public final class DataSealerBuilder
extends java.lang.Object
DataSealer. When building DataSealer you will be guided in small
and easy steps: 1. First step: Choose an OCSP-policy (defaults to NONE). This policy determines if it's required to do an OCSP-check on the certificate when sealing a message. During this step you can also configure how the OCSP-check will be done by providing a map with OCSPOptions.
These options will default to the following options:
OCSPOption.OCSP_URI - Defaults to the URL to be found in the certificate.OCSPOption.INJECT_RESPONSE - Defaults to trueOCSPOption.CLOCK_SKEW - Defaults to 300000 (5 minutes in milliseconds)OCSPOption.CONNECTION_TIMEOUT - Defaults to 3000 (3 seconds in milliseconds)OCSPOption.READ_TIMEOUT - Defaults to 3000 (3 seconds in milliseconds)OCSPOption.CONNECTION_USER_INTERACTION - Defaults to true
More information on the OCSPOptions can be found on the documentation of OCSPOption.
2. Second step: Choose a signing-policy. This policy determines how you want to sign your message. You can pass some
SigningOption as well. See SigningPolicy for available policies.
These options will default to the following options:
SigningOption.AUTH_ALIAS - By default, the alias is deducted from the SigningPolicy (eID, eHealth Certificate). You can set an alias of your own if you want to overwrite the default behaviour.SigningOption.AUTH_PW - Defaults to null.SigningOption.SIGN_ALIAS - By default, the alias is deducted from the SigningPolicy (eID, eHealth Certificate). You can set an alias of your own if you want to overwrite the default behaviour.SigningOption.SIGN_PW - Defaults to null.SigningOption.NON_REPUDIATION - Defaults to True. This has influence on the default SIGN_ALIAS that is chosen in case of SigningPolicy EID. When the flag is true, the alias will point to the non-repudiation certificate of the eID (Signature), otherwise it will point to the digitalSignature certificate of the eID (Authentication).SigningOption.CLOCK_SKEW - Defaults to 300000 (5 minutes in milliseconds).
3. Third step (optional): Choose a public key EncryptionPolicy. This step is optional and will default to
EncryptionPolicy.KNOWN_RECIPIENT.
4. Fourth step (optional): Choose a secret key EncryptionPolicy. This step is optional and will default to
EncryptionPolicy.UNKNOWN_RECIPIENT.
5. The build step: The final step, this step will create and configure your DataSealer
Notes: This builder will make sure that your security configuration is set up properly, view SecurityConfiguration for
more information.
| Modifier and Type | Class and Description |
|---|---|
static interface |
DataSealerBuilder.BuildStep
Build the
DataSealer |
static interface |
DataSealerBuilder.OCSPPolicyStep
First step: Choose an OCSP-policy.
|
static interface |
DataSealerBuilder.PublicKeyEncryptionPolicyStep
Third step (optional): Choose a public key
EncryptionPolicy. |
static interface |
DataSealerBuilder.SecretKeyEncryptionPolicyStep
Fourth step (optional): Choose a secret key
EncryptionPolicy. |
static interface |
DataSealerBuilder.SigningPolicyStep
Second step: Choose a signing-policy.
|
| Modifier and Type | Method and Description |
|---|---|
static DataSealerBuilder.OCSPPolicyStep |
newBuilder()
Start building a new
DataSealer. |
public static DataSealerBuilder.OCSPPolicyStep newBuilder()
DataSealer.Copyright © 2025 eHealth. All rights reserved.