org.opensaml.xml.security
Class BasicSecurityConfiguration

java.lang.Object
  org.opensaml.xml.security.BasicSecurityConfiguration

All Implemented Interfaces:

SecurityConfiguration

public class BasicSecurityConfiguration
extends Object
implements SecurityConfiguration

Basic in-memory implementation of SecurityConfiguration.

Nested Class Summary

protected class	BasicSecurityConfiguration.DataEncryptionIndex Class used as an index to the data encryption algorithm URI map.
protected class	BasicSecurityConfiguration.KeyTransportEncryptionIndex Class used as an index to the key transport encryption algorithm URI map.

Field Summary

static String

KEYINFO_RESOLVER_DEFAULT_CONFIG The name of the KeyInfoCredentialResolver default config.

Constructor Summary

BasicSecurityConfiguration()
Constructor.

Method Summary

void	deregisterDataEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength) Deregister a mapping for the specified JCA algorithm name.
void	deregisterKeyInfoCredentialResolver(String name) Deregister a named KeyInfoCredentialResolver configuration.
void	deregisterKeyTransportEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength, String wrappedKeyAlgorithm) Deregister a mapping for the specified JCA algorithm name.
void	deregisterSignatureAlgorithmURI(String jcaAlgorithmName) Deregister a mapping for the specified JCA algorithm name.
String	getAutoGeneratedDataEncryptionKeyAlgorithmURI() Get the encryption algorithm URI to be used when auto-generating random data encryption keys.
String	getDataEncryptionAlgorithmURI(Credential credential) Get the encryption algorithm URI for the encryption key contained within the specified credential.
String	getDataEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength) Get the encryption algorithm URI for the specified JCA key algorithm name and optional key length.
KeyInfoCredentialResolver	getDefaultKeyInfoCredentialResolver() Get the default KeyInfoCredentialResolver configuration.
DSAParams	getDSAParams(int keyLength) Get a DSA parameters instance which defines the default DSA key information to be used within a DSA "key family".
KeyInfoCredentialResolver	getKeyInfoCredentialResolver(String name) Get the KeyInfoCredentialResolver associated with the named configuration.
NamedKeyInfoGeneratorManager	getKeyInfoGeneratorManager() Get the manager for named KeyInfoGenerator instances.
String	getKeyTransportEncryptionAlgorithmURI(Credential credential, String wrappedKeyAlgorithm) Get the key transport encryption algorithm URI for the encryption key contained within the specified credential.
String	getKeyTransportEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength, String wrappedKeyAlgorithm) Get the key transport encryption algorithm URI for the specified JCA key algorithm name, optional key length and optional JCA key algorithm name of the key to be encrypted.
String	getSignatureAlgorithmURI(Credential credential) Get the signature algorithm URI for the signing key contained within the specified credential.
String	getSignatureAlgorithmURI(String jcaAlgorithmName) Get the signature algorithm URI for the specified JCA key algorithm name.
String	getSignatureCanonicalizationAlgorithm() Get a canonicalization algorithm URI suitable for use as a Signature CanonicalizationMethod value.
Integer	getSignatureHMACOutputLength() Get the value to be used as the Signature SignatureMethod HMACOutputLength value, used only when signing with an HMAC algorithm.
String	getSignatureReferenceDigestMethod() Get a digest method algorithm URI suitable for use as a Signature Reference DigestMethod value.
void	registerDataEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength, String algorithmURI) Register a mapping from the specified JCA algorithm name to an encryption algorithm URI.
void	registerKeyInfoCredentialResolver(String name, KeyInfoCredentialResolver resolver) Register a named KeyInfoCredentialResolver configuration.
void	registerKeyTransportEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength, String wrappedKeyAlgorithm, String algorithmURI) Register a mapping from the specified JCA algorithm name to an encryption algorithm URI.
void	registerSignatureAlgorithmURI(String jcaAlgorithmName, String algorithmURI) Register a mapping from the specified JCA algorithm name to a signature algorithm URI.
void	setAutoGeneratedDataEncryptionKeyAlgorithmURI(String algorithmURI) Set the encryption algorithm URI to be used when auto-generating random data encryption keys.
void	setDefaultKeyInfoCredentialResolver(KeyInfoCredentialResolver resolver) Set the default KeyInfoCredentialResolver config.
void	setDSAParams(int keyLength, DSAParams params) Set a DSA parameters instance which defines the default DSA key information to be used within a DSA "key family".
void	setKeyInfoGeneratorManager(NamedKeyInfoGeneratorManager keyInfoManager) Set the manager for named KeyInfoGenerator instances.
void	setSignatureCanonicalizationAlgorithm(String algorithmURI) Set a canonicalization algorithm URI suitable for use as a Signature CanonicalizationMethod value.
void	setSignatureHMACOutputLength(Integer length) Set the value to be used as the Signature SignatureMethod HMACOutputLength value, used only when signing with an HMAC algorithm.
void	setSignatureReferenceDigestMethod(String algorithmURI) Set a digest method algorithm URI suitable for use as a Signature Reference DigestMethod value.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

