org.apache.xml.security.resource.config.xml Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of xmlsec Show documentation
Show all versions of xmlsec Show documentation
Apache XML Security for Java supports XML-Signature Syntax and Processing,
W3C Recommendation 12 February 2002, and XML Encryption Syntax and
Processing, W3C Recommendation 10 December 2002. As of version 1.4,
the library supports the standard Java API JSR-105: XML Digital Signature APIs.
<?xml version="1.0"?> <!-- <!DOCTYPE Configuration SYSTEM "config.dtd"> --> <!-- This configuration file is used for configuration of the org.apache.xml.security package --> <Configuration target="org.apache.xml.security" xmlns="http://www.xmlsecurity.org/NS/#configuration"> <CanonicalizationMethods> <CanonicalizationMethod URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments" /> <CanonicalizationMethod URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments" /> <CanonicalizationMethod URI="http://www.w3.org/2001/10/xml-exc-c14n#" JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments"/> <CanonicalizationMethod URI="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments"/> <CanonicalizationMethod URI="http://www.w3.org/2006/12/xml-c14n11" JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments"/> <CanonicalizationMethod URI="http://www.w3.org/2006/12/xml-c14n11#WithComments" JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments"/> </CanonicalizationMethods> <TransformAlgorithms> <!-- Base64 --> <TransformAlgorithm URI="http://www.w3.org/2000/09/xmldsig#base64" JAVACLASS="org.apache.xml.security.transforms.implementations.TransformBase64Decode" /> <!-- c14n omitting comments --> <TransformAlgorithm URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14N" /> <!-- c14n with comments --> <TransformAlgorithm URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14NWithComments" /> <!-- c14n 1.1 omitting comments --> <TransformAlgorithm URI="http://www.w3.org/2006/12/xml-c14n11" JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14N11" /> <!-- c14n 1.1 with comments --> <TransformAlgorithm URI="http://www.w3.org/2006/12/xml-c14n11#WithComments" JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments" /> <!-- exclusive c14n omitting comments --> <TransformAlgorithm URI="http://www.w3.org/2001/10/xml-exc-c14n#" JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14NExclusive" /> <!-- exclusive c14n with comments --> <TransformAlgorithm URI="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments" /> <!-- XPath transform --> <TransformAlgorithm URI="http://www.w3.org/TR/1999/REC-xpath-19991116" JAVACLASS="org.apache.xml.security.transforms.implementations.TransformXPath" /> <!-- enveloped signature --> <TransformAlgorithm URI="http://www.w3.org/2000/09/xmldsig#enveloped-signature" JAVACLASS="org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature" /> <!-- XSLT --> <TransformAlgorithm URI="http://www.w3.org/TR/1999/REC-xslt-19991116" JAVACLASS="org.apache.xml.security.transforms.implementations.TransformXSLT" /> <!-- XPath version 2 --> <TransformAlgorithm URI="http://www.w3.org/2002/06/xmldsig-filter2" JAVACLASS="org.apache.xml.security.transforms.implementations.TransformXPath2Filter" /> </TransformAlgorithms> <SignatureAlgorithms> <SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1" JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureDSA" /> <SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1" JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1" /> <SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1" JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1" /> <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-md5" JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5" /> <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160" JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160" /> <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256" /> <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384" /> <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512" /> <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1" /> <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA256" /> <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA384" /> <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA512" /> <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5" JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5" /> <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160" JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160" /> <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256" JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256" /> <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384" JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384" /> <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512" JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512" /> </SignatureAlgorithms> <JCEAlgorithmMappings> <Algorithms> <!