Package org.apache.cxf.rs.security.jose.common

Class JoseConstants

java.lang.Object
org.apache.cxf.rt.security.rs.RSSecurityConstants
org.apache.cxf.rs.security.jose.common.JoseConstants
public final class JoseConstants extends org.apache.cxf.rt.security.rs.RSSecurityConstants

  • Field Details

    • HEADER_TYPE

      public static final String HEADER_TYPE
      See Also:

    • HEADER_ALGORITHM

      public static final String HEADER_ALGORITHM
      See Also:

    • HEADER_CONTENT_TYPE

      public static final String HEADER_CONTENT_TYPE
      See Also:

    • HEADER_CRITICAL

      public static final String HEADER_CRITICAL
      See Also:

    • HEADER_KEY_ID

      public static final String HEADER_KEY_ID
      See Also:

    • HEADER_X509_URL

      public static final String HEADER_X509_URL
      See Also:

    • HEADER_X509_CHAIN

      public static final String HEADER_X509_CHAIN
      See Also:

    • HEADER_X509_THUMBPRINT

      public static final String HEADER_X509_THUMBPRINT
      See Also:

    • HEADER_X509_THUMBPRINT_SHA256

      public static final String HEADER_X509_THUMBPRINT_SHA256
      See Also:

    • HEADER_JSON_WEB_KEY

      public static final String HEADER_JSON_WEB_KEY
      See Also:

    • HEADER_JSON_WEB_KEY_SET

      public static final String HEADER_JSON_WEB_KEY_SET
      See Also:

    • JWE_HEADER_KEY_ENC_ALGORITHM

      public static final String JWE_HEADER_KEY_ENC_ALGORITHM
      See Also:

    • JWE_HEADER_CONTENT_ENC_ALGORITHM

      public static final String JWE_HEADER_CONTENT_ENC_ALGORITHM
      See Also:

    • JWE_HEADER_ZIP_ALGORITHM

      public static final String JWE_HEADER_ZIP_ALGORITHM
      See Also:

    • JWE_DEFLATE_ZIP_ALGORITHM

      public static final String JWE_DEFLATE_ZIP_ALGORITHM
      See Also:

    • JWS_HEADER_B64_STATUS_HEADER

      public static final String JWS_HEADER_B64_STATUS_HEADER
      See Also:

    • TYPE_JWT

      public static final String TYPE_JWT
      See Also:

    • TYPE_JOSE

      public static final String TYPE_JOSE
      See Also:

    • TYPE_JOSE_JSON

      public static final String TYPE_JOSE_JSON
      See Also:

    • MEDIA_TYPE_JOSE

      public static final String MEDIA_TYPE_JOSE
      See Also:

    • MEDIA_TYPE_JOSE_JSON

      public static final String MEDIA_TYPE_JOSE_JSON
      See Also:

    • JOSE_CONTEXT_PROPERTY

      public static final String JOSE_CONTEXT_PROPERTY
      See Also:

    • RSSEC_KEY_STORE_ALIASES

      public static final String RSSEC_KEY_STORE_ALIASES
      The keystore aliases corresponding to the keys to use, when using the JSON serialization form. You can append one of the following to this tag to get the alias for more specific operations: - jws.out - jws.in
      See Also:

    • RSSEC_ACCEPT_PUBLIC_KEY

      public static final String RSSEC_ACCEPT_PUBLIC_KEY
      Whether to allow using a JWK received in the header for signature validation. The default is "false".
      See Also:

    • RSSEC_KEY_STORE_JWKSET

      public static final String RSSEC_KEY_STORE_JWKSET
      TODO documentation for these
      See Also:

    • RSSEC_KEY_STORE_JWKKEY

      public static final String RSSEC_KEY_STORE_JWKKEY
      See Also:

    • RSSEC_SIGNATURE_KEY_PSWD_PROVIDER

      public static final String RSSEC_SIGNATURE_KEY_PSWD_PROVIDER
      A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys for signature. If this is not specified it falls back to use the RSSEC_KEY_PSWD_PROVIDER.
      See Also:

    • RSSEC_EC_CURVE

      public static final String RSSEC_EC_CURVE
      The EC Curve to use with EC keys loaded from Java Key Store. JWK EC Keys are expected to use a standard "crv" property instead.
      See Also:

    • RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY

      public static final String RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY
      Include the JWK public key for signature in the "jwk" header.
      See Also:

    • RSSEC_SIGNATURE_INCLUDE_CERT

      public static final String RSSEC_SIGNATURE_INCLUDE_CERT
      Include the X.509 certificate for signature in the "x5c" header.
      See Also:

