Package com.helger.phase4.crypto

Class AS4SigningParams

java.lang.Object
com.helger.phase4.crypto.AS4SigningParams
All Implemented Interfaces:
com.helger.base.clone.ICloneable<AS4SigningParams>
@NotThreadSafe public class AS4SigningParams extends Object implements com.helger.base.clone.ICloneable<AS4SigningParams>
AS4 signing parameters
Since:
0.9.0
Author:
Philip Helger

  • Field Details

    • DEFAULT_KEY_IDENTIFIER_TYPE

      public static final ECryptoKeyIdentifierType DEFAULT_KEY_IDENTIFIER_TYPE

    • DEFAULT_USE_SINGLE_CERTIFICATE

      public static final boolean DEFAULT_USE_SINGLE_CERTIFICATE
      See Also:

  • Constructor Details

    • AS4SigningParams

      public AS4SigningParams()

  • Method Details

    • isSigningEnabled

      public boolean isSigningEnabled()
      Returns:
      true if signing is enabled, false if not

    • getKeyIdentifierType

      public final @NonNull ECryptoKeyIdentifierType getKeyIdentifierType()
      Returns:
      The key identifier type. May not be null.
      Since:
      0.11.0

    • setKeyIdentifierType

      public final @NonNull AS4SigningParams setKeyIdentifierType(@NonNull ECryptoKeyIdentifierType eKeyIdentifierType)
      Set the key identifier type to use. That defines how the information about the signing certificate is transmitted.
      Parameters:
      eKeyIdentifierType - The key identifier type to use. May not be null.
      Returns:
      this for chaining
      Since:
      0.11.0

    • getAlgorithmSign

      public final @Nullable ECryptoAlgorithmSign getAlgorithmSign()
      Returns:
      The signing algorithm to use. May be null.

    • setAlgorithmSign

      public final @NonNull AS4SigningParams setAlgorithmSign(@Nullable ECryptoAlgorithmSign eAlgorithmSign)
      A signing algorithm can be set.
      MANDATORY if you want to use sign.
      Also @see setAlgorithmSignDigest(ECryptoAlgorithmSignDigest)
      Parameters:
      eAlgorithmSign - the signing algorithm that should be set
      Returns:
      this for chaining

    • getAlgorithmSignDigest

      public final @Nullable ECryptoAlgorithmSignDigest getAlgorithmSignDigest()
      Returns:
      The signing digest algorithm to use. May be null.

    • setAlgorithmSignDigest

      public final @NonNull AS4SigningParams setAlgorithmSignDigest(@Nullable ECryptoAlgorithmSignDigest eAlgorithmSignDigest)
      A signing digest algorithm can be set.
      MANDATORY if you want to use sign.
      Also @see setAlgorithmSign(ECryptoAlgorithmSign)
      Parameters:
      eAlgorithmSignDigest - the signing digest algorithm that should be set
      Returns:
      this for chaining

    • getAlgorithmC14N

      public final @NonNull ECryptoAlgorithmC14N getAlgorithmC14N()
      Returns:
      The canonicalization algorithm to use. Never null.
      Since:
      0.10.6

    • setAlgorithmC14N

      public final @NonNull AS4SigningParams setAlgorithmC14N(@NonNull ECryptoAlgorithmC14N eAlgorithmC14N)
      Set the canonicalization algorithm to be used. By default "Exclusive without comments" is used as suggested by the WS Security SOAP Message Security Version 1.1.1 spec, chapter 8.1.
      Source: http://docs.oasis-open.org/wss-m/wss/v1.1.1/wss-SOAPMessageSecurity-v1.1.1.doc
      Parameters:
      eAlgorithmC14N - the canonicalization algorithm that should be set. May not be null.
      Returns:
      this for chaining
      Since:
      0.10.6

    • getSecurityProviderSign

      public final @Nullable Provider getSecurityProviderSign()
      Returns:
      The security provider for signing (not for verification) to be used. May be null.
      Since:
      2.4.0

    • setSecurityProviderSign

      public final @NonNull AS4SigningParams setSecurityProviderSign(@Nullable Provider aSecurityProviderSign)
      Set the security provider to be used for signing (not for verification).
      Parameters:
      aSecurityProviderSign - The security provider to be used. May be null.
      Returns:
      this for chaining
      Since:
      2.4.0

    • getSecurityProviderVerify

      public final @Nullable Provider getSecurityProviderVerify()
      Returns:
      The security provider for verification (not for signing) to be used. May be null.
      Since:
      2.4.0

