Package net.shibboleth.idp.profile.config

Class SecurityConfiguration

java.lang.Object
net.shibboleth.idp.profile.config.SecurityConfiguration
public class SecurityConfiguration extends Object
Configuration for security behavior of profiles.

  • Field Details

    • clockSkew

      @Nonnull private final Duration clockSkew
      Acceptable clock skew.

    • idGenerator

      @Nonnull private final IdentifierGenerationStrategy idGenerator
      Generator used to generate various secure IDs (e.g., message identifiers).

    • sigValidateConfig

      @Nullable private SignatureValidationConfiguration sigValidateConfig
      Configuration used when validating protocol message signatures.

    • sigSigningConfig

      @Nullable private SignatureSigningConfiguration sigSigningConfig
      Configuration used when generating protocol message signatures.

    • decryptConfig

      @Nullable private DecryptionConfiguration decryptConfig
      Configuration used when decrypting protocol message information.

    • encryptConfig

      @Nullable private EncryptionConfiguration encryptConfig
      Configuration used when encrypting protocol message information.

    • clientTLSConfig

      @Nullable private ClientTLSValidationConfiguration clientTLSConfig
      Configuration used when validating client TLS X509Credentials.

    • httpClientConfig

      @Nullable private HttpClientSecurityConfiguration httpClientConfig
      Configuration used when executing HttpClient requests.

  • Constructor Details

    • SecurityConfiguration

      public SecurityConfiguration()
      Constructor. Initializes the clock skew to 5 minutes and the identifier generator to SecureRandomIdentifierGenerationStrategy using the SHA1PRNG algorithm.

    • SecurityConfiguration

      public SecurityConfiguration(@Nonnull Duration skew, @Nonnull IdentifierGenerationStrategy generator)
      Constructor.
      Parameters:
      skew - the clock skew, must be greater than 0
      generator - the identifier generator, must not be null

  • Method Details

    • getClockSkew

      @Nonnull public Duration getClockSkew()
      Get the acceptable clock skew.
      Returns:
      acceptable clock skew

    • getIdGenerator

      @Nonnull public IdentifierGenerationStrategy getIdGenerator()
      Get the generator used to generate secure identifiers.
      Returns:
      generator used to generate secure identifiers

    • getSignatureValidationConfiguration

      @Nullable public SignatureValidationConfiguration getSignatureValidationConfiguration()
      Get the configuration used when validating protocol message signatures.
      Returns:
      configuration used when validating protocol message signatures, or null

    • setSignatureValidationConfiguration

      public void setSignatureValidationConfiguration(@Nullable SignatureValidationConfiguration config)
      Set the configuration used when validating protocol message signatures.
      Parameters:
      config - configuration used when validating protocol message signatures, or null

    • getSignatureSigningConfiguration

      @Nullable public SignatureSigningConfiguration getSignatureSigningConfiguration()
      Get the configuration used when generating protocol message signatures.
      Returns:
      configuration used when generating protocol message signatures, or null

    • setSignatureSigningConfiguration

      public void setSignatureSigningConfiguration(@Nullable SignatureSigningConfiguration config)
      Set the configuration used when generating protocol message signatures.
      Parameters:
      config - configuration used when generating protocol message signatures, or null

    • getDecryptionConfiguration

      @Nullable public DecryptionConfiguration getDecryptionConfiguration()
      Get the configuration used when decrypting protocol message information.
      Returns:
      configuration used when decrypting protocol message information, or null

    • setDecryptionConfiguration

      public void setDecryptionConfiguration(@Nullable DecryptionConfiguration config)
      Set the configuration used when decrypting protocol message information.
      Parameters:
      config - configuration used when decrypting protocol message information, or null

    • getEncryptionConfiguration

      @Nullable public EncryptionConfiguration getEncryptionConfiguration()
      Get the configuration used when encrypting protocol message information.
      Returns:
      configuration used when encrypting protocol message information, or null

    • setEncryptionConfiguration

      public void setEncryptionConfiguration(@Nullable EncryptionConfiguration config)
      Set the configuration used when encrypting protocol message information.
      Parameters:
      config - configuration used when encrypting protocol message information, or null

    • getClientTLSValidationConfiguration

      @Nullable public ClientTLSValidationConfiguration getClientTLSValidationConfiguration()
      Get the configuration used when validating client TLS X509Credentials.
      Returns:
      configuration used when validating client TLS X509Credentials, or null

    • setClientTLSValidationConfiguration

      public void setClientTLSValidationConfiguration(ClientTLSValidationConfiguration config)
      Set the configuration used when validating client TLS X509Credentials.
      Parameters:
      config - configuration used when validating client TLS X509Credentials, or null

    • getHttpClientSecurityConfiguration

      @Nullable public HttpClientSecurityConfiguration getHttpClientSecurityConfiguration()
      Get the configuration used when executing HttpClient requests.
      Returns:
      configuration used when executing HttpClient requests, or null

    • setHttpClientSecurityConfiguration

      public void setHttpClientSecurityConfiguration(HttpClientSecurityConfiguration config)
      Set the configuration used when executing HttpClient requests.
      Parameters:
      config - configuration used when executing HttpClient requests, or null