Class SecurityConfiguration

java.lang.Object
net.shibboleth.idp.profile.config.SecurityConfiguration

public class SecurityConfiguration
extends Object
Configuration for security behavior of profiles.
  • Field Details

    • clockSkew

      @Nonnull private final Duration clockSkew
      Acceptable clock skew.
    • idGenerator

      @Nonnull private final IdentifierGenerationStrategy idGenerator
      Generator used to generate various secure IDs (e.g., message identifiers).
    • sigValidateConfig

      @Nullable private SignatureValidationConfiguration sigValidateConfig
      Configuration used when validating protocol message signatures.
    • sigSigningConfig

      @Nullable private SignatureSigningConfiguration sigSigningConfig
      Configuration used when generating protocol message signatures.
    • decryptConfig

      @Nullable private DecryptionConfiguration decryptConfig
      Configuration used when decrypting protocol message information.
    • encryptConfig

      @Nullable private EncryptionConfiguration encryptConfig
      Configuration used when encrypting protocol message information.
    • clientTLSConfig

      @Nullable private ClientTLSValidationConfiguration clientTLSConfig
      Configuration used when validating client TLS X509Credentials.
    • httpClientConfig

      @Nullable private HttpClientSecurityConfiguration httpClientConfig
      Configuration used when executing HttpClient requests.
  • Constructor Details

    • SecurityConfiguration

      public SecurityConfiguration()
      Constructor. Initializes the clock skew to 5 minutes and the identifier generator to SecureRandomIdentifierGenerationStrategy using the SHA1PRNG algorithm.
    • SecurityConfiguration

      public SecurityConfiguration​(@Nonnull Duration skew, @Nonnull IdentifierGenerationStrategy generator)
      Constructor.
      Parameters:
      skew - the clock skew, must be greater than 0
      generator - the identifier generator, must not be null
  • Method Details

    • getClockSkew

      @Nonnull public Duration getClockSkew()
      Get the acceptable clock skew.
      Returns:
      acceptable clock skew
    • getIdGenerator

      @Nonnull public IdentifierGenerationStrategy getIdGenerator()
      Get the generator used to generate secure identifiers.
      Returns:
      generator used to generate secure identifiers
    • getSignatureValidationConfiguration

      @Nullable public SignatureValidationConfiguration getSignatureValidationConfiguration()
      Get the configuration used when validating protocol message signatures.
      Returns:
      configuration used when validating protocol message signatures, or null
    • setSignatureValidationConfiguration

      public void setSignatureValidationConfiguration​(@Nullable SignatureValidationConfiguration config)
      Set the configuration used when validating protocol message signatures.
      Parameters:
      config - configuration used when validating protocol message signatures, or null
    • getSignatureSigningConfiguration

      @Nullable public SignatureSigningConfiguration getSignatureSigningConfiguration()
      Get the configuration used when generating protocol message signatures.
      Returns:
      configuration used when generating protocol message signatures, or null
    • setSignatureSigningConfiguration

      public void setSignatureSigningConfiguration​(@Nullable SignatureSigningConfiguration config)
      Set the configuration used when generating protocol message signatures.
      Parameters:
      config - configuration used when generating protocol message signatures, or null
    • getDecryptionConfiguration

      @Nullable public DecryptionConfiguration getDecryptionConfiguration()
      Get the configuration used when decrypting protocol message information.
      Returns:
      configuration used when decrypting protocol message information, or null
    • setDecryptionConfiguration

      public void setDecryptionConfiguration​(@Nullable DecryptionConfiguration config)
      Set the configuration used when decrypting protocol message information.
      Parameters:
      config - configuration used when decrypting protocol message information, or null
    • getEncryptionConfiguration

      @Nullable public EncryptionConfiguration getEncryptionConfiguration()
      Get the configuration used when encrypting protocol message information.
      Returns:
      configuration used when encrypting protocol message information, or null
    • setEncryptionConfiguration

      public void setEncryptionConfiguration​(@Nullable EncryptionConfiguration config)
      Set the configuration used when encrypting protocol message information.
      Parameters:
      config - configuration used when encrypting protocol message information, or null
    • getClientTLSValidationConfiguration

      @Nullable public ClientTLSValidationConfiguration getClientTLSValidationConfiguration()
      Get the configuration used when validating client TLS X509Credentials.
      Returns:
      configuration used when validating client TLS X509Credentials, or null
    • setClientTLSValidationConfiguration

      public void setClientTLSValidationConfiguration​(ClientTLSValidationConfiguration config)
      Set the configuration used when validating client TLS X509Credentials.
      Parameters:
      config - configuration used when validating client TLS X509Credentials, or null
    • getHttpClientSecurityConfiguration

      @Nullable public HttpClientSecurityConfiguration getHttpClientSecurityConfiguration()
      Get the configuration used when executing HttpClient requests.
      Returns:
      configuration used when executing HttpClient requests, or null
    • setHttpClientSecurityConfiguration

      public void setHttpClientSecurityConfiguration​(HttpClientSecurityConfiguration config)
      Set the configuration used when executing HttpClient requests.
      Parameters:
      config - configuration used when executing HttpClient requests, or null