View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.dom.handler;
21  
22  import java.security.Provider;
23  import java.security.cert.Certificate;
24  import java.util.ArrayList;
25  import java.util.Collection;
26  import java.util.LinkedList;
27  import java.util.List;
28  import java.util.Map;
29  import java.util.regex.Pattern;
30  
31  import javax.security.auth.callback.CallbackHandler;
32  import javax.xml.namespace.QName;
33  
34  import org.apache.wss4j.common.ConfigurationConstants;
35  import org.apache.wss4j.common.EncryptionActionToken;
36  import org.apache.wss4j.common.SignatureActionToken;
37  import org.apache.wss4j.common.bsp.BSPEnforcer;
38  import org.apache.wss4j.common.bsp.BSPRule;
39  import org.apache.wss4j.common.cache.ReplayCache;
40  import org.apache.wss4j.common.crypto.AlgorithmSuite;
41  import org.apache.wss4j.common.crypto.Crypto;
42  import org.apache.wss4j.common.crypto.PasswordEncryptor;
43  import org.apache.wss4j.common.ext.WSSecurityException;
44  import org.apache.wss4j.dom.SOAPConstants;
45  import org.apache.wss4j.dom.WSConstants;
46  import org.apache.wss4j.dom.WSDocInfo;
47  import org.apache.wss4j.dom.engine.WSSConfig;
48  import org.apache.wss4j.dom.message.WSSecHeader;
49  import org.apache.wss4j.dom.validate.Validator;
50  import org.apache.xml.security.encryption.Serializer;
51  
52  /**
53   * This class holds per request data.
54   */
55  public class RequestData {
56  
57      private Object msgContext;
58      private SOAPConstants soapConstants;
59      private String actor;
60      private String username;
61      private String pwType = WSConstants.PASSWORD_DIGEST; // Make this the default when no password type is given.
62      private Crypto sigVerCrypto;
63      private Crypto decCrypto;
64      private SignatureActionToken signatureToken;
65      private EncryptionActionToken encryptionToken;
66      private WSSConfig wssConfig;
67      private List<byte[]> signatureValues = new ArrayList<>();
68      private WSSecHeader secHeader;
69      private int derivedKeyIterations = 1000;
70      private boolean useDerivedKeyForMAC = true;
71      private CallbackHandler callback;
72      private CallbackHandler attachmentCallbackHandler;
73      private boolean enableRevocation;
74      private boolean requireSignedEncryptedDataElements;
75      private ReplayCache timestampReplayCache;
76      private ReplayCache nonceReplayCache;
77      private ReplayCache samlOneTimeUseReplayCache;
78      private Collection<Pattern> subjectDNPatterns = new ArrayList<>();
79      private Collection<Pattern> issuerDNPatterns = new ArrayList<>();
80      private final List<BSPRule> ignoredBSPRules = new LinkedList<>();
81      private boolean appendSignatureAfterTimestamp;
82      private int originalSignatureActionPosition;
83      private AlgorithmSuite algorithmSuite;
84      private AlgorithmSuite samlAlgorithmSuite;
85      private boolean disableBSPEnforcement;
86      private boolean allowRSA15KeyTransportAlgorithm;
87      private boolean addUsernameTokenNonce;
88      private boolean addUsernameTokenCreated;
89      private Certificate[] tlsCerts;
90      private PasswordEncryptor passwordEncryptor;
91      private String derivedKeyTokenReference;
92      private boolean use200512Namespace = true;
93      private final List<String> audienceRestrictions = new ArrayList<>();
94      private boolean requireTimestampExpires;
95      private boolean storeBytesInAttachment;
96      private Serializer encryptionSerializer;
97      private WSDocInfo wsDocInfo;
98      private Provider signatureProvider;
99  
100     /**
101      * Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod
102      * child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS.
103      * The default is true.
104      */
105     private boolean addInclusivePrefixes = true;
106 
107     /**
108      * Set the timestamp precision mode. If set to <code>true</code> then use
109      * timestamps with milliseconds, otherwise omit the milliseconds. As per XML
110      * Date/Time specification the default is to include the milliseconds.
111      */
112     private boolean precisionInMilliSeconds = true;
113 
114     private boolean enableSignatureConfirmation;
115 
116     /**
117      * If set to true then the timestamp handling will throw an exception if the
118      * timestamp contains an expires element and the semantics are expired.
