refer to an X.509 Certificate via a KeyIdentifier is to use SKI_KEY_IDENTIFIER

SKI_KEY_IDENTIFIER

public static final ECryptoKeyIdentifierType SKI_KEY_IDENTIFIER

Send a SubjectKeyIdentifier to identify the signing certificate.
Refer to WS Security specification X509 1.1 profile, chapter 3.3.1

UT_SIGNING

public static final ECryptoKeyIdentifierType UT_SIGNING

UT_SIGNING is used internally only to set a specific Signature behavior. The signing token is constructed from values in the UsernameToken according to WS-Trust specification.

THUMBPRINT_IDENTIFIER

public static final ECryptoKeyIdentifierType THUMBPRINT_IDENTIFIER

THUMPRINT_IDENTIFIER is used to set the specific key identifier ThumbprintSHA1. This identifier uses the SHA-1 digest of a security token to identify the security token. Please refer to chapter 7.2 of the OASIS WSS 1.1 specification.

CUSTOM_SYMM_SIGNING

public static final ECryptoKeyIdentifierType CUSTOM_SYMM_SIGNING

CUSTOM_SYMM_SIGNING is used internally only to set a specific Signature behavior. The signing key, reference id and value type are set externally.

ENCRYPTED_KEY_SHA1_IDENTIFIER

public static final ECryptoKeyIdentifierType ENCRYPTED_KEY_SHA1_IDENTIFIER

ENCRYPTED_KEY_SHA1_IDENTIFIER is used to set the specific key identifier EncryptedKeySHA1. This identifier uses the SHA-1 digest of a security token to identify the security token. Please refer to chapter 7.3 of the OASIS WSS 1.1 specification.

CUSTOM_SYMM_SIGNING_DIRECT

public static final ECryptoKeyIdentifierType CUSTOM_SYMM_SIGNING_DIRECT

CUSTOM_SYMM_SIGNING_DIRECT is used internally only to set a specific Signature behavior. The signing key, reference id and value type are set externally.

CUSTOM_KEY_IDENTIFIER

public static final ECryptoKeyIdentifierType CUSTOM_KEY_IDENTIFIER

CUSTOM_KEY_IDENTIFIER is used to set a KeyIdentifier to a particular ID The reference id and value type are set externally.

KEY_VALUE

public static final ECryptoKeyIdentifierType KEY_VALUE

KEY_VALUE is used to set a ds:KeyInfo/ds:KeyValue element to refer to either an RSA or DSA public key.

ENDPOINT_KEY_IDENTIFIER

public static final ECryptoKeyIdentifierType ENDPOINT_KEY_IDENTIFIER

ENDPOINT_KEY_IDENTIFIER is used to specify service endpoint as public key identifier. Constant is useful in case of symmetric holder of key, where token service can determine target service public key to encrypt shared secret.

ISSUER_SERIAL_QUOTE_FORMAT

public static final ECryptoKeyIdentifierType ISSUER_SERIAL_QUOTE_FORMAT

Sets the org.apache.wss4j.dom.message.WSSecSignature.build(Crypto) or the org.apache.wss4j.dom.message.WSSecEncrypt.build(Crypto, SecretKey) method to send the issuer name and the serial number of a certificate to the receiver.
In contrast to BST_DIRECT_REFERENCE only the issuer name and the serial number of the signing certificate are sent to the receiver. This reduces the amount of data being sent. The encryption method uses the public key associated with this certificate to encrypt the symmetric key used to encrypt data. The issuer name format will use a quote delimited Rfc 2253 format if necessary which is recognized by the Microsoft's WCF stack. It also places a space before each subsequent RDN also required for WCF interoperability. In addition, this format is know to be correctly interpreted by Java.
Please refer to WS Security specification X509 1.1 profile, chapter 3.3.3

Method Details

values

public static ECryptoKeyIdentifierType[] values()

Returns an array containing the constants of this enum type, in the order they are declared.

Returns:

an array containing the constants of this enum type, in the order they are declared

valueOf

public static ECryptoKeyIdentifierType valueOf(String name)

Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)

Parameters:

name - the name of the enum constant to be returned.

Returns:

the enum constant with the specified name

Throws:

IllegalArgumentException - if this enum type has no constant with the specified name

NullPointerException - if the argument is null

getID

@Nonnull
@Nonempty
public String getID()

The String ID for usage in phase4.

Specified by:

getID in interface com.helger.commons.id.IHasID<String>

getTypeID

public int getTypeID()

Returns:

The WSS4J internal type ID.

getFromIDOrNull

@Nullable
public static ECryptoKeyIdentifierType getFromIDOrNull(@Nullable
 String sID)

getFromIDOrThrow

@Nonnull
public static ECryptoKeyIdentifierType getFromIDOrThrow(@Nullable
 String sID)

getFromIDOrDefault

@Nullable
public static ECryptoKeyIdentifierType getFromIDOrDefault(@Nullable
 String sID,
 @Nullable
 ECryptoKeyIdentifierType eDefault)

getFromTypeIDOrNull

@Nullable
public static ECryptoKeyIdentifierType getFromTypeIDOrNull(int nTypeID)