001: /*
002: * The contents of this file are subject to the terms
003: * of the Common Development and Distribution License
004: * (the License). You may not use this file except in
005: * compliance with the License.
006: *
007: * You can obtain a copy of the license at
008: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
009: * See the License for the specific language governing
010: * permissions and limitations under the License.
011: *
012: * When distributing Covered Code, include this CDDL
013: * Header Notice in each file and include the License file
014: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
015: * If applicable, add the following below the CDDL Header,
016: * with the fields enclosed by brackets [] replaced by
017: * you own identifying information:
018: * "Portions Copyrighted [year] [name of copyright owner]"
019: *
020: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
021: */
022:
023: /*
024: * IssuedTokenContext.java
025: *
026: * Created on October 24, 2005, 6:55 AM
027: *
028: * To change this template, choose Tools | Template Manager
029: * and open the template in the editor.
030: */
031:
032: package com.sun.xml.ws.security;
033:
034: import java.security.Key;
035: import java.security.cert.X509Certificate;
036: import java.util.ArrayList;
037:
038: import com.sun.xml.wss.XWSSecurityException;
039:
040: import java.net.URI;
041: import java.util.Date;
042:
043: import javax.security.auth.Subject;
044:
045: /**
046: * This interface is the SPI defined by WS-Security to enable WS-Trust/SecureConversation
047: * specific security interactions.
048: *<p>
049: * This interface represents a Context containing information
050: * populated and used by the Trust and the Security Enforcement Layers
051: * (for example the proof-token of an Issued token needs to be used
052: * by the SecurityEnforcement Layer to secure the message).
053: *</p>
054: *
055: */
056: public interface IssuedTokenContext {
057:
058: /**
059: * Requestor Certificate(s)
060: * @return the sender certificate, null otherwise
061: */
062: X509Certificate getRequestorCertificate();
063:
064: /**
065: * Append the Requestor Certificate that was used in an
066: * incoming message.
067: */
068: void setRequestorCertificate(X509Certificate cert);
069:
070: Subject getRequestorSubject();
071:
072: void setRequestorSubject(Subject subject);
073:
074: /**
075: * Requestor username if any
076: * @return the requestor username if provided
077: */
078: String getRequestorUsername();
079:
080: /**
081: * set requestor username
082: */
083: void setRequestorUsername(String username);
084:
085: /**
086: * Depending on the <sp:IncludeToken> server policy, set the Token to be
087: * used in Securing requests and/or responses
088: */
089: void setSecurityToken(Token tok);
090:
091: /**
092: * Depending on the <sp:IncludeToken> policy get the Token to be
093: * used in Securing requests and/or responses. The token returned
094: * is to be used only for inserting into the SecurityHeader, if the
095: * getAssociatedProofToken is not null, and it should also be used for
096: * securing the message if there is no Proof Token associated.
097: */
098: Token getSecurityToken();
099:
100: /**
101: * Set the Proof Token Associated with the SecurityToken
102: * <p>
103: * when the SecurityToken is a SecurityContext token (as defined in
104: * WS-SecureConversation) and Derived Keys are being used then
105: * the Proof Token is the <wsc:DerivedKeyToken>
106: */
107: void setAssociatedProofToken(Token token);
108:
109: /**
110: * get the Proof Token (if any) associated with the SecurityToken, null otherwise
111: */
112: Token getAssociatedProofToken();
113:
114: /**
115: * If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
116: * <wst:RequestedAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example.
117: * @return STR if set, null otherwise
118: *
119: */
120: Token getAttachedSecurityTokenReference();
121:
122: /**
123: * If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
124: * <wst:RequestedUnAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example.