    • setSecurityProviderVerify

      public final @NonNull AS4SigningParams setSecurityProviderVerify(@Nullable Provider aSecurityProviderVerify)
      Set the security provider to be used for verification (not for signing).
      Parameters:
      aSecurityProviderVerify - The security provider to be used. May be null.
      Returns:
      this for chaining
      Since:
      2.4.0

    • setSecurityProvider

      public final @NonNull AS4SigningParams setSecurityProvider(@Nullable Provider aSecurityProvider)
      Set the security provider to be used for signing and verification.
      Parameters:
      aSecurityProvider - The security provider to be used. May be null.
      Returns:
      this for chaining
      Since:
      2.1.3

    • isUseSingleCertificate

      public final boolean isUseSingleCertificate()
      Returns:
      true to use the BST ValueType "#X509v3", false to use the BST value type "#X509PKIPathv1".
      Since:
      2.1.5

    • setUseSingleCertificate

      public final @NonNull AS4SigningParams setUseSingleCertificate(boolean bUseSingleCertificate)
      Set the Binary Security Token value type. The default is true.
      Parameters:
      bUseSingleCertificate - true maps to "#X509v3" (e.g. for Peppol) and false maps to "#X509PKIPathv1".
      Returns:
      this for chaining
      Since:
      2.1.5

    • getWSSecSignatureCustomizer

      public final @Nullable IWSSecSignatureCustomizer getWSSecSignatureCustomizer()

    • hasWSSecSignatureCustomizer

      public final boolean hasWSSecSignatureCustomizer()

    • setWSSecSignatureCustomizer

      public final @NonNull AS4SigningParams setWSSecSignatureCustomizer(@Nullable IWSSecSignatureCustomizer a)

    • getSubjectCertConstraints

      @ReturnsMutableObject public final @Nullable Collection<Pattern> getSubjectCertConstraints()
      Returns the signature subject certificate constraints as regular expressions
      Returns:
      The signature subject certificate constraints as regular expressions or null if no checks should be performed.
      Since:
      3.0.7

    • getAllSubjectCertConstraints

      @ReturnsMutableCopy public final @NonNull Collection<Pattern> getAllSubjectCertConstraints()
      Returns the signature subject certificate constraints as regular expressions
      Returns:
      The signature subject certificate constraints as regular expressions as a copy. Never null.
      Since:
      3.0.7

    • hasSubjectCertConstraints

      public final boolean hasSubjectCertConstraints()
      Returns whether signature subject certificate constraints exists
      Returns:
      Returns true if signature subject certificate constraints exists, false otherwise.
      Since:
      3.0.7

    • setSubjectCertConstraints

      public final @NonNull AS4SigningParams setSubjectCertConstraints(@Nullable Collection<Pattern> aSubjectCertConstraints)
      Sets the signature subject certificate constraints as regular expressions.
      Please note: Pattern does not implement equals/hashCode, so using a Set as a parameter is not really helpful. However, please make sure to add each pattern only once.
      Parameters:
      aSubjectCertConstraints - The collection of regular expression patterns to check. May be null or empty.
      Returns:
      this for chaining
      Since:
      3.0.7

    • setSubjectCertConstraints

      public final @NonNull AS4SigningParams setSubjectCertConstraints(@Nullable Pattern... aSubjectCertConstraints)
      Sets the signature subject certificate constraints as regular expressions.
      Parameters:
      aSubjectCertConstraints - The array of regular expression patterns to check. May be null or empty.
      Returns:
      this for chaining
      Since:
      3.0.7

    • setFromPMode

      public final @NonNull AS4SigningParams setFromPMode(@Nullable PModeLegSecurity aSecurity)
      This method calls setAlgorithmSign(ECryptoAlgorithmSign) and setAlgorithmSignDigest(ECryptoAlgorithmSignDigest) based on the PMode parameters. If the PMode parameter is null both values will be set to null.
      Parameters:
      aSecurity - The PMode security stuff to use. May be null.
      Returns:
      this for chaining

    • cloneTo

      @OverridingMethodsMustInvokeSuper public void cloneTo(@NonNull AS4SigningParams aTarget)

    • getClone

      @ReturnsMutableCopy public @NonNull AS4SigningParams getClone()
      Specified by:
      getClone in interface com.helger.base.clone.ICloneable<AS4SigningParams>

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • createDefault

      @ReturnsMutableObject public static @NonNull AS4SigningParams createDefault()
      Returns:
      A non-null AS4SigningParams object with default values assigned.
      See Also: