org.opensaml.xml.security
Interface SecurityConfiguration

All Known Implementing Classes:

BasicSecurityConfiguration

public interface SecurityConfiguration

Interface for classes which store security-related configuration information, especially related to the requirements for XML Signature and XML Encryption.

Method Summary

String	getAutoGeneratedDataEncryptionKeyAlgorithmURI() Get the encryption algorithm URI to be used when auto-generating random data encryption keys.
String	getDataEncryptionAlgorithmURI(Credential credential) Get the encryption algorithm URI for the encryption key contained within the specified credential.
String	getDataEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength) Get the encryption algorithm URI for the specified JCA key algorithm name and optional key length.
KeyInfoCredentialResolver	getDefaultKeyInfoCredentialResolver() Get the default KeyInfoCredentialResolver configuration.
DSAParams	getDSAParams(int keyLength) Get a DSA parameters instance which defines the default DSA key information to be used within a DSA "key family".
KeyInfoCredentialResolver	getKeyInfoCredentialResolver(String name) Get the KeyInfoCredentialResolver associated with the named configuration.
NamedKeyInfoGeneratorManager	getKeyInfoGeneratorManager() Get the manager for named KeyInfoGenerator instances.
String	getKeyTransportEncryptionAlgorithmURI(Credential credential, String wrappedKeyAlgorithm) Get the key transport encryption algorithm URI for the encryption key contained within the specified credential.
String	getKeyTransportEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength, String wrappedKeyAlgorithm) Get the key transport encryption algorithm URI for the specified JCA key algorithm name, optional key length and optional JCA key algorithm name of the key to be encrypted.
String	getSignatureAlgorithmURI(Credential credential) Get the signature algorithm URI for the signing key contained within the specified credential.
String	getSignatureAlgorithmURI(String jcaAlgorithmName) Get the signature algorithm URI for the specified JCA key algorithm name.
String	getSignatureCanonicalizationAlgorithm() Get a canonicalization algorithm URI suitable for use as a Signature CanonicalizationMethod value.
Integer	getSignatureHMACOutputLength() Get the value to be used as the Signature SignatureMethod HMACOutputLength value, used only when signing with an HMAC algorithm.
String	getSignatureReferenceDigestMethod() Get a digest method algorithm URI suitable for use as a Signature Reference DigestMethod value.

Method Detail

getSignatureAlgorithmURI

String getSignatureAlgorithmURI(String jcaAlgorithmName)

Get the signature algorithm URI for the specified JCA key algorithm name.

Parameters:

jcaAlgorithmName - a JCA key algorithm name

Returns:

a signature algorithm URI mapping, or null if no mapping is available

getSignatureAlgorithmURI

String getSignatureAlgorithmURI(Credential credential)

Get the signature algorithm URI for the signing key contained within the specified credential.

Parameters:

credential - a credential containing a signing key

Returns:

a signature algorithm URI mapping, or null if no mapping is available

getSignatureReferenceDigestMethod

String getSignatureReferenceDigestMethod()

Get a digest method algorithm URI suitable for use as a Signature Reference DigestMethod value.

Returns:

a digest method algorithm URI

getSignatureCanonicalizationAlgorithm

String getSignatureCanonicalizationAlgorithm()

Get a canonicalization algorithm URI suitable for use as a Signature CanonicalizationMethod value.

Returns:

a canonicalization algorithm URI

getSignatureHMACOutputLength

Integer getSignatureHMACOutputLength()

Get the value to be used as the Signature SignatureMethod HMACOutputLength value, used only when signing with an HMAC algorithm. This value is optional when using HMAC.

Returns:

the configured HMAC output length value

getDataEncryptionAlgorithmURI

String getDataEncryptionAlgorithmURI(String jcaAlgorithmName,
                                     Integer keyLength)

Get the encryption algorithm URI for the specified JCA key algorithm name and optional key length. Passing null as the key length will return the default algorithm URI for the specified JCA algorithm, if a default is configured. If no mapping for the specified key length is available, the default mapping will be returned.

Parameters:

jcaAlgorithmName - a JCA key algorithm name

keyLength - optional key length parameter

Returns:

an encryption algorithm URI, or null if no mapping is available

getDataEncryptionAlgorithmURI

String getDataEncryptionAlgorithmURI(Credential credential)

Get the encryption algorithm URI for the encryption key contained within the specified credential.

Parameters:

credential - a credential containing an encryption key

Returns:

an encryption algorithm URI mapping, or null if no mapping is available

getKeyTransportEncryptionAlgorithmURI

String getKeyTransportEncryptionAlgorithmURI(String jcaAlgorithmName,
                                             Integer keyLength,
                                             String wrappedKeyAlgorithm)

Get the key transport encryption algorithm URI for the specified JCA key algorithm name, optional key length and optional JCA key algorithm name of the key to be encrypted. Note that typically the key length parameter is required for lookup of symmetric key wrap algorithm URI's, but is typically not required or relevant for asymmetric key transport algorithms. If a mapping is not available considering the optional key length and wrapped algorithm parameters as passed, a lookup will next be attempted by omiting the (non-null) wrapped key algorithm, and if that is unsuccessful, by then omitting the (non-null) key length parameter. If a mapping has still not been found, then a final lookup attempt will be made using the key encryption key's JCA algorithm name alone.

Parameters:

jcaAlgorithmName - a JCA key algorithm name for the key encryption key

keyLength - optional key length parameter

wrappedKeyAlgorithm - a JCA key algorithm name for the key to be encrypted

Returns:

an encryption algorithm URI, or null if no mapping is available

getKeyTransportEncryptionAlgorithmURI

String getKeyTransportEncryptionAlgorithmURI(Credential credential,
                                             String wrappedKeyAlgorithm)

Get the key transport encryption algorithm URI for the encryption key contained within the specified credential.

Parameters:

credential - a credential containing an encryption key

wrappedKeyAlgorithm - the JCA key algorithm name of the key being encrypted

Returns:

an encryption algorithm URI mapping, or null if no mapping is available

getAutoGeneratedDataEncryptionKeyAlgorithmURI

String getAutoGeneratedDataEncryptionKeyAlgorithmURI()

Get the encryption algorithm URI to be used when auto-generating random data encryption keys.

Returns:

an encryption algorithm URI, or null if no default is available

getDSAParams

DSAParams getDSAParams(int keyLength)

Get a DSA parameters instance which defines the default DSA key information to be used within a DSA "key family".

Parameters:

keyLength - length of the DSA key whose parameters are desired

Returns:

the default DSA parameters instance, or null if no default is available

getKeyInfoGeneratorManager

NamedKeyInfoGeneratorManager getKeyInfoGeneratorManager()

Get the manager for named KeyInfoGenerator instances.

Returns:

the KeyInfoGenerator manager, or null if none is configured

getKeyInfoCredentialResolver

KeyInfoCredentialResolver getKeyInfoCredentialResolver(String name)

Get the KeyInfoCredentialResolver associated with the named configuration.

Parameters:

name - the name of the resolver configuration to return

Returns:

a KeyInfoCredentialResolver instance

getDefaultKeyInfoCredentialResolver

KeyInfoCredentialResolver getDefaultKeyInfoCredentialResolver()

Get the default KeyInfoCredentialResolver configuration.

Returns:

the default KeyInfoCredentialResolver