119      *
120      * If set to false, no exception will be thrown, even if the semantics are
121      * expired.
122      */
123     private boolean timeStampStrict = true;
124 
125     /**
126      * If this value is not null, then username token handling will throw an
127      * exception if the password type of the Username Token does not match this value
128      */
129     private String requiredPasswordType;
130 
131     /**
132      * This variable controls whether a UsernameToken with no password element is allowed.
133      * The default value is "false". Set it to "true" to allow deriving keys from UsernameTokens
134      * or to support UsernameTokens for purposes other than authentication.
135      */
136     private boolean allowUsernameTokenNoPassword;
137 
138     /**
139      * The time in seconds between creation and expiry for a Timestamp. The default
140      * is 300 seconds (5 minutes).
141      */
142     private int timeStampTTL = 300;
143 
144     /**
145      * The time in seconds in the future within which the Created time of an incoming
146      * Timestamp is valid. The default is 60 seconds.
147      */
148     private int timeStampFutureTTL = 60;
149 
150     /**
151      * The time in seconds between creation and expiry for a UsernameToken Created
152      * element. The default is 300 seconds (5 minutes).
153      */
154     private int utTTL = 300;
155 
156     /**
157      * The time in seconds in the future within which the Created time of an incoming
158      * UsernameToken is valid. The default is 60 seconds.
159      */
160     private int utFutureTTL = 60;
161 
162     /**
163      * This variable controls whether types other than PasswordDigest or PasswordText
164      * are allowed when processing UsernameTokens.
165      *
166      * By default this is set to false so that the user doesn't have to explicitly
167      * reject custom token types in the callback handler.
168      */
169     private boolean handleCustomPasswordTypes;
170 
171     /**
172      * This variable controls whether (wsse) namespace qualified password types are
173      * accepted when processing UsernameTokens.
174      *
175      * By default this is set to false.
176      */
177     private boolean allowNamespaceQualifiedPasswordTypes;
178 
179     /**
180      * Whether the password should be treated as a binary value.  This
181      * is needed to properly handle password equivalence for UsernameToken
182      * passwords.  Binary passwords are Base64 encoded so they can be
183      * treated as strings in most places, but when the password digest
184      * is calculated or a key is derived from the password, the password
185      * will be Base64 decoded before being used. This is most useful for
186      * hashed passwords as password equivalents.
187      *
188      * See https://issues.apache.org/jira/browse/WSS-239
189      */
190     private boolean encodePasswords;
191 
192     /**
193      * Whether to validate the SubjectConfirmation requirements of a received SAML Token
194      * (sender-vouches or holder-of-key). The default is true.
195      */
196     private boolean validateSamlSubjectConfirmation = true;
197 
198     private boolean expandXopInclude;
199 
200     public Object getMsgContext() {
201         return msgContext;
202     }
203 
204     public void setMsgContext(Object msgContext) {
205         this.msgContext = msgContext;
206     }
207 
208     public SOAPConstants getSoapConstants() {
209         return soapConstants;
210     }
211 
212     public void setSoapConstants(SOAPConstants soapConstants) {
213         this.soapConstants = soapConstants;
214     }
215 
216     public String getActor() {
217         return actor;
218     }
219 
220     public void setActor(String actor) {
221         this.actor = actor;
222     }
223 
224     public String getUsername() {
225         return username;
226     }
227 
228     public void setUsername(String username) {
229         this.username = username;
230     }
231 
232     public String getPwType() {
233         return pwType;
234     }
235 
236     public void setPwType(String pwType) {
237         this.pwType = pwType;
238     }
239 
240     public Crypto getSigVerCrypto() {
241         return sigVerCrypto;
242     }
243 
244     public void setSigVerCrypto(Crypto sigVerCrypto) {
245         this.sigVerCrypto = sigVerCrypto;
246     }
247 
248     public Crypto getDecCrypto() {
249         return decCrypto;
250     }
251 
252     public void setDecCrypto(Crypto decCrypto) {
253         this.decCrypto = decCrypto;
254     }
255 
256     /**
257      * @return Returns the wssConfig.
