View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.security;
18  
19  import java.util.ArrayList;
20  
21  import org.opensaml.xml.encryption.EncryptionConstants;
22  import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
23  import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
24  import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
25  import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
26  import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
27  import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
28  import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
29  import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
30  import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
31  import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
32  import org.opensaml.xml.signature.SignatureConstants;
33  
34  /**
35   * A utility class which programatically builds an instance of {@link BasicSecurityConfiguration}
36   * which has reasonable default values for the various configuration parameters.
37   */
38  public class DefaultSecurityConfigurationBootstrap {
39      
40      /** Constructor. */
41      protected DefaultSecurityConfigurationBootstrap() {}
42      
43      /**
44       * Build and return a default configuration.
45       * 
46       * @return a new basic security configuration with reasonable default values
47       */
48      public static BasicSecurityConfiguration buildDefaultConfig() {
49          BasicSecurityConfiguration config = new BasicSecurityConfiguration();
50          
51          populateSignatureParams(config);
52          populateEncryptionParams(config);
53          populateKeyInfoCredentialResolverParams(config);
54          populateKeyInfoGeneratorManager(config);
55          populateKeyParams(config);
56          
57          return config;
58      }
59      
60      /**
61       * Populate signature-related parameters.
62       * 
63       * @param config the security configuration to populate
64       */
65      protected static void populateSignatureParams(BasicSecurityConfiguration config) {
66          // Asymmetric key algorithms
67          config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
68          config.registerSignatureAlgorithmURI("DSA", SignatureConstants.ALGO_ID_SIGNATURE_DSA);
69          config.registerSignatureAlgorithmURI("ECDSA", SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
70          
71          // HMAC algorithms
72          config.registerSignatureAlgorithmURI("AES", SignatureConstants.ALGO_ID_MAC_HMAC_SHA1);
73          config.registerSignatureAlgorithmURI("DESede", SignatureConstants.ALGO_ID_MAC_HMAC_SHA1);
74          
75          // Other signature-related params
76          config.setSignatureCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
77          config.setSignatureHMACOutputLength(null);
78          config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA1);
79      }
80      
81      /**
82       * Populate encryption-related parameters.
83       * 
84       * @param config the security configuration to populate
85       */
86      protected static void populateEncryptionParams(BasicSecurityConfiguration config) {
87          // Data encryption URI's
88          config.registerDataEncryptionAlgorithmURI("AES", 128, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
89          config.registerDataEncryptionAlgorithmURI("AES", 192, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192);
90          config.registerDataEncryptionAlgorithmURI("AES", 256, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256);
91          config.registerDataEncryptionAlgorithmURI("DESede", 168, EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES);
92          config.registerDataEncryptionAlgorithmURI("DESede", 192, EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES);
93          
94          // Key encryption URI's
95          
96          // Asymmetric key transport algorithms
97          config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES", EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
98          config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "DESede", EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
99          
100         // Symmetric key wrap algorithms
101         config.registerKeyTransportEncryptionAlgorithmURI("AES", 128, null, EncryptionConstants.ALGO_ID_KEYWRAP_AES128);
102         config.registerKeyTransportEncryptionAlgorithmURI("AES", 192, null, EncryptionConstants.ALGO_ID_KEYWRAP_AES192);
103         config.registerKeyTransportEncryptionAlgorithmURI("AES", 256, null, EncryptionConstants.ALGO_ID_KEYWRAP_AES256);
104         config.registerKeyTransportEncryptionAlgorithmURI("DESede", 168, null, EncryptionConstants.ALGO_ID_KEYWRAP_TRIPLEDES);
105         config.registerKeyTransportEncryptionAlgorithmURI("DESede", 192, null, EncryptionConstants.ALGO_ID_KEYWRAP_TRIPLEDES);
106         
107         // Other encryption-related params
108         config.setAutoGeneratedDataEncryptionKeyAlgorithmURI(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
109     }
110 
111     /**
112      * Populate KeyInfoCredentialResolver-related parameters.
113      * 
114      * @param config the security configuration to populate
115      */
116     protected static void populateKeyInfoCredentialResolverParams(BasicSecurityConfiguration config) {
117         // Basic resolver for inline info
118         ArrayList<KeyInfoProvider> providers = new ArrayList<KeyInfoProvider>();
119         providers.add( new RSAKeyValueProvider() );
120         providers.add( new DSAKeyValueProvider() );
121         providers.add( new InlineX509DataProvider() );
122         
123         KeyInfoCredentialResolver resolver = new BasicProviderKeyInfoCredentialResolver(providers);
124         config.setDefaultKeyInfoCredentialResolver(resolver);
125     }
126 
127     /**
128      * Populate KeyInfoGeneratorManager-related parameters.
129      * 
130      * @param config the security configuration to populate
131      */
132     protected static void populateKeyInfoGeneratorManager(BasicSecurityConfiguration config) {
133         NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager();
134         config.setKeyInfoGeneratorManager(namedManager);
135         
136         namedManager.setUseDefaultManager(true);
137         KeyInfoGeneratorManager defaultManager = namedManager.getDefaultManager();
138         
139         // Generator for basic Credentials
140         BasicKeyInfoGeneratorFactory basicFactory = new BasicKeyInfoGeneratorFactory();
141         basicFactory.setEmitPublicKeyValue(true);
142         
143         // Generator for X509Credentials
144         X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
145         x509Factory.setEmitEntityCertificate(true);
146         
147         defaultManager.registerFactory(basicFactory);
148         defaultManager.registerFactory(x509Factory);
149     }
150 
151     /**
152      * Populate misc key-related parameters.
153      * 
154      * @param config the security configuration to populate
155      */
156     protected static void populateKeyParams(BasicSecurityConfiguration config) {
157         // Maybe populate some DSA parameters here, if there are commonly accepcted default values
158     }
159 
160 }