/**
* Populate KeyInfoCredentialResolver-related parameters.
*
* @param config the security configuration to populate
*/
protected static void populateKeyInfoCredentialResolverParams(BasicSecurityConfiguration config) {
// Basic resolver for inline info
ArrayList<KeyInfoProvider> providers = new ArrayList<KeyInfoProvider>();
providers.add(new RSAKeyValueProvider());
providers.add(new DSAKeyValueProvider());
providers.add(new InlineX509DataProvider());
KeyInfoCredentialResolver resolver = new BasicProviderKeyInfoCredentialResolver(providers);
config.setDefaultKeyInfoCredentialResolver(resolver);
}
/**
* Populate signature-related parameters.
*
* @param config the security configuration to populate
*/
protected static void populateSignatureParams(BasicSecurityConfiguration config) {
// Asymmetric key algorithms
config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
config.registerSignatureAlgorithmURI("DSA", SignatureConstants.ALGO_ID_SIGNATURE_DSA);
config.registerSignatureAlgorithmURI("ECDSA", SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
// HMAC algorithms
config.registerSignatureAlgorithmURI("AES", SignatureConstants.ALGO_ID_MAC_HMAC_SHA1);
config.registerSignatureAlgorithmURI("DESede", SignatureConstants.ALGO_ID_MAC_HMAC_SHA1);
// Other signature-related params
config.setSignatureCanonicalizationAlgorithm(
SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
config.setSignatureHMACOutputLength(null);
config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA1);
}
/**
* Populate KeyInfoGeneratorManager-related parameters.
*
* @param config the security configuration to populate
*/
protected static void populateKeyInfoGeneratorManager(BasicSecurityConfiguration config) {
NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager();
config.setKeyInfoGeneratorManager(namedManager);
namedManager.setUseDefaultManager(true);
KeyInfoGeneratorManager defaultManager = namedManager.getDefaultManager();
// Generator for basic Credentials
BasicKeyInfoGeneratorFactory basicFactory = new BasicKeyInfoGeneratorFactory();
basicFactory.setEmitPublicKeyValue(true);
// Generator for X509Credentials
X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
x509Factory.setEmitEntityCertificate(true);
defaultManager.registerFactory(basicFactory);
defaultManager.registerFactory(x509Factory);
}
/**
* Populate encryption-related parameters.
*
* @param config the security configuration to populate
*/
protected static void populateEncryptionParams(BasicSecurityConfiguration config) {
// Data encryption URI's
config.registerDataEncryptionAlgorithmURI(
"AES", 128, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
config.registerDataEncryptionAlgorithmURI(
"AES", 192, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192);
config.registerDataEncryptionAlgorithmURI(
"AES", 256, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256);
config.registerDataEncryptionAlgorithmURI(
"DESede", 168, EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES);
config.registerDataEncryptionAlgorithmURI(
"DESede", 192, EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES);
// Key encryption URI's
// Asymmetric key transport algorithms
config.registerKeyTransportEncryptionAlgorithmURI(
"RSA", null, "AES", EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
config.registerKeyTransportEncryptionAlgorithmURI(
"RSA", null, "DESede", EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
// Symmetric key wrap algorithms
config.registerKeyTransportEncryptionAlgorithmURI(
"AES", 128, null, EncryptionConstants.ALGO_ID_KEYWRAP_AES128);
config.registerKeyTransportEncryptionAlgorithmURI(
"AES", 192, null, EncryptionConstants.ALGO_ID_KEYWRAP_AES192);
config.registerKeyTransportEncryptionAlgorithmURI(
"AES", 256, null, EncryptionConstants.ALGO_ID_KEYWRAP_AES256);
config.registerKeyTransportEncryptionAlgorithmURI(
"DESede", 168, null, EncryptionConstants.ALGO_ID_KEYWRAP_TRIPLEDES);
config.registerKeyTransportEncryptionAlgorithmURI(
"DESede", 192, null, EncryptionConstants.ALGO_ID_KEYWRAP_TRIPLEDES);
// Other encryption-related params
config.setAutoGeneratedDataEncryptionKeyAlgorithmURI(
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
}