Package se.swedenconnect.opensaml.eidas.xmlsec

Class RelaxedEidasSecurityConfiguration

java.lang.Object

se.swedenconnect.opensaml.xmlsec.config.AbstractSecurityConfiguration

se.swedenconnect.opensaml.eidas.xmlsec.EidasSecurityConfiguration

se.swedenconnect.opensaml.eidas.xmlsec.RelaxedEidasSecurityConfiguration

All Implemented Interfaces:

SecurityConfiguration

public class RelaxedEidasSecurityConfiguration
extends EidasSecurityConfiguration

The algorithm requirements from version 1.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework" leaves out some of the commonly used algorithms which most likely will lead to interoperability issues if we implement them strictly. The RelaxedEidasSecurityConfiguration class is a bit more forgiving, especially when it comes to RSA-SHAxxx signature algorithms.

Author:

Martin Lindström

Constructor Summary

Constructors

Constructor	Description
RelaxedEidasSecurityConfiguration()

Method Summary

Modifier and Type	Method	Description
protected DecryptionConfiguration	createDefaultDecryptionConfiguration()	The EidasSecurityConfiguration implementation whitelists only the algorithms given in sections 3.2.1 and 3.2.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework".
protected EncryptionConfiguration	createDefaultEncryptionConfiguration()	Will also allow the widespread AES-CBC block encryption algorithms.
protected SignatureSigningConfiguration	createDefaultSignatureSigningConfiguration()	Will allow using RSA-SHAxxx signature algorithms.
protected SignatureValidationConfiguration	createDefaultSignatureValidationConfiguration()	The EidasSecurityConfiguration implementation whitelists only the algorithms given in section 3.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework".
String	getProfileName()

Methods inherited from class se.swedenconnect.opensaml.xmlsec.config.AbstractSecurityConfiguration

getDecryptionConfiguration, getDefaultDecryptionConfiguration, getDefaultEncryptionConfiguration, getDefaultSignatureSigningConfiguration, getDefaultSignatureValidationConfiguration, getEncryptionConfiguration, getSignatureSigningConfiguration, getSignatureValidationConfiguration, initOpenSAML

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

RelaxedEidasSecurityConfiguration

public RelaxedEidasSecurityConfiguration()

Method Details

getProfileName

public String getProfileName()

Specified by:

getProfileName in interface SecurityConfiguration

Overrides:

getProfileName in class EidasSecurityConfiguration

createDefaultEncryptionConfiguration

protected EncryptionConfiguration createDefaultEncryptionConfiguration()

Will also allow the widespread AES-CBC block encryption algorithms.

Overrides:

createDefaultEncryptionConfiguration in class EidasSecurityConfiguration

createDefaultDecryptionConfiguration

protected DecryptionConfiguration createDefaultDecryptionConfiguration()

The EidasSecurityConfiguration implementation whitelists only the algorithms given in sections 3.2.1 and 3.2.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework". This implementation removes the whitelisting and instead blacklists some of the algorithms that we really can't accept.

Overrides:

createDefaultDecryptionConfiguration in class EidasSecurityConfiguration

createDefaultSignatureSigningConfiguration

protected SignatureSigningConfiguration createDefaultSignatureSigningConfiguration()

Will allow using RSA-SHAxxx signature algorithms.

Overrides:

createDefaultSignatureSigningConfiguration in class EidasSecurityConfiguration

createDefaultSignatureValidationConfiguration

protected SignatureValidationConfiguration createDefaultSignatureValidationConfiguration()

The EidasSecurityConfiguration implementation whitelists only the algorithms given in section 3.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework". This implementation removes the whitelisting and instead blacklists some of the algorithms that we really can't accept.

Overrides:

createDefaultSignatureValidationConfiguration in class EidasSecurityConfiguration