258      */
259     public WSSConfig getWssConfig() {
260         return wssConfig;
261     }
262 
263     /**
264      * @param wssConfig The wssConfig to set.
265      */
266     public void setWssConfig(WSSConfig wssConfig) {
267         this.wssConfig = wssConfig;
268     }
269 
270     /**
271      * @return Returns the list of stored signature values.
272      */
273     public List<byte[]> getSignatureValues() {
274         return signatureValues;
275     }
276 
277     /**
278      * @return Returns the secHeader.
279      */
280     public WSSecHeader getSecHeader() {
281         return secHeader;
282     }
283 
284     /**
285      * @param secHeader The secHeader to set.
286      */
287     public void setSecHeader(WSSecHeader secHeader) {
288         this.secHeader = secHeader;
289     }
290 
291     /**
292      * Set the derived key iterations. Default is 1000.
293      * @param iterations The number of iterations to use when deriving a key
294      */
295     public void setDerivedKeyIterations(int iterations) {
296         derivedKeyIterations = iterations;
297     }
298 
299     /**
300      * Get the derived key iterations.
301      * @return The number of iterations to use when deriving a key
302      */
303     public int getDerivedKeyIterations() {
304         return derivedKeyIterations;
305     }
306 
307     /**
308      * Whether to use the derived key for a MAC.
309      * @param useMac Whether to use the derived key for a MAC.
310      */
311     public void setUseDerivedKeyForMAC(boolean useMac) {
312         useDerivedKeyForMAC = useMac;
313     }
314 
315     /**
316      * Whether to use the derived key for a MAC.
317      * @return Whether to use the derived key for a MAC.
318      */
319     public boolean isUseDerivedKeyForMAC() {
320         return useDerivedKeyForMAC;
321     }
322 
323     /**
324      * Set whether to enable CRL checking or not when verifying trust in a certificate.
325      * @param enableRevocation whether to enable CRL checking
326      */
327     public void setEnableRevocation(boolean enableRevocation) {
328         this.enableRevocation = enableRevocation;
329     }
330 
331     /**
332      * Get whether to enable CRL checking or not when verifying trust in a certificate.
333      * @return whether to enable CRL checking
334      */
335     public boolean isRevocationEnabled() {
336         return enableRevocation;
337     }
338 
339     /**
340      * @return whether EncryptedData elements are required to be signed
341      */
342     public boolean isRequireSignedEncryptedDataElements() {
343         return requireSignedEncryptedDataElements;
344     }
345 
346     /**
347      * Configure the engine to verify that EncryptedData elements
348      * are in a signed subtree of the document. This can be used to
349      * prevent some wrapping based attacks when encrypt-before-sign
350      * token protection is selected.
351      *
352      * @param requireSignedEncryptedDataElements
353      */
354     public void setRequireSignedEncryptedDataElements(boolean requireSignedEncryptedDataElements) {
355         this.requireSignedEncryptedDataElements = requireSignedEncryptedDataElements;
356     }
357 
358     /**
359      * Sets the CallbackHandler used for this request
360      * @param cb
361      */
362     public void setCallbackHandler(CallbackHandler cb) {
363         callback = cb;
364     }
365 
366     /**
367      * Returns the CallbackHandler used for this request.
368      * @return the CallbackHandler used for this request.
369      */
370     public CallbackHandler getCallbackHandler() {
371         return callback;
372     }
373 
374     public CallbackHandler getAttachmentCallbackHandler() {
375         return attachmentCallbackHandler;
376     }
377 
378     public void setAttachmentCallbackHandler(CallbackHandler attachmentCallbackHandler) {
379         this.attachmentCallbackHandler = attachmentCallbackHandler;
380     }
381 
382     /**
383      * Get the Validator instance corresponding to the QName
384      * @param qName the QName with which to find a Validator instance
385      * @return the Validator instance corresponding to the QName
386      * @throws WSSecurityException
387      */
388     public Validator getValidator(QName qName) throws WSSecurityException {
389         // Check the custom Validator Map first
390         if (getMsgContext() instanceof Map<?,?>) {
391             @SuppressWarnings("unchecked")
392             Map<QName, Validator> validatorMap =
393                 (Map<QName, Validator>)((Map<?,?>)getMsgContext()).get(ConfigurationConstants.VALIDATOR_MAP);
394             if (validatorMap != null && validatorMap.containsKey(qName)) {
395                 return validatorMap.get(qName);
396             }
397         }
398         if (wssConfig != null)  {
399             return wssConfig.getValidator(qName);
400         }
401         return null;
402     }
403 
404     /**
405      * Set the replay cache for Timestamps
406      */
407     public void setTimestampReplayCache(ReplayCache newCache) {
408         timestampReplayCache = newCache;
409     }
410 
411     /**
412      * Get the replay cache for Timestamps
413      * @throws WSSecurityException
414      */
415     public ReplayCache getTimestampReplayCache() throws WSSecurityException {
416         return timestampReplayCache;
417     }
418 
419     /**
420      * Set the replay cache for Nonces
421      */
422     public void setNonceReplayCache(ReplayCache newCache) {
423         nonceReplayCache = newCache;
424     }
425 
426     /**
427      * Get the replay cache for Nonces
428      * @throws WSSecurityException
429      */
430     public ReplayCache getNonceReplayCache() throws WSSecurityException {
431         return nonceReplayCache;
432     }
433 
434     /**
435      * Set the replay cache for SAML2 OneTimeUse Assertions
436      */
437     public void setSamlOneTimeUseReplayCache(ReplayCache newCache) {
438         samlOneTimeUseReplayCache = newCache;
439     }
440 
441     /**
442      * Get the replay cache for SAML2 OneTimeUse Assertions
443      * @throws WSSecurityException
444      */
445     public ReplayCache getSamlOneTimeUseReplayCache() throws WSSecurityException {
446         return samlOneTimeUseReplayCache;
447     }
448 
449     /**
450      * Set the Signature Subject Cert Constraints
451      */
452     public void setSubjectCertConstraints(Collection<Pattern> subjectCertConstraints) {
453         if (subjectCertConstraints != null) {
454             subjectDNPatterns.addAll(subjectCertConstraints);
455         }
456     }
457 
458     /**
459      * Get the Signature Subject Cert Constraints
460      */
461     public Collection<Pattern> getSubjectCertConstraints() {
462         return subjectDNPatterns;
463     }
464 
465     /**
466      * Get the Signature Issuer DN Cert Constraints
467      * @return
468      */
469     public Collection<Pattern> getIssuerDNPatterns() {
470         return issuerDNPatterns;
471     }
472     /**
473      * Set the Signature Issuer DN Cert Constraints
474      *
475      */
476     public void setIssuerDNPatterns(Collection<Pattern> issuerDNPatterns) {
477         this.issuerDNPatterns = issuerDNPatterns;
478     }
479 
480     /**
481      * Set the Audience Restrictions
482      */
483     public void setAudienceRestrictions(List<String> audienceRestrictions) {
484         if (audienceRestrictions != null) {
485             this.audienceRestrictions.addAll(audienceRestrictions);
486         }
487     }
488 
489     /**
490      * Get the Audience Restrictions
491      */
492     public List<String> getAudienceRestrictions() {
493         return audienceRestrictions;
494     }
495 
496     public void setIgnoredBSPRules(List<BSPRule> bspRules) {
497         ignoredBSPRules.clear();
498         ignoredBSPRules.addAll(bspRules);
499     }
500 
501     public BSPEnforcer getBSPEnforcer() {
502         if (disableBSPEnforcement) {
503             return new BSPEnforcer(true);
504         }
