Package se.swedenconnect.opensaml.xmlsec.config

Class ExtendedDefaultSecurityConfigurationBootstrap

java.lang.Object

org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap

se.swedenconnect.opensaml.xmlsec.config.ExtendedDefaultSecurityConfigurationBootstrap

public class ExtendedDefaultSecurityConfigurationBootstrap
extends DefaultSecurityConfigurationBootstrap

Extends OpenSAML's DefaultSecurityConfigurationBootstrap with support for the RSA-PSS signature algorithms.

Note: Even though OpenSAML 5.x has introduced support for RSA-PSS algorithms, they are not part of the DefaultSecurityConfigurationBootstrap, so this class is still needed.

Author:

Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

Field Summary

Fields inherited from class org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap

CONCATKDF, CONFIG_PROPERTY_ECDH_DEFAULT_KDF, PBKDF2

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	ExtendedDefaultSecurityConfigurationBootstrap()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected static EncryptedKeyResolver	buildBasicEncryptedKeyResolver()	Build a basic instance of EncryptedKeyResolver.
static BasicEncryptionConfiguration	buildDefaultEncryptionConfiguration()	Extends DefaultSecurityConfigurationBootstrap.buildDefaultEncryptionConfiguration() with fixes for XXX.
static BasicSignatureSigningConfiguration	buildDefaultSignatureSigningConfiguration()	Extends DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration() with http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1, http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1 and http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1.
static BasicSignatureSigningConfiguration	buildDefaultSignatureSigningConfiguration(SignatureSigningConfiguration config)	Given a SignatureSigningConfiguration the method ensures that the signature algorithms http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1, http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1 and http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1 are among the signature algorithms and returns a BasicSignatureSigningConfiguration object.
static EncryptionConfiguration	patchEncryptionConfiguration(EncryptionConfiguration configuration, boolean copy)	A method that makes sure that the key agreement configuration for EC always uses key wrap.

Methods inherited from class org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap

buildBasicInlineKeyInfoCredentialResolver, buildBasicKeyInfoGeneratorManager, buildDataEncryptionKeyInfoGeneratorManager, buildDefaultDecryptionConfiguration, buildDefaultSignatureValidationConfiguration, buildKeyAgreementConfigurations, buildKeyTransportEncryptionKeyInfoGeneratorManager, buildSignatureKeyInfoGeneratorManager

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ExtendedDefaultSecurityConfigurationBootstrap

protected ExtendedDefaultSecurityConfigurationBootstrap()

Constructor.

Method Details

buildDefaultSignatureSigningConfiguration

@Nonnull
public static BasicSignatureSigningConfiguration buildDefaultSignatureSigningConfiguration()

Extends DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration() with http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1, http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1 and http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1.

Returns:

signature signing configuration

buildDefaultSignatureSigningConfiguration

@Nonnull
public static BasicSignatureSigningConfiguration buildDefaultSignatureSigningConfiguration(SignatureSigningConfiguration config)

Given a SignatureSigningConfiguration the method ensures that the signature algorithms http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1, http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1 and http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1 are among the signature algorithms and returns a BasicSignatureSigningConfiguration object.

Parameters:

config - the configuration

Returns:

a signing configuration with RSA-PSS algorithms included

buildBasicEncryptedKeyResolver

@Nonnull
protected static EncryptedKeyResolver buildBasicEncryptedKeyResolver()

Build a basic instance of EncryptedKeyResolver. Extends the one from DefaultSecurityConfigurationBootstrap with EncryptedElementTypeEncryptedKeyResolver.

Returns:

an EncryptedKey resolver instance

buildDefaultEncryptionConfiguration

@Nonnull
public static BasicEncryptionConfiguration buildDefaultEncryptionConfiguration()

Extends DefaultSecurityConfigurationBootstrap.buildDefaultEncryptionConfiguration() with fixes for XXX.

Returns:

a BasicEncryptionConfiguration

patchEncryptionConfiguration

@Nonnull
public static EncryptionConfiguration patchEncryptionConfiguration(@Nonnull
 EncryptionConfiguration configuration,
 boolean copy)

A method that makes sure that the key agreement configuration for EC always uses key wrap.

Parameters:

configuration - the configuration to patch

copy - whether to make a copy of the supplied configuration (if patched)

Returns:

an updated configuration