be.fgov.ehealth.etee.crypto.encrypt.DataSealerBuilder
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public final class DataSealerBuilder
This builder will create and configure an instance of DataSealer. When building DataSealer you will be guided in small
and easy steps:
1. First step: Choose an OCSP-policy (defaults to NONE). This policy determines if it's required to do an OCSP-check on the certificate when sealing a message. During this step you can also configure how the OCSP-check will be done by providing a map with OCSPOptions.
These options will default to the following options:
OCSPOption.OCSP_URI - Defaults to the URL to be found in the certificate.OCSPOption.INJECT_RESPONSE - Defaults to trueOCSPOption.CLOCK_SKEW - Defaults to 300000 (5 minutes in milliseconds)OCSPOption.CONNECTION_TIMEOUT - Defaults to 3000 (3 seconds in milliseconds)OCSPOption.READ_TIMEOUT - Defaults to 3000 (3 seconds in milliseconds)OCSPOption.CONNECTION_USER_INTERACTION - Defaults to true
More information on the OCSPOptions can be found on the documentation of OCSPOption.
2. Second step: Choose a signing-policy. This policy determines how you want to sign your message. You can pass some
SigningOption as well. Acceptable policies are:
SigningPolicy.EHEALTH_CERT: This policy is used to sign the message with an eHealth certificateSigningPolicy.EID: This policy is used to sign the message with a Belgian eID-card
These options will default to the following options:
SigningOption.AUTH_ALIAS - By default, the alias is deducted from the SigningPolicy (eID, eHealth Certificate). You can set an alias of your own if you want to overwrite the default behaviour.SigningOption.AUTH_PW - Defaults to null.SigningOption.SIGN_ALIAS - By default, the alias is deducted from the SigningPolicy (eID, eHealth Certificate). You can set an alias of your own if you want to overwrite the default behaviour.SigningOption.SIGN_PW - Defaults to null.SigningOption.NON_REPUDIATION - Defaults to True. This has influence on the default SIGN_ALIAS that is chosen in case of SigningPolicy EID. When the flag is true, the alias will point to the non-repudiation certificate of the eID (Signature), otherwise it will point to the digitalSignature certificate of the eID (Authentication).SigningOption.CLOCK_SKEW - Defaults to 300000 (5 minutes in milliseconds).
3. Third step (optional): Choose a public key EncryptionPolicy. This step is optional and will default to
EncryptionPolicy.KNOWN_RECIPIENT.
4. Fourth step (optional): Choose a secret key EncryptionPolicy. This step is optional and will default to
EncryptionPolicy.UNKNOWN_RECIPIENT.
5. The build step: The final step, this step will create and configure your DataSealer
Notes: This builder will make sure that your security configuration is set up properly, view SecurityConfiguration for
more information.
| Nested Class Summary | |
|---|---|
static interface |
DataSealerBuilder.BuildStep
Build the DataSealer |
static interface |
DataSealerBuilder.OCSPPolicyStep
First step: Choose an OCSP-policy. |
static interface |
DataSealerBuilder.PublicKeyEncryptionPolicyStep
Third step (optional): Choose a public key EncryptionPolicy. |
static interface |
DataSealerBuilder.SecretKeyEncryptionPolicyStep
Fourth step (optional): Choose a secret key EncryptionPolicy. |
static interface |
DataSealerBuilder.SigningPolicyStep
Second step: Choose a signing-policy. |
| Method Summary | |
|---|---|
static DataSealerBuilder.OCSPPolicyStep |
newBuilder()
Start building a new DataSealer. |
| Methods inherited from class java.lang.Object |
|---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Method Detail |
|---|
public static DataSealerBuilder.OCSPPolicyStep newBuilder()
DataSealer.
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||