Package se.litsec.eidas.opensaml.xmlsec
Class EidasSecurityConfiguration
- java.lang.Object
-
- se.swedenconnect.opensaml.xmlsec.config.AbstractSecurityConfiguration
-
- se.litsec.eidas.opensaml.xmlsec.EidasSecurityConfiguration
-
- All Implemented Interfaces:
SecurityConfiguration
- Direct Known Subclasses:
RelaxedEidasSecurityConfiguration
public class EidasSecurityConfiguration extends AbstractSecurityConfiguration
A security configuration for OpenSAML according to version 1.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework".Note: The people behind the eIDAS crypto requirements SHOULD have looked at what is available in major code frameworks before setting up rigid requirements about bleeding edge cryptos. For example, RSA-PSS on a HSM in a Java environment doesn't work and ECDH key-agreement isn't supported out of the box from OpenSAML (but by https://github.com/swedenconnect/opensaml-security-ext). Security AND interoperability can exist, but IMHO they forgot the latter.
Anyway. If you configure your OpenSAML application using the algorithms of
EidasSecurityConfigurationyou may run into interop issues. Consider using the more relaxed versionRelaxedEidasSecurityConfiguration.- Author:
- Martin Lindström (martin.lindstrom@litsec.se)
-
-
Constructor Summary
Constructors Constructor Description EidasSecurityConfiguration()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected DecryptionConfigurationcreateDefaultDecryptionConfiguration()Creates a decryption configuration for eIDAS according to section 3.2.1 and 3.2.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework".protected EncryptionConfigurationcreateDefaultEncryptionConfiguration()Creates an encryption configuration for eIDAS according to section 3.2.1 and 3.2.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework".protected SignatureSigningConfigurationcreateDefaultSignatureSigningConfiguration()Creates a signature configuration for eIDAS according to section 3.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework".protected SignatureValidationConfigurationcreateDefaultSignatureValidationConfiguration()Creates a signature validation configuration for eIDAS according to section 3.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework".StringgetProfileName()-
Methods inherited from class se.swedenconnect.opensaml.xmlsec.config.AbstractSecurityConfiguration
getDecryptionConfiguration, getDefaultDecryptionConfiguration, getDefaultEncryptionConfiguration, getDefaultSignatureSigningConfiguration, getDefaultSignatureValidationConfiguration, getEncryptionConfiguration, getSignatureSigningConfiguration, getSignatureValidationConfiguration, initOpenSAML
-
-
-
-
Method Detail
-
getProfileName
public String getProfileName()
-
createDefaultEncryptionConfiguration
protected EncryptionConfiguration createDefaultEncryptionConfiguration()
Creates an encryption configuration for eIDAS according to section 3.2.1 and 3.2.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework".- Overrides:
createDefaultEncryptionConfigurationin classAbstractSecurityConfiguration
-
createDefaultDecryptionConfiguration
protected DecryptionConfiguration createDefaultDecryptionConfiguration()
Creates a decryption configuration for eIDAS according to section 3.2.1 and 3.2.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework".- Overrides:
createDefaultDecryptionConfigurationin classAbstractSecurityConfiguration
-
createDefaultSignatureSigningConfiguration
protected SignatureSigningConfiguration createDefaultSignatureSigningConfiguration()
Creates a signature configuration for eIDAS according to section 3.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework".- Overrides:
createDefaultSignatureSigningConfigurationin classAbstractSecurityConfiguration
-
createDefaultSignatureValidationConfiguration
protected SignatureValidationConfiguration createDefaultSignatureValidationConfiguration()
Creates a signature validation configuration for eIDAS according to section 3.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework".- Overrides:
createDefaultSignatureValidationConfigurationin classAbstractSecurityConfiguration
-
-