Package net.shibboleth.idp.profile.config

Class SecurityConfiguration

  • public class SecurityConfiguration
extends Object
    Configuration for security behavior of profiles.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private org.opensaml.security.x509.tls.ClientTLSValidationConfiguration clientTLSConfig
      Configuration used when validating client TLS X509Credentials.
      private Duration clockSkew
      Acceptable clock skew.
      private org.opensaml.xmlsec.DecryptionConfiguration decryptConfig
      Configuration used when decrypting protocol message information.
      private org.opensaml.xmlsec.EncryptionConfiguration encryptConfig
      Configuration used when encrypting protocol message information.
      private org.opensaml.security.httpclient.HttpClientSecurityConfiguration httpClientConfig
      Configuration used when executing HttpClient requests.
      private net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy idGenerator
      Generator used to generate various secure IDs (e.g., message identifiers).
      private org.opensaml.xmlsec.SignatureSigningConfiguration sigSigningConfig
      Configuration used when generating protocol message signatures.
      private org.opensaml.xmlsec.SignatureValidationConfiguration sigValidateConfig
      Configuration used when validating protocol message signatures.

    • Field Detail

      • clockSkew

        @Nonnull
private final Duration clockSkew
        Acceptable clock skew.

      • idGenerator

        @Nonnull
private final net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy idGenerator
        Generator used to generate various secure IDs (e.g., message identifiers).

      • sigValidateConfig

        @Nullable
private org.opensaml.xmlsec.SignatureValidationConfiguration sigValidateConfig
        Configuration used when validating protocol message signatures.

      • sigSigningConfig

        @Nullable
private org.opensaml.xmlsec.SignatureSigningConfiguration sigSigningConfig
        Configuration used when generating protocol message signatures.

      • decryptConfig

        @Nullable
private org.opensaml.xmlsec.DecryptionConfiguration decryptConfig
        Configuration used when decrypting protocol message information.

      • encryptConfig

        @Nullable
private org.opensaml.xmlsec.EncryptionConfiguration encryptConfig
        Configuration used when encrypting protocol message information.

      • clientTLSConfig

        @Nullable
private org.opensaml.security.x509.tls.ClientTLSValidationConfiguration clientTLSConfig
        Configuration used when validating client TLS X509Credentials.

      • httpClientConfig

        @Nullable
private org.opensaml.security.httpclient.HttpClientSecurityConfiguration httpClientConfig
        Configuration used when executing HttpClient requests.

    • Constructor Detail

      • SecurityConfiguration

        public SecurityConfiguration()
        Constructor. Initializes the clock skew to 5 minutes and the identifier generator to SecureRandomIdentifierGenerationStrategy using the SHA1PRNG algorithm.

      • SecurityConfiguration

        public SecurityConfiguration​(@Nonnull
                             Duration skew,
                             @Nonnull
                             net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy generator)
        Constructor.
        Parameters:
        skew - the clock skew, must be greater than 0
        generator - the identifier generator, must not be null

    • Method Detail

      • getClockSkew

        @Nonnull
public Duration getClockSkew()
        Get the acceptable clock skew.
        Returns:
        acceptable clock skew

      • getIdGenerator

        @Nonnull
public net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy getIdGenerator()
        Get the generator used to generate secure identifiers.
        Returns:
        generator used to generate secure identifiers

      • getSignatureValidationConfiguration

        @Nullable
public org.opensaml.xmlsec.SignatureValidationConfiguration getSignatureValidationConfiguration()
        Get the configuration used when validating protocol message signatures.
        Returns:
        configuration used when validating protocol message signatures, or null

      • setSignatureValidationConfiguration

        public void setSignatureValidationConfiguration​(@Nullable
                                                org.opensaml.xmlsec.SignatureValidationConfiguration config)
        Set the configuration used when validating protocol message signatures.
        Parameters:
        config - configuration used when validating protocol message signatures, or null

      • getSignatureSigningConfiguration

        @Nullable
public org.opensaml.xmlsec.SignatureSigningConfiguration getSignatureSigningConfiguration()
        Get the configuration used when generating protocol message signatures.
        Returns:
        configuration used when generating protocol message signatures, or null

      • setSignatureSigningConfiguration

        public void setSignatureSigningConfiguration​(@Nullable
                                             org.opensaml.xmlsec.SignatureSigningConfiguration config)
        Set the configuration used when generating protocol message signatures.
        Parameters:
        config - configuration used when generating protocol message signatures, or null

      • getDecryptionConfiguration

        @Nullable
public org.opensaml.xmlsec.DecryptionConfiguration getDecryptionConfiguration()
        Get the configuration used when decrypting protocol message information.
        Returns:
        configuration used when decrypting protocol message information, or null

      • setDecryptionConfiguration

        public void setDecryptionConfiguration​(@Nullable
                                       org.opensaml.xmlsec.DecryptionConfiguration config)
        Set the configuration used when decrypting protocol message information.
        Parameters:
        config - configuration used when decrypting protocol message information, or null

      • getEncryptionConfiguration

        @Nullable
public org.opensaml.xmlsec.EncryptionConfiguration getEncryptionConfiguration()
        Get the configuration used when encrypting protocol message information.
        Returns:
        configuration used when encrypting protocol message information, or null

      • setEncryptionConfiguration

        public void setEncryptionConfiguration​(@Nullable
                                       org.opensaml.xmlsec.EncryptionConfiguration config)
        Set the configuration used when encrypting protocol message information.
        Parameters:
        config - configuration used when encrypting protocol message information, or null

      • getClientTLSValidationConfiguration

        public org.opensaml.security.x509.tls.ClientTLSValidationConfiguration getClientTLSValidationConfiguration()
        Get the configuration used when validating client TLS X509Credentials.
        Returns:
        configuration used when validating client TLS X509Credentials, or null

      • setClientTLSValidationConfiguration

        public void setClientTLSValidationConfiguration​(org.opensaml.security.x509.tls.ClientTLSValidationConfiguration config)
        Set the configuration used when validating client TLS X509Credentials.
        Parameters:
        config - configuration used when validating client TLS X509Credentials, or null

      • getHttpClientSecurityConfiguration

        public org.opensaml.security.httpclient.HttpClientSecurityConfiguration getHttpClientSecurityConfiguration()
        Get the configuration used when executing HttpClient requests.
        Returns:
        configuration used when executing HttpClient requests, or null

      • setHttpClientSecurityConfiguration

        public void setHttpClientSecurityConfiguration​(org.opensaml.security.httpclient.HttpClientSecurityConfiguration config)
        Set the configuration used when executing HttpClient requests.
        Parameters:
        config - configuration used when executing HttpClient requests, or null