Package net.shibboleth.idp.profile.config

Class SecurityConfiguration

  • public class SecurityConfiguration
extends Object
    Configuration for security behavior of profiles.

    • Field Detail

      • clockSkew

        @Nonnull
private final Duration clockSkew
        Acceptable clock skew.

      • idGenerator

        @Nonnull
private final IdentifierGenerationStrategy idGenerator
        Generator used to generate various secure IDs (e.g., message identifiers).

      • sigSigningConfig

        @Nullable
private SignatureSigningConfiguration sigSigningConfig
        Configuration used when generating protocol message signatures.

      • decryptConfig

        @Nullable
private DecryptionConfiguration decryptConfig
        Configuration used when decrypting protocol message information.

      • encryptConfig

        @Nullable
private EncryptionConfiguration encryptConfig
        Configuration used when encrypting protocol message information.

    • Constructor Detail

      • SecurityConfiguration

        public SecurityConfiguration()
        Constructor. Initializes the clock skew to 5 minutes and the identifier generator to SecureRandomIdentifierGenerationStrategy using the SHA1PRNG algorithm.

      • SecurityConfiguration

        public SecurityConfiguration​(@Nonnull
                             Duration skew,
                             @Nonnull
                             IdentifierGenerationStrategy generator)
        Constructor.
        Parameters:
        skew - the clock skew, must be greater than 0
        generator - the identifier generator, must not be null

    • Method Detail

      • getClockSkew

        @Nonnull
public Duration getClockSkew()
        Get the acceptable clock skew.
        Returns:
        acceptable clock skew

      • getIdGenerator

        @Nonnull
public IdentifierGenerationStrategy getIdGenerator()
        Get the generator used to generate secure identifiers.
        Returns:
        generator used to generate secure identifiers

      • getSignatureValidationConfiguration

        @Nullable
public SignatureValidationConfiguration getSignatureValidationConfiguration()
        Get the configuration used when validating protocol message signatures.
        Returns:
        configuration used when validating protocol message signatures, or null

      • setSignatureValidationConfiguration

        public void setSignatureValidationConfiguration​(@Nullable
                                                SignatureValidationConfiguration config)
        Set the configuration used when validating protocol message signatures.
        Parameters:
        config - configuration used when validating protocol message signatures, or null

      • getSignatureSigningConfiguration

        @Nullable
public SignatureSigningConfiguration getSignatureSigningConfiguration()
        Get the configuration used when generating protocol message signatures.
        Returns:
        configuration used when generating protocol message signatures, or null

      • setSignatureSigningConfiguration

        public void setSignatureSigningConfiguration​(@Nullable
                                             SignatureSigningConfiguration config)
        Set the configuration used when generating protocol message signatures.
        Parameters:
        config - configuration used when generating protocol message signatures, or null

      • getDecryptionConfiguration

        @Nullable
public DecryptionConfiguration getDecryptionConfiguration()
        Get the configuration used when decrypting protocol message information.
        Returns:
        configuration used when decrypting protocol message information, or null

      • setDecryptionConfiguration

        public void setDecryptionConfiguration​(@Nullable
                                       DecryptionConfiguration config)
        Set the configuration used when decrypting protocol message information.
        Parameters:
        config - configuration used when decrypting protocol message information, or null

      • getEncryptionConfiguration

        @Nullable
public EncryptionConfiguration getEncryptionConfiguration()
        Get the configuration used when encrypting protocol message information.
        Returns:
        configuration used when encrypting protocol message information, or null

      • setEncryptionConfiguration

        public void setEncryptionConfiguration​(@Nullable
                                       EncryptionConfiguration config)
        Set the configuration used when encrypting protocol message information.
        Parameters:
        config - configuration used when encrypting protocol message information, or null

      • getClientTLSValidationConfiguration

        @Nullable
public ClientTLSValidationConfiguration getClientTLSValidationConfiguration()
        Get the configuration used when validating client TLS X509Credentials.
        Returns:
        configuration used when validating client TLS X509Credentials, or null

      • setClientTLSValidationConfiguration

        public void setClientTLSValidationConfiguration​(ClientTLSValidationConfiguration config)
        Set the configuration used when validating client TLS X509Credentials.
        Parameters:
        config - configuration used when validating client TLS X509Credentials, or null

      • getHttpClientSecurityConfiguration

        @Nullable
public HttpClientSecurityConfiguration getHttpClientSecurityConfiguration()
        Get the configuration used when executing HttpClient requests.
        Returns:
        configuration used when executing HttpClient requests, or null

      • setHttpClientSecurityConfiguration

        public void setHttpClientSecurityConfiguration​(HttpClientSecurityConfiguration config)
        Set the configuration used when executing HttpClient requests.
        Parameters:
        config - configuration used when executing HttpClient requests, or null