KEYINFO_RESOLVER_DEFAULT_CONFIG

public static final String KEYINFO_RESOLVER_DEFAULT_CONFIG

The name of the KeyInfoCredentialResolver default config.

See Also:

Constant Field Values

Constructor Detail

BasicSecurityConfiguration

public BasicSecurityConfiguration()

Constructor.

Method Detail

getSignatureAlgorithmURI

public String getSignatureAlgorithmURI(String jcaAlgorithmName)

Get the signature algorithm URI for the specified JCA key algorithm name.

Specified by:

getSignatureAlgorithmURI in interface SecurityConfiguration

Parameters:

jcaAlgorithmName - a JCA key algorithm name

Returns:

a signature algorithm URI mapping, or null if no mapping is available

getSignatureAlgorithmURI

public String getSignatureAlgorithmURI(Credential credential)

Get the signature algorithm URI for the signing key contained within the specified credential.

Specified by:

getSignatureAlgorithmURI in interface SecurityConfiguration

Parameters:

credential - a credential containing a signing key

Returns:

a signature algorithm URI mapping, or null if no mapping is available

registerSignatureAlgorithmURI

public void registerSignatureAlgorithmURI(String jcaAlgorithmName,
                                          String algorithmURI)

Register a mapping from the specified JCA algorithm name to a signature algorithm URI.

Parameters:

jcaAlgorithmName - the JCA algorithm name to register

algorithmURI - the algorithm URI to register

deregisterSignatureAlgorithmURI

public void deregisterSignatureAlgorithmURI(String jcaAlgorithmName)

Deregister a mapping for the specified JCA algorithm name.

Parameters:

jcaAlgorithmName - the JCA algorithm name to deregister

getSignatureCanonicalizationAlgorithm

public String getSignatureCanonicalizationAlgorithm()

Get a canonicalization algorithm URI suitable for use as a Signature CanonicalizationMethod value.

Specified by:

getSignatureCanonicalizationAlgorithm in interface SecurityConfiguration

Returns:

a canonicalization algorithm URI

setSignatureCanonicalizationAlgorithm

public void setSignatureCanonicalizationAlgorithm(String algorithmURI)

Set a canonicalization algorithm URI suitable for use as a Signature CanonicalizationMethod value.

Parameters:

algorithmURI - a canonicalization algorithm URI

getSignatureReferenceDigestMethod

public String getSignatureReferenceDigestMethod()

Get a digest method algorithm URI suitable for use as a Signature Reference DigestMethod value.

Specified by:

getSignatureReferenceDigestMethod in interface SecurityConfiguration

Returns:

a digest method algorithm URI

setSignatureReferenceDigestMethod

public void setSignatureReferenceDigestMethod(String algorithmURI)

Set a digest method algorithm URI suitable for use as a Signature Reference DigestMethod value.

Parameters:

algorithmURI - a digest method algorithm URI

getSignatureHMACOutputLength

public Integer getSignatureHMACOutputLength()

Get the value to be used as the Signature SignatureMethod HMACOutputLength value, used only when signing with an HMAC algorithm. This value is optional when using HMAC.

Specified by:

getSignatureHMACOutputLength in interface SecurityConfiguration

Returns:

the configured HMAC output length value

setSignatureHMACOutputLength

public void setSignatureHMACOutputLength(Integer length)

Set the value to be used as the Signature SignatureMethod HMACOutputLength value, used only when signing with an HMAC algorithm. This value is optional when using HMAC.

Parameters:

length - the HMAC output length value to use when performing HMAC signing (may be null)

getDataEncryptionAlgorithmURI

public String getDataEncryptionAlgorithmURI(String jcaAlgorithmName,
                                            Integer keyLength)

Get the encryption algorithm URI for the specified JCA key algorithm name and optional key length. Passing null as the key length will return the default algorithm URI for the specified JCA algorithm, if a default is configured. If no mapping for the specified key length is available, the default mapping will be returned.

Specified by:

getDataEncryptionAlgorithmURI in interface SecurityConfiguration

Parameters:

jcaAlgorithmName - a JCA key algorithm name

keyLength - optional key length parameter

Returns:

an encryption algorithm URI, or null if no mapping is available

getDataEncryptionAlgorithmURI

public String getDataEncryptionAlgorithmURI(Credential credential)

Get the encryption algorithm URI for the encryption key contained within the specified credential.

Specified by:

getDataEncryptionAlgorithmURI in interface SecurityConfiguration

Parameters:

credential - a credential containing an encryption key

Returns:

an encryption algorithm URI mapping, or null if no mapping is available

registerDataEncryptionAlgorithmURI

public void registerDataEncryptionAlgorithmURI(String jcaAlgorithmName,
                                               Integer keyLength,
                                               String algorithmURI)

Register a mapping from the specified JCA algorithm name to an encryption algorithm URI.

Parameters:

jcaAlgorithmName - the JCA algorithm name to register

keyLength - the key length to register (may be null)

algorithmURI - the algorithm URI to register

deregisterDataEncryptionAlgorithmURI

public void deregisterDataEncryptionAlgorithmURI(String jcaAlgorithmName,
                                                 Integer keyLength)

Deregister a mapping for the specified JCA algorithm name.

Parameters:

jcaAlgorithmName - the JCA algorithm name to deregister

keyLength - the key length to deregister (may be null)

getKeyTransportEncryptionAlgorithmURI

public String getKeyTransportEncryptionAlgorithmURI(String jcaAlgorithmName,
                                                    Integer keyLength,
                                                    String wrappedKeyAlgorithm)

Get the key transport encryption algorithm URI for the specified JCA key algorithm name, optional key length and optional JCA key algorithm name of the key to be encrypted. Note that typically the key length parameter is required for lookup of symmetric key wrap algorithm URI's, but is typically not required or relevant for asymmetric key transport algorithms. If a mapping is not available considering the optional key length and wrapped algorithm parameters as passed, a lookup will next be attempted by omiting the (non-null) wrapped key algorithm, and if that is unsuccessful, by then omitting the (non-null) key length parameter. If a mapping has still not been found, then a final lookup attempt will be made using the key encryption key's JCA algorithm name alone.

Specified by:

getKeyTransportEncryptionAlgorithmURI in interface SecurityConfiguration

Parameters:

jcaAlgorithmName - a JCA key algorithm name for the key encryption key

keyLength - optional key length parameter

wrappedKeyAlgorithm - a JCA key algorithm name for the key to be encrypted

Returns:

an encryption algorithm URI, or null if no mapping is available

getKeyTransportEncryptionAlgorithmURI

public String getKeyTransportEncryptionAlgorithmURI(Credential credential,
                                                    String wrappedKeyAlgorithm)

Get the key transport encryption algorithm URI for the encryption key contained within the specified credential.

Specified by:

getKeyTransportEncryptionAlgorithmURI in interface SecurityConfiguration

Parameters:

credential - a credential containing an encryption key

wrappedKeyAlgorithm - the JCA key algorithm name of the key being encrypted

Returns:

an encryption algorithm URI mapping, or null if no mapping is available

registerKeyTransportEncryptionAlgorithmURI

public void registerKeyTransportEncryptionAlgorithmURI(String jcaAlgorithmName,
                                                       Integer keyLength,
                                                       String wrappedKeyAlgorithm,
                                                       String algorithmURI)

Register a mapping from the specified JCA algorithm name to an encryption algorithm URI.