505         return new BSPEnforcer(ignoredBSPRules);
506     }
507 
508     public boolean isAppendSignatureAfterTimestamp() {
509         return appendSignatureAfterTimestamp;
510     }
511 
512     public void setAppendSignatureAfterTimestamp(boolean appendSignatureAfterTimestamp) {
513         this.appendSignatureAfterTimestamp = appendSignatureAfterTimestamp;
514     }
515 
516     public AlgorithmSuite getAlgorithmSuite() {
517         return algorithmSuite;
518     }
519 
520     public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
521         this.algorithmSuite = algorithmSuite;
522     }
523 
524     public AlgorithmSuite getSamlAlgorithmSuite() {
525         return samlAlgorithmSuite;
526     }
527 
528     public void setSamlAlgorithmSuite(AlgorithmSuite samlAlgorithmSuite) {
529         this.samlAlgorithmSuite = samlAlgorithmSuite;
530     }
531 
532     public int getOriginalSignatureActionPosition() {
533         return originalSignatureActionPosition;
534     }
535 
536     public void setOriginalSignatureActionPosition(int originalSignatureActionPosition) {
537         this.originalSignatureActionPosition = originalSignatureActionPosition;
538     }
539 
540     public boolean isDisableBSPEnforcement() {
541         return disableBSPEnforcement;
542     }
543 
544     public void setDisableBSPEnforcement(boolean disableBSPEnforcement) {
545         this.disableBSPEnforcement = disableBSPEnforcement;
546     }
547 
548     public boolean isAllowRSA15KeyTransportAlgorithm() {
549         return allowRSA15KeyTransportAlgorithm;
550     }
551 
552     public void setAllowRSA15KeyTransportAlgorithm(boolean allowRSA15KeyTransportAlgorithm) {
553         this.allowRSA15KeyTransportAlgorithm = allowRSA15KeyTransportAlgorithm;
554     }
555 
556     public Certificate[] getTlsCerts() {
557         return tlsCerts;
558     }
559 
560     public void setTlsCerts(Certificate[] tlsCerts) {
561         this.tlsCerts = tlsCerts;
562     }
563 
564     public PasswordEncryptor getPasswordEncryptor() {
565         return passwordEncryptor;
566     }
567 
568     public void setPasswordEncryptor(PasswordEncryptor passwordEncryptor) {
569         this.passwordEncryptor = passwordEncryptor;
570     }
571 
572     public SignatureActionToken getSignatureToken() {
573         return signatureToken;
574     }
575 
576     public void setSignatureToken(SignatureActionToken signatureToken) {
577         this.signatureToken = signatureToken;
578     }
579 
580     public EncryptionActionToken getEncryptionToken() {
581         return encryptionToken;
582     }
583 
584     public void setEncryptionToken(EncryptionActionToken encryptionToken) {
585         this.encryptionToken = encryptionToken;
586     }
587 
588     public String getDerivedKeyTokenReference() {
589         return derivedKeyTokenReference;
590     }
591 
592     public void setDerivedKeyTokenReference(String derivedKeyTokenReference) {
593         this.derivedKeyTokenReference = derivedKeyTokenReference;
594     }
595 
596     public boolean isUse200512Namespace() {
597         return use200512Namespace;
598     }
599 
600     public void setUse200512Namespace(boolean use200512Namespace) {
601         this.use200512Namespace = use200512Namespace;
602     }
603 
604     public boolean isRequireTimestampExpires() {
605         return requireTimestampExpires;
606     }
607 
608     public void setRequireTimestampExpires(boolean requireTimestampExpires) {
609         this.requireTimestampExpires = requireTimestampExpires;
610     }
611 
612     public boolean isValidateSamlSubjectConfirmation() {
613         return validateSamlSubjectConfirmation;
614     }
615 
616     public void setValidateSamlSubjectConfirmation(boolean validateSamlSubjectConfirmation) {
617         this.validateSamlSubjectConfirmation = validateSamlSubjectConfirmation;
618     }
619 
620     public boolean isAllowNamespaceQualifiedPasswordTypes() {
621         return allowNamespaceQualifiedPasswordTypes;
622     }
623 
624     public void setAllowNamespaceQualifiedPasswordTypes(boolean allowNamespaceQualifiedPasswordTypes) {
625         this.allowNamespaceQualifiedPasswordTypes = allowNamespaceQualifiedPasswordTypes;
626     }
627 
628     public int getUtFutureTTL() {
629         return utFutureTTL;
630     }
631 
632     public void setUtFutureTTL(int utFutureTTL) {
633         this.utFutureTTL = utFutureTTL;
634     }
635 
636     public boolean isHandleCustomPasswordTypes() {
637         return handleCustomPasswordTypes;