    • RSSEC_SIGNATURE_INCLUDE_KEY_ID

      public static final String RSSEC_SIGNATURE_INCLUDE_KEY_ID
      Include the JWK key id for signature in the "kid" header.
      See Also:

    • RSSEC_SIGNATURE_INCLUDE_CERT_SHA1

      public static final String RSSEC_SIGNATURE_INCLUDE_CERT_SHA1
      Include the X.509 certificate SHA-1 digest for signature in the "x5t" header.
      See Also:

    • RSSEC_SIGNATURE_INCLUDE_CERT_SHA256

      public static final String RSSEC_SIGNATURE_INCLUDE_CERT_SHA256
      Include the X.509 certificate SHA-256 digest for signature in the "x5t#S256" header.
      See Also:

    • RSSEC_DECRYPTION_KEY_PSWD_PROVIDER

      public static final String RSSEC_DECRYPTION_KEY_PSWD_PROVIDER
      A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys for decryption. If this is not specified it falls back to use the RSSEC_KEY_PSWD_PROVIDER.
      See Also:

    • RSSEC_ENCRYPTION_CONTENT_ALGORITHM

      public static final String RSSEC_ENCRYPTION_CONTENT_ALGORITHM
      The encryption content algorithm to use. The default algorithm if not specified is 'A128GCM'.
      See Also:

    • RSSEC_ENCRYPTION_KEY_ALGORITHM

      public static final String RSSEC_ENCRYPTION_KEY_ALGORITHM
      The encryption key algorithm to use. The default algorithm if not specified is 'RSA-OAEP' if the key is an RSA key, and 'A128GCMKW' if it is an octet sequence.
      See Also:

    • RSSEC_ENCRYPTION_ZIP_ALGORITHM

      public static final String RSSEC_ENCRYPTION_ZIP_ALGORITHM
      The encryption zip algorithm to use.
      See Also:

    • RSSEC_ENCRYPTION_OUT_PROPS

      public static final String RSSEC_ENCRYPTION_OUT_PROPS
      The encryption properties file for encryption creation. If not specified then it falls back to RSSEC_ENCRYPTION_PROPS.
      See Also:

    • RSSEC_ENCRYPTION_IN_PROPS

      public static final String RSSEC_ENCRYPTION_IN_PROPS
      The decryption properties file for decryption. If not specified then it falls back to RSSEC_ENCRYPTION_PROPS.
      See Also:

    • RSSEC_ENCRYPTION_PROPS

      public static final String RSSEC_ENCRYPTION_PROPS
      The encryption/decryption properties file
      See Also:

    • RSSEC_ENCRYPTION_INCLUDE_PUBLIC_KEY

      public static final String RSSEC_ENCRYPTION_INCLUDE_PUBLIC_KEY
      Include the JWK public key for encryption in the "jwk" header.
      See Also:

    • RSSEC_ENCRYPTION_INCLUDE_CERT

      public static final String RSSEC_ENCRYPTION_INCLUDE_CERT
      Include the X.509 certificate for encryption the "x5c" header.
      See Also:

    • RSSEC_ENCRYPTION_INCLUDE_KEY_ID

      public static final String RSSEC_ENCRYPTION_INCLUDE_KEY_ID
      Include the JWK key id for encryption in the "kid" header.
      See Also:

    • RSSEC_ENCRYPTION_INCLUDE_CERT_SHA1

      public static final String RSSEC_ENCRYPTION_INCLUDE_CERT_SHA1
      Include the X.509 certificate SHA-1 digest for encryption in the "x5t" header.
      See Also:

    • RSSEC_ENCRYPTION_INCLUDE_CERT_SHA256

      public static final String RSSEC_ENCRYPTION_INCLUDE_CERT_SHA256
      Include the X.509 certificate SHA-256 digest for encryption in the "x5t#S256" header.
      See Also:

    • RSSEC_ENCRYPTION_PBES2_COUNT

      public static final String RSSEC_ENCRYPTION_PBES2_COUNT
      The value to be used for the "p2c" (PBES2 count) Header Parameter. The default is 4096.
      See Also:

    • RSSEC_DECRYPTION_MAX_PBES2_COUNT

      public static final String RSSEC_DECRYPTION_MAX_PBES2_COUNT
      The max value for the "p2c" (PBES2 count) Header Parameter used for decryption. The default is 1_000_000.
      See Also:

    • ENABLE_UNSIGNED_JWT_PRINCIPAL

      public static final String ENABLE_UNSIGNED_JWT_PRINCIPAL
      Whether to allow unsigned JWT tokens as SecurityContext Principals. The default is false.
      See Also:

    • JOSE_DEBUG

      public static final String JOSE_DEBUG
      Whether to trace JOSE headers.
      See Also: