org.apache.xml.security.resource.config.xml Maven / Gradle / Ivy
The newest version!
<?xml version="1.0"?>
<!--
<!DOCTYPE Configuration SYSTEM "config.dtd">
-->
<!-- This configuration file is used for configuration of the org.apache.xml.security package -->
<Configuration target="org.apache.xml.security" xmlns="http://www.xmlsecurity.org/NS/#configuration">
<CanonicalizationMethods>
<CanonicalizationMethod URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments" />
<CanonicalizationMethod URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments" />
<CanonicalizationMethod URI="http://www.w3.org/2001/10/xml-exc-c14n#"
JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments"/>
<CanonicalizationMethod URI="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments"/>
<CanonicalizationMethod URI="http://www.w3.org/2006/12/xml-c14n11"
JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments"/>
<CanonicalizationMethod URI="http://www.w3.org/2006/12/xml-c14n11#WithComments"
JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments"/>
</CanonicalizationMethods>
<TransformAlgorithms>
<!-- Base64 -->
<TransformAlgorithm URI="http://www.w3.org/2000/09/xmldsig#base64"
JAVACLASS="org.apache.xml.security.transforms.implementations.TransformBase64Decode" />
<!-- c14n omitting comments -->
<TransformAlgorithm URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14N" />
<!-- c14n with comments -->
<TransformAlgorithm URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14NWithComments" />
<!-- c14n 1.1 omitting comments -->
<TransformAlgorithm URI="http://www.w3.org/2006/12/xml-c14n11"
JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14N11" />
<!-- c14n 1.1 with comments -->
<TransformAlgorithm URI="http://www.w3.org/2006/12/xml-c14n11#WithComments"
JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments" />
<!-- exclusive c14n omitting comments -->
<TransformAlgorithm URI="http://www.w3.org/2001/10/xml-exc-c14n#"
JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14NExclusive" />
<!-- exclusive c14n with comments -->
<TransformAlgorithm URI="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments" />
<!-- XPath transform -->
<TransformAlgorithm URI="http://www.w3.org/TR/1999/REC-xpath-19991116"
JAVACLASS="org.apache.xml.security.transforms.implementations.TransformXPath" />
<!-- enveloped signature -->
<TransformAlgorithm URI="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
JAVACLASS="org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature" />
<!-- XSLT -->
<TransformAlgorithm URI="http://www.w3.org/TR/1999/REC-xslt-19991116"
JAVACLASS="org.apache.xml.security.transforms.implementations.TransformXSLT" />
<!-- XPath version 2 -->
<TransformAlgorithm URI="http://www.w3.org/2002/06/xmldsig-filter2"
JAVACLASS="org.apache.xml.security.transforms.implementations.TransformXPath2Filter" />
</TransformAlgorithms>
<SignatureAlgorithms>
<SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"
JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureDSA" />
<SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1" />
<SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"
JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"
JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA256" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA384" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA512" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"
JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"
JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"
JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"
JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"
JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512" />
</SignatureAlgorithms>
<JCEAlgorithmMappings>
<Algorithms>
<!-- MessageDigest Algorithms -->
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#md5"
Description="MD5 message digest from RFC 1321"
AlgorithmClass="MessageDigest"
RequirementLevel="NOT RECOMMENDED"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="MD5"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#ripemd160"
Description="RIPEMD-160 message digest"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
JCEName="RIPEMD160"/>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#sha1"
Description="SHA-1 message digest"
AlgorithmClass="MessageDigest"
RequirementLevel="REQUIRED"
JCEName="SHA-1"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha256"
Description="SHA-1 message digest with 256 bit"
AlgorithmClass="MessageDigest"
RequirementLevel="RECOMMENDED"
JCEName="SHA-256"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#sha384"
Description="SHA message digest with 384 bit"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="SHA-384"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha512"
Description="SHA-1 message digest with 512 bit"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
JCEName="SHA-512"/>
<!-- Signature Algorithms -->
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"
Description="Digital Signature Algorithm with SHA-1 message digest"
AlgorithmClass="Signature"
RequirementLevel="REQUIRED"
JCEName="SHA1withDSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"
Description="RSA Signature with MD5 message digest"
AlgorithmClass="Signature"
RequirementLevel="NOT RECOMMENDED"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="MD5withRSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"
Description="RSA Signature with RIPEMD-160 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="RIPEMD160withRSA"/>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
Description="RSA Signature with SHA-1 message digest"
AlgorithmClass="Signature"
RequirementLevel="RECOMMENDED"
JCEName="SHA1withRSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
Description="RSA Signature with SHA-256 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="SHA256withRSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
Description="RSA Signature with SHA-384 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="SHA384withRSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
Description="RSA Signature with SHA-512 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="SHA512withRSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
Description="ECDSA Signature with SHA-1 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="SHA1withECDSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
Description="ECDSA Signature with SHA-256 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="SHA256withECDSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
Description="ECDSA Signature with SHA-384 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="SHA384withECDSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
Description="ECDSA Signature with SHA-512 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="SHA512withECDSA"/>
<!-- MAC Algorithms -->
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"
Description="Message Authentication code using MD5"
AlgorithmClass="Mac"
RequirementLevel="NOT RECOMMENDED"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="HmacMD5"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"
Description="Message Authentication code using RIPEMD-160"
AlgorithmClass="Mac"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="HMACRIPEMD160"/>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
Description="Message Authentication code using SHA1"
AlgorithmClass="Mac"
RequirementLevel="REQUIRED"
JCEName="HmacSHA1"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"
Description="Message Authentication code using SHA-256"
AlgorithmClass="Mac"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="HmacSHA256"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"
Description="Message Authentication code using SHA-384"
AlgorithmClass="Mac"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="HmacSHA384"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"
Description="Message Authentication code using SHA-512"
AlgorithmClass="Mac"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="HmacSHA512"/>
<!-- Block encryption Algorithms -->
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
Description="Block encryption using Triple-DES"
AlgorithmClass="BlockEncryption"
RequirementLevel="REQUIRED"
KeyLength="192"
RequiredKey="DESede"
JCEName="DESede/CBC/ISO10126Padding"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
Description="Block encryption using AES with a key length of 128 bit"
AlgorithmClass="BlockEncryption"
RequirementLevel="REQUIRED"
KeyLength="128"
RequiredKey="AES"
JCEName="AES/CBC/ISO10126Padding"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes192-cbc"
Description="Block encryption using AES with a key length of 192 bit"
AlgorithmClass="BlockEncryption"
RequirementLevel="OPTIONAL"
KeyLength="192"
RequiredKey="AES"
JCEName="AES/CBC/ISO10126Padding"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes256-cbc"
Description="Block encryption using AES with a key length of 256 bit"
AlgorithmClass="BlockEncryption"
RequirementLevel="REQUIRED"
KeyLength="256"
RequiredKey="AES"
JCEName="AES/CBC/ISO10126Padding"/>
<Algorithm URI="http://www.w3.org/2009/xmlenc11#aes128-gcm"
Description="Block encryption using AES with a key length of 128 bit in GCM"
AlgorithmClass="BlockEncryption"
RequirementLevel="OPTIONAL"
KeyLength="128"
RequiredKey="AES"
JCEName="AES/GCM/NoPadding"/>
<Algorithm URI="http://www.w3.org/2009/xmlenc11#aes192-gcm"
Description="Block encryption using AES with a key length of 192 bit in GCM"