638     }
639 
640     public void setHandleCustomPasswordTypes(boolean handleCustomPasswordTypes) {
641         this.handleCustomPasswordTypes = handleCustomPasswordTypes;
642     }
643 
644     public int getUtTTL() {
645         return utTTL;
646     }
647 
648     public void setUtTTL(int utTTL) {
649         this.utTTL = utTTL;
650     }
651 
652     public int getTimeStampTTL() {
653         return timeStampTTL;
654     }
655 
656     public void setTimeStampTTL(int timeStampTTL) {
657         this.timeStampTTL = timeStampTTL;
658     }
659 
660     public int getTimeStampFutureTTL() {
661         return timeStampFutureTTL;
662     }
663 
664     public void setTimeStampFutureTTL(int timeStampFutureTTL) {
665         this.timeStampFutureTTL = timeStampFutureTTL;
666     }
667 
668     public boolean isAllowUsernameTokenNoPassword() {
669         return allowUsernameTokenNoPassword;
670     }
671 
672     public void setAllowUsernameTokenNoPassword(boolean allowUsernameTokenNoPassword) {
673         this.allowUsernameTokenNoPassword = allowUsernameTokenNoPassword;
674     }
675 
676     public boolean isTimeStampStrict() {
677         return timeStampStrict;
678     }
679 
680     public void setTimeStampStrict(boolean timeStampStrict) {
681         this.timeStampStrict = timeStampStrict;
682     }
683 
684     public boolean isAddInclusivePrefixes() {
685         return addInclusivePrefixes;
686     }
687 
688     public void setAddInclusivePrefixes(boolean addInclusivePrefixes) {
689         this.addInclusivePrefixes = addInclusivePrefixes;
690     }
691 
692     public boolean isPrecisionInMilliSeconds() {
693         return precisionInMilliSeconds;
694     }
695 
696     public void setPrecisionInMilliSeconds(boolean precisionInMilliSeconds) {
697         this.precisionInMilliSeconds = precisionInMilliSeconds;
698     }
699 
700     public boolean isEnableSignatureConfirmation() {
701         return enableSignatureConfirmation;
702     }
703 
704     public void setEnableSignatureConfirmation(boolean enableSignatureConfirmation) {
705         this.enableSignatureConfirmation = enableSignatureConfirmation;
706     }
707 
708     public String getRequiredPasswordType() {
709         return requiredPasswordType;
710     }
711 
712     public void setRequiredPasswordType(String requiredPasswordType) {
713         this.requiredPasswordType = requiredPasswordType;
714     }
715 
716     public boolean isEncodePasswords() {
717         return encodePasswords;
718     }
719 
720     public void setEncodePasswords(boolean encodePasswords) {
721         this.encodePasswords = encodePasswords;
722     }
723 
724     public boolean isStoreBytesInAttachment() {
725         return storeBytesInAttachment;
726     }
727 
728     public void setStoreBytesInAttachment(boolean storeBytesInAttachment) {
729         this.storeBytesInAttachment = storeBytesInAttachment;
730     }
731 
732     public boolean isExpandXopInclude() {
733         return expandXopInclude;
734     }
735 
736     public void setExpandXopInclude(boolean expandXopInclude) {
737         this.expandXopInclude = expandXopInclude;
738     }
739 
740     public Serializer getEncryptionSerializer() {
741         return encryptionSerializer;
742     }
743 
744     public void setEncryptionSerializer(Serializer encryptionSerializer) {
745         this.encryptionSerializer = encryptionSerializer;
746     }
747 
748     public boolean isAddUsernameTokenCreated() {
749         return addUsernameTokenCreated;
750     }
751 
752     public void setAddUsernameTokenCreated(boolean addUsernameTokenCreated) {
753         this.addUsernameTokenCreated = addUsernameTokenCreated;
754     }
755 
756     public boolean isAddUsernameTokenNonce() {
757         return addUsernameTokenNonce;
758     }
759 
760     public void setAddUsernameTokenNonce(boolean addUsernameTokenNonce) {
761         this.addUsernameTokenNonce = addUsernameTokenNonce;
762     }
763 
764     public WSDocInfo getWsDocInfo() {
765         return wsDocInfo;
766     }
767 
768     public void setWsDocInfo(WSDocInfo wsDocInfo) {
769         this.wsDocInfo = wsDocInfo;
770     }
771 
772     public Provider getSignatureProvider() {
773         return signatureProvider;
774     }
775 
776     /**
777      * Set a security Provider instance to use for Signature
778      */
779     public void setSignatureProvider(Provider signatureProvider) {
780         this.signatureProvider = signatureProvider;
781     }
782 }