-- MessageDigest Algorithms --> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#md5" Description="MD5 message digest from RFC 1321" AlgorithmClass="MessageDigest" RequirementLevel="NOT RECOMMENDED" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="MD5"/> <Algorithm URI="http://www.w3.org/2001/04/xmlenc#ripemd160" Description="RIPEMD-160 message digest" AlgorithmClass="MessageDigest" RequirementLevel="OPTIONAL" JCEName="RIPEMD160"/> <Algorithm URI="http://www.w3.org/2000/09/xmldsig#sha1" Description="SHA-1 message digest" AlgorithmClass="MessageDigest" RequirementLevel="REQUIRED" JCEName="SHA-1"/> <Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha256" Description="SHA-1 message digest with 256 bit" AlgorithmClass="MessageDigest" RequirementLevel="RECOMMENDED" JCEName="SHA-256"/> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#sha384" Description="SHA message digest with 384 bit" AlgorithmClass="MessageDigest" RequirementLevel="OPTIONAL" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="SHA-384"/> <Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha512" Description="SHA-1 message digest with 512 bit" AlgorithmClass="MessageDigest" RequirementLevel="OPTIONAL" JCEName="SHA-512"/> <!-- Signature Algorithms --> <Algorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1" Description="Digital Signature Algorithm with SHA-1 message digest" AlgorithmClass="Signature" RequirementLevel="REQUIRED" JCEName="SHA1withDSA"/> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-md5" Description="RSA Signature with MD5 message digest" AlgorithmClass="Signature" RequirementLevel="NOT RECOMMENDED" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="MD5withRSA"/> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160" Description="RSA Signature with RIPEMD-160 message digest" AlgorithmClass="Signature" RequirementLevel="OPTIONAL" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="RIPEMD160withRSA"/> <Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1" Description="RSA Signature with SHA-1 message digest" AlgorithmClass="Signature" RequirementLevel="RECOMMENDED" JCEName="SHA1withRSA"/> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" Description="RSA Signature with SHA-256 message digest" AlgorithmClass="Signature" RequirementLevel="OPTIONAL" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="SHA256withRSA"/> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" Description="RSA Signature with SHA-384 message digest" AlgorithmClass="Signature" RequirementLevel="OPTIONAL" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="SHA384withRSA"/> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" Description="RSA Signature with SHA-512 message digest" AlgorithmClass="Signature" RequirementLevel="OPTIONAL" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="SHA512withRSA"/> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" Description="ECDSA Signature with SHA-1 message digest" AlgorithmClass="Signature" RequirementLevel="OPTIONAL" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="SHA1withECDSA"/> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" Description="ECDSA Signature with SHA-256 message digest" AlgorithmClass="Signature" RequirementLevel="OPTIONAL" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="SHA256withECDSA"/> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" Description="ECDSA Signature with SHA-384 message digest" AlgorithmClass="Signature" RequirementLevel="OPTIONAL" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="SHA384withECDSA"/> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" Description="ECDSA Signature with SHA-512 message digest" AlgorithmClass="Signature" RequirementLevel="OPTIONAL" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="SHA512withECDSA"/> <!-- MAC Algorithms --> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5" Description="Message Authentication code using MD5" AlgorithmClass="Mac" RequirementLevel="NOT RECOMMENDED" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="HmacMD5"/> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160" Description="Message Authentication code using RIPEMD-160" AlgorithmClass="Mac" RequirementLevel="OPTIONAL" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="HMACRIPEMD160"/> <Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1" Description="Message Authentication code using SHA1" AlgorithmClass="Mac" RequirementLevel="REQUIRED" JCEName="HmacSHA1"/> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256" Description="Message Authentication code using SHA-256" AlgorithmClass="Mac" RequirementLevel="OPTIONAL" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="HmacSHA256"/> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384" Description="Message Authentication code using SHA-384" AlgorithmClass="Mac" RequirementLevel="OPTIONAL" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="HmacSHA384"/> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512" Description="Message Authentication code using SHA-512" AlgorithmClass="Mac" RequirementLevel="OPTIONAL" SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" JCEName="HmacSHA512"/> <!-- Block encryption Algorithms --> <Algorithm URI="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" Description="Block encryption using Triple-DES" AlgorithmClass="BlockEncryption" RequirementLevel="REQUIRED" KeyLength="192" RequiredKey="DESede" JCEName="DESede/CBC/ISO10126Padding"/> <Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes128-cbc" Description="Block encryption using AES with a key length of 128 bit" AlgorithmClass="BlockEncryption" RequirementLevel="REQUIRED" KeyLength="128" RequiredKey="AES" JCEName="AES/CBC/ISO10126Padding"/> <Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes192-cbc" Description="Block encryption using AES with a key length of 192 bit" AlgorithmClass="BlockEncryption" RequirementLevel="OPTIONAL" KeyLength="192" RequiredKey="AES" JCEName="AES/CBC/ISO10126Padding"/> <Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes256-cbc" Description="Block