1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.xml.security;
18
19 import java.util.ArrayList;
20
21 import org.opensaml.xml.encryption.EncryptionConstants;
22 import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
23 import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
24 import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
25 import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
26 import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
27 import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
28 import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
29 import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
30 import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
31 import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
32 import org.opensaml.xml.signature.SignatureConstants;
33
34
35
36
37
38 public class DefaultSecurityConfigurationBootstrap {
39
40
41 protected DefaultSecurityConfigurationBootstrap() {}
42
43
44
45
46
47
48 public static BasicSecurityConfiguration buildDefaultConfig() {
49 BasicSecurityConfiguration config = new BasicSecurityConfiguration();
50
51 populateSignatureParams(config);
52 populateEncryptionParams(config);
53 populateKeyInfoCredentialResolverParams(config);
54 populateKeyInfoGeneratorManager(config);
55 populateKeyParams(config);
56
57 return config;
58 }
59
60
61
62
63
64
65 protected static void populateSignatureParams(BasicSecurityConfiguration config) {
66
67 config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
68 config.registerSignatureAlgorithmURI("DSA", SignatureConstants.ALGO_ID_SIGNATURE_DSA);
69 config.registerSignatureAlgorithmURI("ECDSA", SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
70
71
72 config.registerSignatureAlgorithmURI("AES", SignatureConstants.ALGO_ID_MAC_HMAC_SHA1);
73 config.registerSignatureAlgorithmURI("DESede", SignatureConstants.ALGO_ID_MAC_HMAC_SHA1);
74
75
76 config.setSignatureCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
77 config.setSignatureHMACOutputLength(null);
78 config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA1);
79 }
80
81
82
83
84
85
86 protected static void populateEncryptionParams(BasicSecurityConfiguration config) {
87
88 config.registerDataEncryptionAlgorithmURI("AES", 128, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
89 config.registerDataEncryptionAlgorithmURI("AES", 192, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192);
90 config.registerDataEncryptionAlgorithmURI("AES", 256, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256);
91 config.registerDataEncryptionAlgorithmURI("DESede", 168, EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES);
92 config.registerDataEncryptionAlgorithmURI("DESede", 192, EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES);
93
94
95
96
97 config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES", EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
98 config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "DESede", EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
99
100
101 config.registerKeyTransportEncryptionAlgorithmURI("AES", 128, null, EncryptionConstants.ALGO_ID_KEYWRAP_AES128);
102 config.registerKeyTransportEncryptionAlgorithmURI("AES", 192, null, EncryptionConstants.ALGO_ID_KEYWRAP_AES192);
103 config.registerKeyTransportEncryptionAlgorithmURI("AES", 256, null, EncryptionConstants.ALGO_ID_KEYWRAP_AES256);
104 config.registerKeyTransportEncryptionAlgorithmURI("DESede", 168, null, EncryptionConstants.ALGO_ID_KEYWRAP_TRIPLEDES);
105 config.registerKeyTransportEncryptionAlgorithmURI("DESede", 192, null, EncryptionConstants.ALGO_ID_KEYWRAP_TRIPLEDES);
106
107
108 config.setAutoGeneratedDataEncryptionKeyAlgorithmURI(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
109 }
110
111
112
113
114
115
116 protected static void populateKeyInfoCredentialResolverParams(BasicSecurityConfiguration config) {
117
118 ArrayList<KeyInfoProvider> providers = new ArrayList<KeyInfoProvider>();
119 providers.add( new RSAKeyValueProvider() );
120 providers.add( new DSAKeyValueProvider() );
121 providers.add( new InlineX509DataProvider() );
122
123 KeyInfoCredentialResolver resolver = new BasicProviderKeyInfoCredentialResolver(providers);
124 config.setDefaultKeyInfoCredentialResolver(resolver);
125 }
126
127
128
129
130
131
132 protected static void populateKeyInfoGeneratorManager(BasicSecurityConfiguration config) {
133 NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager();
134 config.setKeyInfoGeneratorManager(namedManager);
135
136 namedManager.setUseDefaultManager(true);
137 KeyInfoGeneratorManager defaultManager = namedManager.getDefaultManager();
138
139
140 BasicKeyInfoGeneratorFactory basicFactory = new BasicKeyInfoGeneratorFactory();
141 basicFactory.setEmitPublicKeyValue(true);
142
143
144 X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
145 x509Factory.setEmitEntityCertificate(true);
146
147 defaultManager.registerFactory(basicFactory);
148 defaultManager.registerFactory(x509Factory);
149 }
150
151
152
153
154
155
156 protected static void populateKeyParams(BasicSecurityConfiguration config) {
157
158 }
159
160 }