Package se.swedenconnect.opensaml.eidas.xmlsec

Class EidasSecurityConfiguration

java.lang.Object
se.swedenconnect.opensaml.xmlsec.config.AbstractSecurityConfiguration
se.swedenconnect.opensaml.eidas.xmlsec.EidasSecurityConfiguration
All Implemented Interfaces:
SecurityConfiguration
Direct Known Subclasses:
Eidas_1_4_SecurityConfiguration, RelaxedEidasSecurityConfiguration
public class EidasSecurityConfiguration extends AbstractSecurityConfiguration
A security configuration for OpenSAML according to version 1.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework" (and earlier versions).

Note: The people behind the eIDAS crypto requirements SHOULD have looked at what is available in major code frameworks before setting up rigid requirements about bleeding edge cryptos. For example, RSA-PSS on a HSM in a Java environment doesn't work and ECDH key-agreement isn't supported out of the box from OpenSAML (but by https://github.com/swedenconnect/opensaml-security-ext). Security AND interoperability can exist, but IMHO they forgot the latter.

Anyway. If you configure your OpenSAML application using the algorithms of EidasSecurityConfiguration you may run into interop issues. Consider using the more relaxed version RelaxedEidasSecurityConfiguration.

Author:
Martin Lindström

  • Constructor Details

    • EidasSecurityConfiguration

      public EidasSecurityConfiguration()

  • Method Details

    • getProfileName

      public String getProfileName()

    • createDefaultEncryptionConfiguration

      protected org.opensaml.xmlsec.EncryptionConfiguration createDefaultEncryptionConfiguration()
      Creates an encryption configuration for eIDAS according to section 3.2.1 and 3.2.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework version 1.3 and earlier".
      Overrides:
      createDefaultEncryptionConfiguration in class AbstractSecurityConfiguration

    • createDefaultDecryptionConfiguration

      protected org.opensaml.xmlsec.DecryptionConfiguration createDefaultDecryptionConfiguration()
      Creates a decryption configuration for eIDAS according to section 3.2.1 and 3.2.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework".
      Overrides:
      createDefaultDecryptionConfiguration in class AbstractSecurityConfiguration

    • createDefaultSignatureSigningConfiguration

      protected org.opensaml.xmlsec.SignatureSigningConfiguration createDefaultSignatureSigningConfiguration()
      Creates a signature configuration for eIDAS according to section 3.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework".
      Overrides:
      createDefaultSignatureSigningConfiguration in class AbstractSecurityConfiguration

    • createDefaultSignatureValidationConfiguration

      protected org.opensaml.xmlsec.SignatureValidationConfiguration createDefaultSignatureValidationConfiguration()
      Creates a signature validation configuration for eIDAS according to section 3.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework".
      Overrides:
      createDefaultSignatureValidationConfiguration in class AbstractSecurityConfiguration