se.swedenconnect.opensaml.xmlsec.config.AbstractSecurityConfiguration

se.swedenconnect.opensaml.eidas.xmlsec.EidasSecurityConfiguration

All Implemented Interfaces:: SecurityConfiguration

Direct Known Subclasses:: Eidas_1_4_SecurityConfiguration, RelaxedEidasSecurityConfiguration

public class EidasSecurityConfiguration extends AbstractSecurityConfiguration

A security configuration for OpenSAML according to version 1.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework" (and earlier versions).

Note: The people behind the eIDAS crypto requirements SHOULD have looked at what is available in major code frameworks before setting up rigid requirements about bleeding edge cryptos. For example, RSA-PSS on a HSM in a Java environment doesn't work and ECDH key-agreement isn't supported out of the box from OpenSAML (but by https://github.com/swedenconnect/opensaml-security-ext). Security AND interoperability can exist, but IMHO they forgot the latter.

Anyway. If you configure your OpenSAML application using the algorithms of EidasSecurityConfiguration you may run into interop issues. Consider using the more relaxed version RelaxedEidasSecurityConfiguration.

Author:: Martin Lindström

Constructor Summary

Constructors

Constructor

Description

EidasSecurityConfiguration()
Method Summary

Modifier and Type

Method

Description

protected DecryptionConfiguration

createDefaultDecryptionConfiguration()

Creates a decryption configuration for eIDAS according to section 3.2.1 and 3.2.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework".

protected EncryptionConfiguration

createDefaultEncryptionConfiguration()

Creates an encryption configuration for eIDAS according to section 3.2.1 and 3.2.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework version 1.3 and earlier".

protected SignatureSigningConfiguration

createDefaultSignatureSigningConfiguration()

Creates a signature configuration for eIDAS according to section 3.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework".

protected SignatureValidationConfiguration

createDefaultSignatureValidationConfiguration()

Creates a signature validation configuration for eIDAS according to section 3.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework".

String

getProfileName()

Methods inherited from class se.swedenconnect.opensaml.xmlsec.config.AbstractSecurityConfiguration
getDecryptionConfiguration, getDefaultDecryptionConfiguration, getDefaultEncryptionConfiguration, getDefaultSignatureSigningConfiguration, getDefaultSignatureValidationConfiguration, getEncryptionConfiguration, getSignatureSigningConfiguration, getSignatureValidationConfiguration, initOpenSAML

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- EidasSecurityConfiguration
  
  public EidasSecurityConfiguration()
Method Details
- getProfileName
  
  public String getProfileName()
- createDefaultEncryptionConfiguration
  
  protected EncryptionConfiguration createDefaultEncryptionConfiguration()
  
  Creates an encryption configuration for eIDAS according to section 3.2.1 and 3.2.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework version 1.3 and earlier".
  
  Overrides:
  
  createDefaultEncryptionConfiguration in class AbstractSecurityConfiguration
- createDefaultDecryptionConfiguration
  
  protected DecryptionConfiguration createDefaultDecryptionConfiguration()
  
  Creates a decryption configuration for eIDAS according to section 3.2.1 and 3.2.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework".
  
  Overrides:
  
  createDefaultDecryptionConfiguration in class AbstractSecurityConfiguration
- createDefaultSignatureSigningConfiguration
  
  protected SignatureSigningConfiguration createDefaultSignatureSigningConfiguration()
  
  Creates a signature configuration for eIDAS according to section 3.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework".
  
  Overrides:
  
  createDefaultSignatureSigningConfiguration in class AbstractSecurityConfiguration
- createDefaultSignatureValidationConfiguration
  
  protected SignatureValidationConfiguration createDefaultSignatureValidationConfiguration()
  
  Creates a signature validation configuration for eIDAS according to section 3.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework".
  
  Overrides:
  
  createDefaultSignatureValidationConfiguration in class AbstractSecurityConfiguration

Class EidasSecurityConfiguration

Constructor Summary

Method Summary

Methods inherited from class se.swedenconnect.opensaml.xmlsec.config.AbstractSecurityConfiguration

Methods inherited from class java.lang.Object

Constructor Details

EidasSecurityConfiguration

Method Details

getProfileName

createDefaultEncryptionConfiguration

createDefaultDecryptionConfiguration

createDefaultSignatureSigningConfiguration

createDefaultSignatureValidationConfiguration