se.swedenconnect.opensaml.xmlsec.encryption.support

Class ECDHKeyAgreementParameters

java.lang.Object

org.opensaml.xmlsec.encryption.support.DataEncryptionParameters

org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters

se.swedenconnect.opensaml.xmlsec.encryption.support.ECDHKeyAgreementParameters

public class ECDHKeyAgreementParameters
extends KeyEncryptionParameters

A specialization of OpenSAML's KeyEncryptionParameters that is to be used for Elliptic-curves Diffie-Hellman (Ephemeral-Static) key agreement ().

Note: This class is mainly intended to be used when you invoke the Encrypter without using an EncryptionParametersResolver that handles key agreement (see below). The implementation of this class is really not how we would like things to be done, but in order for the OpenSAML Encrypter to work for we introduce this solution where we really bend things for our needs. And hope that generic ECDH key agreement will be supported in OpenSAML soon.

In order to get everything to play along with OpenSAML's Encrypter we let the DataEncryptionParameters.getAlgorithm() return the algorithm for the key wrapping method. Normally, the DataEncryptionParameters.getAlgorithm() returns the key encryption algorithm, but in our case this is always .

Furthermore, the key derivation algorithm is hard-wired to and its parameters are not currently possible to configure (other than the digest method, see setConcatKDFParameters(ConcatKDFParameters).

Author:

Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

Constructor Summary

Constructors

Constructor and Description
ECDHKeyAgreementParameters() Constructor.
ECDHKeyAgreementParameters(EncryptionParameters params, String recipientId) Convenience constructor which allows copying the relevant key encryption parameters from an instance of EncryptionParameters.

Method Summary

Modifier and Type	Method and Description
ConcatKDFParameters	getConcatKDFParameters() Returns the ConcatKDF parameters to use.
Credential	getEncryptionCredential() Instead of returning the credential assigned (setEncryptionCredential(Credential)), the method will return the key agreement credential (getKeyAgreementCredential()).
Credential	getKeyAgreementCredential() Returns the key agreement credential.
String	getKeyDerivationAlgorithm() Gets the key derivation algorithm.
KeyInfoGenerator	getKeyInfoGenerator() If a KeyInfoGenerator has not been explicitly assigned, a default KeyAgreementKeyInfoGeneratorFactory.KeyAgreementKeyInfoGenerator (@link ExtendedDefaultSecurityConfigurationBootstrap.buildDefaultKeyAgreementKeyInfoGeneratorFactory()) will be created.
Credential	getPeerCredential() Returns the peer credential.
void	setConcatKDFParameters(ConcatKDFParameters concatKDFParameters) Assigns the ConcatKDF parameters to use.
void	setEncryptionCredential(Credential encryptionCredential) For the ECDHKeyAgreementParameters class, this means setPeerCredential(Credential).
void	setKeyAgreementCredential(Credential keyAgreementCredential) Assigns the key agreement credential.
void	setKeyDerivationAlgorithm(String keyDerivationAlgorithm) Sets the key derivation algorithm.
void	setPeerCredential(Credential peerCredential) Assigs the peer credential (this is the same as DataEncryptionParameters.setEncryptionCredential(Credential).

Methods inherited from class org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters

getRecipient, getRSAOAEPParameters, setRecipient, setRSAOAEPParameters

Methods inherited from class org.opensaml.xmlsec.encryption.support.DataEncryptionParameters

getAlgorithm, setAlgorithm, setKeyInfoGenerator

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ECDHKeyAgreementParameters

public ECDHKeyAgreementParameters()

Constructor.

ECDHKeyAgreementParameters

public ECDHKeyAgreementParameters(EncryptionParameters params,
                                  String recipientId)

Convenience constructor which allows copying the relevant key encryption parameters from an instance of EncryptionParameters.

If the supplied params contains a key transport encryption credential of type KeyAgreementCredential the setKeyAgreementCredential(Credential) will be invoked. This means that the key agreement credential will not be created by the getKeyAgreementCredential() method.

Parameters:

params - the encryption parameters instance

recipientId - the recipient of the key

Method Detail

getKeyAgreementCredential

public Credential getKeyAgreementCredential()

Returns the key agreement credential.

If the key agreement has not been assigned, the method will attempt to generate it using the key derivation parameters and peer credential of this instance.

Returns:

the key agreement credential, or null if it could not generate such a credential

setKeyAgreementCredential

public void setKeyAgreementCredential(Credential keyAgreementCredential)

Assigns the key agreement credential. This must be of the type KeyAgreementCredential.

If this credential is not assigned, it will be generated. See getKeyAgreementCredential().

Parameters:

keyAgreementCredential - the key agreement credential

getEncryptionCredential

public Credential getEncryptionCredential()

Instead of returning the credential assigned (setEncryptionCredential(Credential)), the method will return the key agreement credential (getKeyAgreementCredential()). The reason for this is a work-around so that we can squeeze key agreement functionality into the OpenSAML Encrypter.

Overrides:

getEncryptionCredential in class DataEncryptionParameters

setEncryptionCredential

public void setEncryptionCredential(Credential encryptionCredential)

For the ECDHKeyAgreementParameters class, this means setPeerCredential(Credential).

Overrides:

setEncryptionCredential in class DataEncryptionParameters

getPeerCredential

public Credential getPeerCredential()

Returns the peer credential. This is the credential that was assigned using setEncryptionCredential(Credential).

Returns:

the peer credential

setPeerCredential

public void setPeerCredential(Credential peerCredential)

Assigs the peer credential (this is the same as DataEncryptionParameters.setEncryptionCredential(Credential).

Parameters:

peerCredential - the peer credentials

getKeyInfoGenerator

public KeyInfoGenerator getKeyInfoGenerator()

If a KeyInfoGenerator has not been explicitly assigned, a default KeyAgreementKeyInfoGeneratorFactory.KeyAgreementKeyInfoGenerator (@link ExtendedDefaultSecurityConfigurationBootstrap.buildDefaultKeyAgreementKeyInfoGeneratorFactory()) will be created.

Overrides:

getKeyInfoGenerator in class DataEncryptionParameters

getKeyDerivationAlgorithm

public String getKeyDerivationAlgorithm()

Gets the key derivation algorithm.

Returns:

the key derivation algorithm

setKeyDerivationAlgorithm

public void setKeyDerivationAlgorithm(String keyDerivationAlgorithm)

Sets the key derivation algorithm.

Currently, the only supported algorithm is EcEncryptionConstants.ALGO_ID_KEYDERIVATION_CONCAT.

Parameters:

keyDerivationAlgorithm - the key derivation algorithm

getConcatKDFParameters

public ConcatKDFParameters getConcatKDFParameters()

Returns the ConcatKDF parameters to use.

Returns:

parameters

setConcatKDFParameters

public void setConcatKDFParameters(ConcatKDFParameters concatKDFParameters)

Assigns the ConcatKDF parameters to use.

Parameters:

concatKDFParameters - parameters