From bee5dd259a4438d45ecd1bcc26dfba12875236d6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 26 Jun 2018 11:03:48 +0200
Subject: initial commit

---
 .../EAAFDefaultSecurityConfigurationBootstrap.java | 132 +++++++++++++++++++++
 1 file changed, 132 insertions(+)
 create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSecurityConfigurationBootstrap.java

(limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSecurityConfigurationBootstrap.java')

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSecurityConfigurationBootstrap.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSecurityConfigurationBootstrap.java
new file mode 100644
index 00000000..0008ac87
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSecurityConfigurationBootstrap.java
@@ -0,0 +1,132 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize;
+
+import org.opensaml.xml.encryption.EncryptionConstants;
+import org.opensaml.xml.security.BasicSecurityConfiguration;
+import org.opensaml.xml.security.DefaultSecurityConfigurationBootstrap;
+import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
+import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
+import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.SignatureConstants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EAAFDefaultSecurityConfigurationBootstrap extends
+		DefaultSecurityConfigurationBootstrap {
+	
+	public static BasicSecurityConfiguration buildDefaultConfig() {
+		BasicSecurityConfiguration config = new BasicSecurityConfiguration();
+
+		populateSignatureParams(config);
+		populateEncryptionParams(config);
+		populateKeyInfoCredentialResolverParams(config);
+		populateKeyInfoGeneratorManager(config);
+		populateKeyParams(config);
+
+		return config;
+	}
+
+	protected static void populateKeyInfoGeneratorManager(
+			BasicSecurityConfiguration config) {
+		NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager();
+		config.setKeyInfoGeneratorManager(namedManager);
+
+		namedManager.setUseDefaultManager(true);
+		KeyInfoGeneratorManager defaultManager = namedManager
+				.getDefaultManager();
+
+		BasicKeyInfoGeneratorFactory basicFactory = new BasicKeyInfoGeneratorFactory();
+		basicFactory.setEmitPublicKeyValue(true);
+
+		X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
+		x509Factory.setEmitEntityCertificate(true);
+
+		defaultManager.registerFactory(basicFactory);
+		defaultManager.registerFactory(x509Factory);
+	}
+	
+	protected static void populateSignatureParams(
+			BasicSecurityConfiguration config) {
+		
+		//use SHA256 instead of SHA1
+		config.registerSignatureAlgorithmURI("RSA",
+				SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+	
+		config.registerSignatureAlgorithmURI("DSA",
+				"http://www.w3.org/2000/09/xmldsig#dsa-sha1");
+		
+		//use SHA256 instead of SHA1
+		config.registerSignatureAlgorithmURI("EC",
+				SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
+
+		//use SHA256 instead of SHA1
+		config.registerSignatureAlgorithmURI("AES",
+				SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
+		
+		
+		config.registerSignatureAlgorithmURI("DESede",
+				SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
+
+		config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
+		config.setSignatureHMACOutputLength(null);
+		
+		//use SHA256 instead of SHA1
+		config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
+	}
+
+	protected static void populateEncryptionParams(
+			BasicSecurityConfiguration config) {
+		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128),
+				"http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192),
+				"http://www.w3.org/2001/04/xmlenc#aes192-cbc");
+		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
+				"http://www.w3.org/2001/04/xmlenc#aes256-cbc");
+		
+		//support GCM mode
+		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128), 
+				EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM);
+		
+		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192), 
+				EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM);
+		
+		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256), 
+				EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
+		
+		
+		config.registerDataEncryptionAlgorithmURI("DESede",
+				Integer.valueOf(168),
+				"http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
+		config.registerDataEncryptionAlgorithmURI("DESede",
+				Integer.valueOf(192),
+				"http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
+
+		config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES",
+				"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
+		
+		config.registerKeyTransportEncryptionAlgorithmURI("RSA", null,
+				"DESede", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
+
+		config.registerKeyTransportEncryptionAlgorithmURI("AES",
+				Integer.valueOf(128), null,
+				"http://www.w3.org/2001/04/xmlenc#kw-aes128");
+		config.registerKeyTransportEncryptionAlgorithmURI("AES",
+				Integer.valueOf(192), null,
+				"http://www.w3.org/2001/04/xmlenc#kw-aes192");
+		config.registerKeyTransportEncryptionAlgorithmURI("AES",
+				Integer.valueOf(256), null,
+				"http://www.w3.org/2001/04/xmlenc#kw-aes256");
+		config.registerKeyTransportEncryptionAlgorithmURI("DESede",
+				Integer.valueOf(168), null,
+				"http://www.w3.org/2001/04/xmlenc#kw-tripledes");
+		config.registerKeyTransportEncryptionAlgorithmURI("DESede",
+				Integer.valueOf(192), null,
+				"http://www.w3.org/2001/04/xmlenc#kw-tripledes");
+
+		config.setAutoGeneratedDataEncryptionKeyAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+	}
+}
-- 
cgit v1.2.3