125: * @return STR if set, null otherwise
126: *
127: */
128: Token getUnAttachedSecurityTokenReference();
129:
130: /**
131: * If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
132: * <wst:RequestedAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example
133: *
134: */
135: void setAttachedSecurityTokenReference(Token str);
136:
137: /**
138: * If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
139: * <wst:RequestedUnAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example
140: *
141: */
142: void setUnAttachedSecurityTokenReference(Token str);
143:
144: /**
145: * get the SecurityPolicy to be applied for the request or response
146: * to which this SecurityContext corresponds to
147: *
148: * This allows the Client and/or the Service (WSP/STS) to dynamically inject
149: * policy to be applied. For example in the case of SignChallenge when the
150: * Initiator (client) has to sign a specific challenge.
151: * <p>
152: * Note: Inserting an un-solicited RSTR into a SOAP Header can also be expressed as
153: * a policy and the subsequent requirement to sign the RSTR will also be expressed as
154: * a policy
155: * </p>
156: * TODO: There is no policy today to insert a specific element to a SOAP Header, we
157: * need to extend the policy definitions in XWS-Security.
158: */
159: ArrayList getSecurityPolicy();
160:
161: /**
162: * Set the Entropy information provided by the other Part (if any)
163: *<p>
164: * WS-Trust allows requestor to provide input
165: * to key material in the request.
166: * The requestor might do this to satisfy itself as to the degree of
167: * entropy(cyrptographic randomness) of atleast some of the material used to
168: * generate the actual Key.
169: * </p>
170: * For composite Keys Entropy can be set by both parties, the concrete
171: * entropy element can be a <wst:Entropy> instance but the argument here is
172: * generic to avoid a dependence of the SPI on WS-Trust packages
173: */
174: void setOtherPartyEntropy(Object entropy);
175:
176: /**
177: * Get the Entropy if any provided by the other party, null otherwise
178: * If the Entropy was specified as an <xenc:EncryptedKey> then
179: * this method would return the decrypted secret
180: */
181: Key getDecipheredOtherPartyEntropy(Key privKey)
182: throws XWSSecurityException;
183:
184: /**
185: * Get the Entropy if any provided by the Other Party, null otherwise
186: */
187: Object getOtherPartyEntropy();
188:
189: /**
190: * Set self Entropy
191: */
192: void setSelfEntropy(Object entropy);
193:
194: /**
195: * Get self Entropy if set, null otherwise
196: */
197: Object getSelfEntropy();
198:
199: /**
200: * Return the <wst:ComputedKey> URI if any inside the RSTR, null otherwise.
201: * The Security Enforcement Layer would compute the Key as P_SHA1(Ent(req), Ent(res))
202: */
203: URI getComputedKeyAlgorithmFromProofToken();
204:
205: /**
206: * set the SecureConversation ProofToken as a byte[] array
207: */
208: void setProofKey(byte[] key);
209:
210: /**
211: * get the SecureConversation ProofToken as a byte[] array
212: */
213: byte[] getProofKey();
214:
215: /**
216: *@return the creation Time of the IssuedToken
217: */
218: Date getCreationTime();
219:
220: /**
221: * get the Expiration Time for this Token if any
222: */
223: Date getExpirationTime();
224:
225: /**
226: *set the creation Time of the IssuedToken
227: */
228: void setCreationTime(Date date);
229:
230: /**
231: * set the endpointaddress
232: */
233: void setEndpointAddress(String endPointAddress);
234:
235: /**
236: *get the endpoint address
237: */
238: String getEndpointAddress();
239:
240: /**
241: * set the Expiration Time for this Token if any.
242: */
243: void setExpirationTime(Date date);
244:
245: /**
246: * Get the SecurityContextTokenInfo for this Token if any.
247: */
248: SecurityContextTokenInfo getSecurityContextTokenInfo();
249:
250: /**
251: * set the SecurityContextTokenInfo for this Token if any.
252: */
253: void setSecurityContextTokenInfo(SecurityContextTokenInfo sctInfo);
254:
255: /**
256: * Destroy the IssuedTokenContext.
257: */
258: void destroy();
259: }
|