encryption using AES with a key length of 256 bit" AlgorithmClass="BlockEncryption" RequirementLevel="REQUIRED" KeyLength="256" RequiredKey="AES" JCEName="AES/CBC/ISO10126Padding"/> <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes128-gcm" Description="Block encryption using AES with a key length of 128 bit in GCM" AlgorithmClass="BlockEncryption" RequirementLevel="OPTIONAL" KeyLength="128" RequiredKey="AES" JCEName="AES/GCM/NoPadding"/> <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes192-gcm" Description="Block encryption using AES with a key length of 192 bit in GCM" AlgorithmClass="BlockEncryption" RequirementLevel="OPTIONAL" KeyLength="192" RequiredKey="AES" JCEName="AES/GCM/NoPadding"/> <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes256-gcm" Description="Block encryption using AES with a key length of 256 bit in GCM" AlgorithmClass="BlockEncryption" RequirementLevel="OPTIONAL" KeyLength="256" RequiredKey="AES" JCEName="AES/GCM/NoPadding"/> <Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-1_5" Description="Key Transport RSA-v1.5" AlgorithmClass="KeyTransport" RequirementLevel="REQUIRED" RequiredKey="RSA" JCEName="RSA/ECB/PKCS1Padding"/> <Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" Description="Key Transport RSA-OAEP" AlgorithmClass="KeyTransport" RequirementLevel="REQUIRED" RequiredKey="RSA" JCEName="RSA/ECB/OAEPPadding"/> <Algorithm URI="http://www.w3.org/2009/xmlenc11#rsa-oaep" Description="Key Transport RSA-OAEP" AlgorithmClass="KeyTransport" RequirementLevel="OPTIONAL" RequiredKey="RSA" JCEName="RSA/ECB/OAEPPadding"/> <Algorithm URI="http://www.w3.org/2001/04/xmlenc#dh" Description="Key Agreement Diffie-Hellman" AlgorithmClass="KeyAgreement" RequirementLevel="OPTIONAL"/> <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-tripledes" Description="Symmetric Key Wrap using Triple DES" AlgorithmClass="SymmetricKeyWrap" RequirementLevel="REQUIRED" KeyLength="192" RequiredKey="DESede" JCEName="DESedeWrap"/> <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes128" Description="Symmetric Key Wrap using AES with a key length of 128 bit" AlgorithmClass="SymmetricKeyWrap" RequirementLevel="REQUIRED" KeyLength="128" RequiredKey="AES" JCEName="AESWrap"/> <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes192" Description="Symmetric Key Wrap using AES with a key length of 192 bit" AlgorithmClass="SymmetricKeyWrap" RequirementLevel="OPTIONAL" KeyLength="192" RequiredKey="AES" JCEName="AESWrap"/> <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes256" Description="Symmetric Key Wrap using AES with a key length of 256 bit" AlgorithmClass="SymmetricKeyWrap" RequirementLevel="REQUIRED" KeyLength="256" RequiredKey="AES" JCEName="AESWrap"/> </Algorithms> </JCEAlgorithmMappings> <ResourceBundles defaultLanguageCode="en" defaultCountryCode="US"/> <ResourceResolvers> <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP" DESCRIPTION="A simple resolver for requests to HTTP space" /> <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem" DESCRIPTION="A simple resolver for requests to the local file system" /> <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverFragment" DESCRIPTION="A simple resolver for requests of same-document URIs" /> <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverXPointer" DESCRIPTION="A simple resolver for requests of XPointer fragments" /> </ResourceResolvers> <KeyResolver> <!-- This section contains a list of KeyResolvers that are available in every KeyInfo object --> <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver" DESCRIPTION="Can extract RSA public keys" /> <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver" DESCRIPTION="Can extract DSA public keys" /> <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver" DESCRIPTION="Can extract public keys from X509 certificates" /> <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver" DESCRIPTION="Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate from the storages" /> <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver" DESCRIPTION="Resolves keys and certificates using ResourceResolvers" /> <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver" DESCRIPTION="Uses an X509 SubjectName to retrieve a certificate from the storages" /> <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver" DESCRIPTION="Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the storages" /> </KeyResolver> <PrefixMappings> <!-- Many classes create Elements which are in a specific namespace; here, the prefixes for these namespaces are defined. But this can also be overwritten using the ElementProxy#setDefaultPrefix() method. You can even set all prefixes to "" so that the corresponding elements are created using the default namespace --> <PrefixMapping namespace="http://www.w3.org/2000/09/xmldsig#" prefix="ds" /> <PrefixMapping namespace="http://www.w3.org/2001/04/xmlenc#" prefix="xenc" /> <PrefixMapping namespace="http://www.xmlsecurity.org/experimental#" prefix="experimental" /> <PrefixMapping namespace="http://www.w3.org/2002/04/xmldsig-filter2" prefix="dsig-xpath-old" /> <PrefixMapping namespace="http://www.w3.org/2002/06/xmldsig-filter2" prefix="dsig-xpath" /> <PrefixMapping namespace="http://www.w3.org/2001/10/xml-exc-c14n#" prefix="ec" /> <PrefixMapping namespace="http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter" prefix="xx" /> </PrefixMappings> </Configuration>