Class RelaxedEidasSecurityConfiguration
java.lang.Object
se.swedenconnect.opensaml.xmlsec.config.AbstractSecurityConfiguration
se.swedenconnect.opensaml.eidas.xmlsec.EidasSecurityConfiguration
se.swedenconnect.opensaml.eidas.xmlsec.RelaxedEidasSecurityConfiguration
- All Implemented Interfaces:
SecurityConfiguration
The algorithm requirements from version 1.2 of "eIDAS - Cryptographic requirements for the Interoperability
Framework" leaves out some of the commonly used algorithms which most likely will lead to interoperability issues if
we implement them strictly. The
RelaxedEidasSecurityConfiguration class is a bit more forgiving, especially
when it comes to RSA-SHAxxx signature algorithms.- Author:
- Martin Lindström
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected org.opensaml.xmlsec.DecryptionConfigurationTheEidasSecurityConfigurationimplementation whitelists only the algorithms given in sections 3.2.1 and 3.2.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework".protected org.opensaml.xmlsec.EncryptionConfigurationWill also allow the widespread AES-CBC block encryption algorithms.protected org.opensaml.xmlsec.SignatureSigningConfigurationWill allow using RSA-SHAxxx signature algorithms.protected org.opensaml.xmlsec.SignatureValidationConfigurationTheEidasSecurityConfigurationimplementation whitelists only the algorithms given in section 3.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework".Methods inherited from class se.swedenconnect.opensaml.xmlsec.config.AbstractSecurityConfiguration
getDecryptionConfiguration, getDefaultDecryptionConfiguration, getDefaultEncryptionConfiguration, getDefaultSignatureSigningConfiguration, getDefaultSignatureValidationConfiguration, getEncryptionConfiguration, getSignatureSigningConfiguration, getSignatureValidationConfiguration, initOpenSAML
-
Constructor Details
-
RelaxedEidasSecurityConfiguration
public RelaxedEidasSecurityConfiguration()
-
-
Method Details
-
getProfileName
- Specified by:
getProfileNamein interfaceSecurityConfiguration- Overrides:
getProfileNamein classEidasSecurityConfiguration
-
createDefaultEncryptionConfiguration
protected org.opensaml.xmlsec.EncryptionConfiguration createDefaultEncryptionConfiguration()Will also allow the widespread AES-CBC block encryption algorithms.- Overrides:
createDefaultEncryptionConfigurationin classEidasSecurityConfiguration
-
createDefaultDecryptionConfiguration
protected org.opensaml.xmlsec.DecryptionConfiguration createDefaultDecryptionConfiguration()TheEidasSecurityConfigurationimplementation whitelists only the algorithms given in sections 3.2.1 and 3.2.2 of "eIDAS - Cryptographic requirements for the Interoperability Framework". This implementation removes the whitelisting and instead blacklists some of the algorithms that we really can't accept.- Overrides:
createDefaultDecryptionConfigurationin classEidasSecurityConfiguration
-
createDefaultSignatureSigningConfiguration
protected org.opensaml.xmlsec.SignatureSigningConfiguration createDefaultSignatureSigningConfiguration()Will allow using RSA-SHAxxx signature algorithms.- Overrides:
createDefaultSignatureSigningConfigurationin classEidasSecurityConfiguration
-
createDefaultSignatureValidationConfiguration
protected org.opensaml.xmlsec.SignatureValidationConfiguration createDefaultSignatureValidationConfiguration()TheEidasSecurityConfigurationimplementation whitelists only the algorithms given in section 3.3 of "eIDAS - Cryptographic requirements for the Interoperability Framework". This implementation removes the whitelisting and instead blacklists some of the algorithms that we really can't accept.- Overrides:
createDefaultSignatureValidationConfigurationin classEidasSecurityConfiguration
-