Parameters:

jcaAlgorithmName - the JCA algorithm name to register

keyLength - the key length to register (may be null)

wrappedKeyAlgorithm - the JCA algorithm name of the key to be encrypted (may be null)

algorithmURI - the algorithm URI to register

deregisterKeyTransportEncryptionAlgorithmURI

public void deregisterKeyTransportEncryptionAlgorithmURI(String jcaAlgorithmName,
                                                         Integer keyLength,
                                                         String wrappedKeyAlgorithm)

Deregister a mapping for the specified JCA algorithm name.

Parameters:

jcaAlgorithmName - the JCA algorithm name to deregister

keyLength - the key length to deregister (may be null)

wrappedKeyAlgorithm - the JCA algorithm name of the key to be encrypted (may be null)

getAutoGeneratedDataEncryptionKeyAlgorithmURI

public String getAutoGeneratedDataEncryptionKeyAlgorithmURI()

Get the encryption algorithm URI to be used when auto-generating random data encryption keys.

Specified by:

getAutoGeneratedDataEncryptionKeyAlgorithmURI in interface SecurityConfiguration

Returns:

an encryption algorithm URI, or null if no default is available

setAutoGeneratedDataEncryptionKeyAlgorithmURI

public void setAutoGeneratedDataEncryptionKeyAlgorithmURI(String algorithmURI)

Set the encryption algorithm URI to be used when auto-generating random data encryption keys.

Parameters:

algorithmURI - the encryption algorithm URI to use

getKeyInfoGeneratorManager

public NamedKeyInfoGeneratorManager getKeyInfoGeneratorManager()

Get the manager for named KeyInfoGenerator instances.

Specified by:

getKeyInfoGeneratorManager in interface SecurityConfiguration

Returns:

the KeyInfoGenerator manager, or null if none is configured

setKeyInfoGeneratorManager

public void setKeyInfoGeneratorManager(NamedKeyInfoGeneratorManager keyInfoManager)

Set the manager for named KeyInfoGenerator instances.

Parameters:

keyInfoManager - the KeyInfoGenerator manager to use

getDefaultKeyInfoCredentialResolver

public KeyInfoCredentialResolver getDefaultKeyInfoCredentialResolver()

Get the default KeyInfoCredentialResolver configuration.

Specified by:

getDefaultKeyInfoCredentialResolver in interface SecurityConfiguration

Returns:

the default KeyInfoCredentialResolver

setDefaultKeyInfoCredentialResolver

public void setDefaultKeyInfoCredentialResolver(KeyInfoCredentialResolver resolver)

Set the default KeyInfoCredentialResolver config.

Parameters:

resolver - the default KeyInfoCredentialResolver

getKeyInfoCredentialResolver

public KeyInfoCredentialResolver getKeyInfoCredentialResolver(String name)

Get the KeyInfoCredentialResolver associated with the named configuration.

Specified by:

getKeyInfoCredentialResolver in interface SecurityConfiguration

Parameters:

name - the name of the resolver configuration to return

Returns:

a KeyInfoCredentialResolver instance

registerKeyInfoCredentialResolver

public void registerKeyInfoCredentialResolver(String name,
                                              KeyInfoCredentialResolver resolver)

Register a named KeyInfoCredentialResolver configuration.

Parameters:

name - the name of the configuration

resolver - the KeyInfoCredentialResolver to register

deregisterKeyInfoCredentialResolver

public void deregisterKeyInfoCredentialResolver(String name)

Deregister a named KeyInfoCredentialResolver configuration.

Parameters:

name - the name of the configuration

getDSAParams

public DSAParams getDSAParams(int keyLength)

Get a DSA parameters instance which defines the default DSA key information to be used within a DSA "key family".

Specified by:

getDSAParams in interface SecurityConfiguration

Parameters:

keyLength - length of the DSA key whose parameters are desired

Returns:

the default DSA parameters instance, or null if no default is available

setDSAParams

public void setDSAParams(int keyLength,
                         DSAParams params)

Set a DSA parameters instance which defines the default DSA key information to be used within a DSA "key family".

Parameters:

keyLength - the key length of the DSA parameters

params - the default DSA parameters instance