AlgorithmClass="BlockEncryption"
RequirementLevel="OPTIONAL"
KeyLength="192"
RequiredKey="AES"
JCEName="AES/GCM/NoPadding"/>
<Algorithm URI="http://www.w3.org/2009/xmlenc11#aes256-gcm"
Description="Block encryption using AES with a key length of 256 bit in GCM"
AlgorithmClass="BlockEncryption"
RequirementLevel="OPTIONAL"
KeyLength="256"
RequiredKey="AES"
JCEName="AES/GCM/NoPadding"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
Description="Key Transport RSA-v1.5"
AlgorithmClass="KeyTransport"
RequirementLevel="REQUIRED"
RequiredKey="RSA"
JCEName="RSA/ECB/PKCS1Padding"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
Description="Key Transport RSA-OAEP"
AlgorithmClass="KeyTransport"
RequirementLevel="REQUIRED"
RequiredKey="RSA"
JCEName="RSA/ECB/OAEPPadding"/>
<Algorithm URI="http://www.w3.org/2009/xmlenc11#rsa-oaep"
Description="Key Transport RSA-OAEP"
AlgorithmClass="KeyTransport"
RequirementLevel="OPTIONAL"
RequiredKey="RSA"
JCEName="RSA/ECB/OAEPPadding"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#dh"
Description="Key Agreement Diffie-Hellman"
AlgorithmClass="KeyAgreement"
RequirementLevel="OPTIONAL"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-tripledes"
Description="Symmetric Key Wrap using Triple DES"
AlgorithmClass="SymmetricKeyWrap"
RequirementLevel="REQUIRED"
KeyLength="192"
RequiredKey="DESede"
JCEName="DESedeWrap"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes128"
Description="Symmetric Key Wrap using AES with a key length of 128 bit"
AlgorithmClass="SymmetricKeyWrap"
RequirementLevel="REQUIRED"
KeyLength="128"
RequiredKey="AES"
JCEName="AESWrap"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes192"
Description="Symmetric Key Wrap using AES with a key length of 192 bit"
AlgorithmClass="SymmetricKeyWrap"
RequirementLevel="OPTIONAL"
KeyLength="192"
RequiredKey="AES"
JCEName="AESWrap"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes256"
Description="Symmetric Key Wrap using AES with a key length of 256 bit"
AlgorithmClass="SymmetricKeyWrap"
RequirementLevel="REQUIRED"
KeyLength="256"
RequiredKey="AES"
JCEName="AESWrap"/>
</Algorithms>
</JCEAlgorithmMappings>
<ResourceBundles defaultLanguageCode="en" defaultCountryCode="US"/>
<ResourceResolvers>
<Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP"
DESCRIPTION="A simple resolver for requests to HTTP space" />
<Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem"
DESCRIPTION="A simple resolver for requests to the local file system" />
<Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverFragment"
DESCRIPTION="A simple resolver for requests of same-document URIs" />
<Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverXPointer"
DESCRIPTION="A simple resolver for requests of XPointer fragments" />
</ResourceResolvers>
<KeyResolver>
<!-- This section contains a list of KeyResolvers that are available in
every KeyInfo object -->
<Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver"
DESCRIPTION="Can extract RSA public keys" />
<Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver"
DESCRIPTION="Can extract DSA public keys" />
<Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver"
DESCRIPTION="Can extract public keys from X509 certificates" />
<Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver"
DESCRIPTION="Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate from the storages" />
<Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver"
DESCRIPTION="Resolves keys and certificates using ResourceResolvers" />
<Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver"
DESCRIPTION="Uses an X509 SubjectName to retrieve a certificate from the storages" />
<Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver"
DESCRIPTION="Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the storages" />
</KeyResolver>
<PrefixMappings>
<!-- Many classes create Elements which are in a specific namespace;
here, the prefixes for these namespaces are defined. But this
can also be overwritten using the ElementProxy#setDefaultPrefix()
method. You can even set all prefixes to "" so that the corresponding
elements are created using the default namespace -->
<PrefixMapping namespace="http://www.w3.org/2000/09/xmldsig#"
prefix="ds" />
<PrefixMapping namespace="http://www.w3.org/2001/04/xmlenc#"
prefix="xenc" />
<PrefixMapping namespace="http://www.xmlsecurity.org/experimental#"
prefix="experimental" />
<PrefixMapping namespace="http://www.w3.org/2002/04/xmldsig-filter2"
prefix="dsig-xpath-old" />
<PrefixMapping namespace="http://www.w3.org/2002/06/xmldsig-filter2"
prefix="dsig-xpath" />
<PrefixMapping namespace="http://www.w3.org/2001/10/xml-exc-c14n#"
prefix="ec" />
<PrefixMapping namespace="http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter"
prefix="xx" />
</PrefixMappings>
</Configuration>