Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

be.ehealth.technicalconnector.service.etee
Class CryptoFactory

java.lang.Object
  extended by be.ehealth.technicalconnector.service.etee.CryptoFactory

public final class CryptoFactory
extends Object

Factory class to retreive the implementation of the Crypto. Creates Crypto

Field Summary
static String OCSP_CERT_STORE
          Base property to set the certificates and crl to be used by the OCSP verification.
static String OCSP_CLOCK_SKEW
          Property to set the acceptable difference (in millis) in time calculations to prevent clock synchronisation issues.
static String OCSP_CONNECTION_TIMEOUT
          Maximum time (in millis) to setup a connection.
static String OCSP_CONNECTION_USER_INTERACTION
          Flag (true/false) to allow for user interaction.
static String OCSP_INJECT_RESPONSE
          Flag (true/false) to add OSCPResponse to sealed message.
static String OCSP_READ_TIMEOUT
          Maximum time (in millis) to wait for a response.
static String OCSP_URI
          Property to set the endpoint of the OCSP Response.
static String PROPS_CRYPTO_CLASS
          Property used to change the implementation for the Crypto.
static String SIGNING_CLOCK_SKEW
          Property to set the acceptable difference (in millis) in time calculations to prevent clock synchronisation issues.
static String SIGNING_TIME_EXPIRATION
          Property to set the maximum time (in minutes) to consider a sealed message as recent.
static String SIGNING_TIME_TRUST_IMPLICIT
          Flag (true/false) to accept messages that have an expired Signing-Time without further verifications.
static String SIGNING_TSA_CERT_STORE
          Base property to set the certificates and crl to be used by the TSA verification.
 
Method Summary
static KeyStore getCaCertificateStore()
           
static Crypto getCrypto(Credential encryption, Map<String,PrivateKey> decryptionKeys)
           
static Crypto getCrypto(Credential encryption, Map<String,PrivateKey> decryptionKeys, String oCSPPolicy)
          Possible values of the OCSPPolicy parameter: Key Description NONE No OCSP check.
static Crypto getCryptoFromSession()
           
static Map<be.fgov.ehealth.etee.crypto.policies.OCSPOption,Object> getOCSPOptions()
           
static void resetOCSPOptions()
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PROPS_CRYPTO_CLASS

public static final String PROPS_CRYPTO_CLASS
Property used to change the implementation for the Crypto.

Default:be.ehealth.technicalconnector.service.etee.impl.CryptoImpl

See Also:
Constant Field Values

SIGNING_TIME_EXPIRATION

public static final String SIGNING_TIME_EXPIRATION
Property to set the maximum time (in minutes) to consider a sealed message as recent.

Default:5 minutes.

See Also:
Constant Field Values

SIGNING_CLOCK_SKEW

public static final String SIGNING_CLOCK_SKEW
Property to set the acceptable difference (in millis) in time calculations to prevent clock synchronisation issues.

Default:300 000 miliseconds

See Also:
Constant Field Values

SIGNING_TIME_TRUST_IMPLICIT

public static final String SIGNING_TIME_TRUST_IMPLICIT
Flag (true/false) to accept messages that have an expired Signing-Time without further verifications.

Default:true

See Also:
Constant Field Values

SIGNING_TSA_CERT_STORE

public static final String SIGNING_TSA_CERT_STORE
Base property to set the certificates and crl to be used by the TSA verification.

See Also:
Constant Field Values

OCSP_URI

public static final String OCSP_URI
Property to set the endpoint of the OCSP Response. If empty the value of the certificate will be used.

Default:null

See Also:
Constant Field Values

OCSP_INJECT_RESPONSE

public static final String OCSP_INJECT_RESPONSE
Flag (true/false) to add OSCPResponse to sealed message.

Defaultfalse

See Also:
Constant Field Values

OCSP_CLOCK_SKEW

public static final String OCSP_CLOCK_SKEW
Property to set the acceptable difference (in millis) in time calculations to prevent clock synchronisation issues.

Default:300 000 miliseconds

See Also:
Constant Field Values

OCSP_CONNECTION_TIMEOUT

public static final String OCSP_CONNECTION_TIMEOUT
Maximum time (in millis) to setup a connection.

Default:3 000 miliseconds

See Also:
Constant Field Values

OCSP_CERT_STORE

public static final String OCSP_CERT_STORE
Base property to set the certificates and crl to be used by the OCSP verification.

See Also:
Constant Field Values

OCSP_READ_TIMEOUT

public static final String OCSP_READ_TIMEOUT
Maximum time (in millis) to wait for a response.

Default:3 000 miliseconds

See Also:
Constant Field Values

OCSP_CONNECTION_USER_INTERACTION

public static final String OCSP_CONNECTION_USER_INTERACTION
Flag (true/false) to allow for user interaction.

Default:false

See Also:
Constant Field Values
Method Detail

getCrypto

public static Crypto getCrypto(Credential encryption,
                               Map<String,PrivateKey> decryptionKeys,
                               String oCSPPolicy)
                        throws TechnicalConnectorException

Possible values of the OCSPPolicy parameter:

Key Description
NONE No OCSP check.
SENDER_OPTIONAL Optional OCSP check. If the sender sets the OCSP response in the message, the receiver verifies it.
If the response does not validate or the response is not included in the message, the cryptolib unseals the message but it also includes a NotificationWarning.
This means that the receiver has a choice to reject or accept the message.
RECEIVER_OPTIONAL OCSP call done by the receiver if not done by the sender. If the OCSP response was not included in the message, the receiver calls the OCSP service in order to verify the OCSP status of the signing certificate.
The receiver should have the option to add the OCSP response into the received CMS message if the response was not present in the message (this does not break the receiver’s signature as the signature does not include the OCSP response and only the outer envelope contains the OCSP response). If the OCSP response was present in the message but it didn’t validate, or the OCSP check by the receiver failed, then the unsealing fails, i.e., a NotificationError is returned.
SENDER_MANDATORY Mandatory OCSP check done by the sender. If the OCSP response is not present in the message or it does not validate, a NotificationError is added to the result.
RECEIVER_MANDATORY Mandatory OCSP check done by the receiver of the message (i.e. intended recipient or intermediate ‘Message Storage Service’). The receiver should have the option to add the OCSP response into the received CMS message (this does not break the receiver’s signature as the signature does not include the OCSP response and only the outer envelope contains the OCSP response). If the OCSP response does not validate, a NotificationError is returned.

Throws:
TechnicalConnectorException

getOCSPOptions

public static Map<be.fgov.ehealth.etee.crypto.policies.OCSPOption,Object> getOCSPOptions()
Returns:
an UnmodifiableMap of OCSP options
Throws:
TechnicalConnectorException

resetOCSPOptions

public static void resetOCSPOptions()

getCaCertificateStore

public static KeyStore getCaCertificateStore()

getCrypto

public static Crypto getCrypto(Credential encryption,
                               Map<String,PrivateKey> decryptionKeys)
                        throws TechnicalConnectorException
Parameters:
encryption -
decryptionKeys -
Returns:
instance of Crypto based on the params
Throws:
TechnicalConnectorException

getCryptoFromSession

public static Crypto getCryptoFromSession()
                                   throws TechnicalConnectorException
Returns:
instance of Crypto based on the Session (using EncryptionCredential).
Throws:
TechnicalConnectorException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

Connector Packaging generic 3.28.5 API
Copyright © {inceptionYear}-2025 eHealth. All Rights Reserved.