be.fgov.ehealth.etee.crypto.decrypt.DataUnsealerBuilder
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public final class DataUnsealerBuilder
This builder will create and configure an instance of DataUnsealer. When building DataUnsealer you will be guided in
small and easy steps:
1. First step: Choose an OCSP-policy. This policy determines if it's required to do an OCSP-check on the certificate when sealing a message. During this step you can also configure how the OCSP-check will be done by providing a map with OCSPOptions.
These options will default to the following options:
OCSPOption.OCSP_URI - Defaults to the URL to be found in the certificate.OCSPOption.TRUST_STORE - Defaults to given trust store for unsealing messages.OCSPOption.INJECT_RESPONSE - Defaults to false OCSPOption.CLOCK_SKEW - Defaults to 300000 (5 minutes in milliseconds) OCSPOption.CONNECTION_TIMEOUT - Defaults to 3000 (3 seconds in milliseconds) OCSPOption.READ_TIMEOUT - Defaults to 3000 (3 seconds in milliseconds) OCSPOption.CONNECTION_USER_INTERACTION - Defaults to true OCSPOption for more details on the options.
More information on the OCSPOptions can be found on the documentation of OCSPOption.
2. Second step: Choose the signing policies that you want to accept. You will also need to provide a KeyStore with
certificate that you trust. You can pass some SigningOption as well. Acceptable policies are:
SigningPolicy.EHEALTH_CERT: This policy is used to sign the message with an eHealth certificateSigningPolicy.EID: This policy is used to sign the message with a Belgian eID-card
These options will default to the following options:
SigningOption.CLOCK_SKEW - Defaults to 300000 (5 minutes in milliseconds) SigningOption.TSA_TRUST_STORE - Defaults to given trust store for unsealing messages.SigningOption.SIGNING_TIME_TRUST_IMPLICIT - Defaults to falseSigningOption.SIGNING_TIME_EXPIRATION - Defaults to 5 minutesSigningOption.NON_REPUDIATION - Defaults to True, which means a
NotificationError.INNER_CERTIFICATE_HAS_INVALID_KEYUSAGE will be added to the result in case a
certificate was used that ha no such KeyUsage. If set to false, also 'digitalSignature' will be accepted as KeyUsage.SigningOption for more details on the options.
3. Third step: Choose a public key EncryptionPolicy. You will have to provide a list of encryption credentials to be able
to decrypt messages.
4. Fourth step: Choose a secret key EncryptionPolicy.
5. The build step: The final step, this step will create and configure your DataUnsealer
Notes: This builder will make sure that your security configuration is set up properly, view SecurityConfiguration for
more information.
| Nested Class Summary | |
|---|---|
static interface |
DataUnsealerBuilder.BuildStep
Build the DataUnsealer |
static interface |
DataUnsealerBuilder.OCSPPolicyStep
First step: Choose an OCSP-policy. |
static interface |
DataUnsealerBuilder.PublicKeyPolicyStep
Third step: Choose a public key EncryptionPolicy. |
static interface |
DataUnsealerBuilder.SecretKeyPolicyStep
Fourth step: Choose a secret key EncryptionPolicy. |
static interface |
DataUnsealerBuilder.SigningPolicyStep
Second step: Choose the signing policies that you want to accept. |
| Method Summary | |
|---|---|
static DataUnsealerBuilder.OCSPPolicyStep |
newBuilder()
You will be guided in the steps to create a DataUnsealer. |
| Methods inherited from class java.lang.Object |
|---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Method Detail |
|---|
public static DataUnsealerBuilder.OCSPPolicyStep newBuilder()
DataUnsealer.
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||