Package se.swedenconnect.opensaml.xmlsec.config

Class ExtendedDefaultSecurityConfigurationBootstrap

java.lang.Object
org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap
se.swedenconnect.opensaml.xmlsec.config.ExtendedDefaultSecurityConfigurationBootstrap
public class ExtendedDefaultSecurityConfigurationBootstrap extends org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap
Extends OpenSAML's DefaultSecurityConfigurationBootstrap with support for the RSA-PSS signature algorithms.

Note: Even though OpenSAML 5.x has introduced support for RSA-PSS algorithms, they are not part of the DefaultSecurityConfigurationBootstrap, so this class is still needed.

Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

  • Field Summary

    Fields inherited from class org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap

    CONCATKDF, CONFIG_PROPERTY_ECDH_DEFAULT_KDF, PBKDF2

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    protected
    ExtendedDefaultSecurityConfigurationBootstrap()
    Constructor.

  • Method Summary

    Modifier and Type
    Method
    Description
    protected static org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver
    buildBasicEncryptedKeyResolver()
    Build a basic instance of EncryptedKeyResolver.
    static org.opensaml.xmlsec.impl.BasicEncryptionConfiguration
    buildDefaultEncryptionConfiguration()
    Extends DefaultSecurityConfigurationBootstrap.buildDefaultEncryptionConfiguration() with fixes for XXX.
    static org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration
    buildDefaultSignatureSigningConfiguration()
    Extends DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration() with http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1, http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1 and http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1.
    static org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration
    buildDefaultSignatureSigningConfiguration(org.opensaml.xmlsec.SignatureSigningConfiguration config)
    Given a SignatureSigningConfiguration the method ensures that the signature algorithms http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1, http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1 and http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1 are among the signature algorithms and returns a BasicSignatureSigningConfiguration object.
    static org.opensaml.xmlsec.EncryptionConfiguration
    patchEncryptionConfiguration(org.opensaml.xmlsec.EncryptionConfiguration configuration, boolean copy)
    A method that makes sure that the key agreement configuration for EC always uses key wrap.

    Methods inherited from class org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap

    buildBasicInlineKeyInfoCredentialResolver, buildBasicKeyInfoGeneratorManager, buildDataEncryptionKeyInfoGeneratorManager, buildDefaultDecryptionConfiguration, buildDefaultSignatureValidationConfiguration, buildKeyAgreementConfigurations, buildKeyTransportEncryptionKeyInfoGeneratorManager, buildSignatureKeyInfoGeneratorManager

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • ExtendedDefaultSecurityConfigurationBootstrap

      protected ExtendedDefaultSecurityConfigurationBootstrap()
      Constructor.

  • Method Details

    • buildDefaultSignatureSigningConfiguration

      @Nonnull public static org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration buildDefaultSignatureSigningConfiguration()
      Extends DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration() with http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1, http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1 and http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1.
      Returns:
      signature signing configuration

    • buildDefaultSignatureSigningConfiguration

      @Nonnull public static org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration buildDefaultSignatureSigningConfiguration(org.opensaml.xmlsec.SignatureSigningConfiguration config)
      Given a SignatureSigningConfiguration the method ensures that the signature algorithms http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1, http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1 and http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1 are among the signature algorithms and returns a BasicSignatureSigningConfiguration object.
      Parameters:
      config - the configuration
      Returns:
      a signing configuration with RSA-PSS algorithms included

    • buildBasicEncryptedKeyResolver

      @Nonnull protected static org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver buildBasicEncryptedKeyResolver()
      Build a basic instance of EncryptedKeyResolver. Extends the one from DefaultSecurityConfigurationBootstrap with EncryptedElementTypeEncryptedKeyResolver.
      Returns:
      an EncryptedKey resolver instance

    • buildDefaultEncryptionConfiguration

      @Nonnull public static org.opensaml.xmlsec.impl.BasicEncryptionConfiguration buildDefaultEncryptionConfiguration()
      Extends DefaultSecurityConfigurationBootstrap.buildDefaultEncryptionConfiguration() with fixes for XXX.
      Returns:
      a BasicEncryptionConfiguration

    • patchEncryptionConfiguration

      @Nonnull public static org.opensaml.xmlsec.EncryptionConfiguration patchEncryptionConfiguration(@Nonnull org.opensaml.xmlsec.EncryptionConfiguration configuration, boolean copy)
      A method that makes sure that the key agreement configuration for EC always uses key wrap.
      Parameters:
      configuration - the configuration to patch
      copy - whether to make a copy of the supplied configuration (if patched)
      Returns:
      an updated configuration