org.opensaml.xml.security.SecurityConfiguration Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of xmltooling Show documentation
Show all versions of xmltooling Show documentation
XMLTooling-J is a low-level library that may be used to construct libraries that allow developers to work with XML in a Java beans manner.
/*
* Licensed to the University Corporation for Advanced Internet Development,
* Inc. (UCAID) under one or more contributor license agreements. See the
* NOTICE file distributed with this work for additional information regarding
* copyright ownership. The UCAID licenses this file to You under the Apache
* License, Version 2.0 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.opensaml.xml.security;
import java.security.interfaces.DSAParams;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
/**
* Interface for classes which store security-related configuration information, especially
* related to the requirements for XML Signature and XML Encryption.
*/
public interface SecurityConfiguration {
/**
* Get the signature algorithm URI for the specified JCA key algorithm name.
*
* @param jcaAlgorithmName a JCA key algorithm name
* @return a signature algorithm URI mapping, or null if no mapping is available
*/
public String getSignatureAlgorithmURI(String jcaAlgorithmName);
/**
* Get the signature algorithm URI for the signing key contained within the specified credential.
*
* @param credential a credential containing a signing key
* @return a signature algorithm URI mapping, or null if no mapping is available
*/
public String getSignatureAlgorithmURI(Credential credential);
/**
* Get a digest method algorithm URI suitable for use as a Signature Reference DigestMethod value.
*
* @return a digest method algorithm URI
*/
public String getSignatureReferenceDigestMethod();
/**
* Get a canonicalization algorithm URI suitable for use as a Signature CanonicalizationMethod value.
*
* @return a canonicalization algorithm URI
*/
public String getSignatureCanonicalizationAlgorithm();
/**
* Get the value to be used as the Signature SignatureMethod HMACOutputLength value, used
* only when signing with an HMAC algorithm. This value is optional when using HMAC.
*
* @return the configured HMAC output length value
*/
public Integer getSignatureHMACOutputLength();
/**
* Get the encryption algorithm URI for the specified JCA key algorithm name and optional key
* length.
*
* Passing null
as the key length will return the default algorithm URI for the specified
* JCA algorithm, if a default is configured. If no mapping for the specified key length is available,
* the default mapping will be returned.
*
* @param jcaAlgorithmName a JCA key algorithm name
* @param keyLength optional key length parameter
* @return an encryption algorithm URI, or null if no mapping is available
*/
public String getDataEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength);
/**
* Get the encryption algorithm URI for the encryption key contained within the specified credential.
*
* @param credential a credential containing an encryption key
* @return an encryption algorithm URI mapping, or null if no mapping is available
*/
public String getDataEncryptionAlgorithmURI(Credential credential);
/**
* Get the key transport encryption algorithm URI for the specified JCA key algorithm name, optional key
* length and optional JCA key algorithm name of the key to be encrypted.
*
* Note that typically the key length parameter is required for lookup of symmetric key wrap algorithm
* URI's, but is typically not required or relevant for asymmetric key transport algorithms.
*
* If a mapping is not available considering the optional key length and wrapped algorithm parameters as passed,
* a lookup will next be attempted by omiting the (non-null) wrapped key algorithm, and if that is unsuccessful,
* by then omitting the (non-null) key length parameter. If a mapping has still not been found, then a final
* lookup attempt will be made using the key encryption key's JCA algorithm name alone.
*
* @param jcaAlgorithmName a JCA key algorithm name for the key encryption key
* @param keyLength optional key length parameter
* @param wrappedKeyAlgorithm a JCA key algorithm name for the key to be encrypted
* @return an encryption algorithm URI, or null if no mapping is available
*/
public String getKeyTransportEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength,
String wrappedKeyAlgorithm);
/**
* Get the key transport encryption algorithm URI for the encryption key contained within the specified credential.
*
* @param credential a credential containing an encryption key
* @param wrappedKeyAlgorithm the JCA key algorithm name of the key being encrypted
* @return an encryption algorithm URI mapping, or null if no mapping is available
*/
public String getKeyTransportEncryptionAlgorithmURI(Credential credential, String wrappedKeyAlgorithm);
/**
* Get the encryption algorithm URI to be used when auto-generating random data encryption keys.
*
* @return an encryption algorithm URI, or null if no default is available
*/
public String getAutoGeneratedDataEncryptionKeyAlgorithmURI();
/**
* Get a DSA parameters instance which defines the default DSA key information to be used
* within a DSA "key family".
*
* @param keyLength length of the DSA key whose parameters are desired
* @return the default DSA parameters instance, or null if no default is available
*/
public DSAParams getDSAParams(int keyLength);
/**
* Get the manager for named KeyInfoGenerator instances.
*
* @return the KeyInfoGenerator manager, or null if none is configured
*/
public NamedKeyInfoGeneratorManager getKeyInfoGeneratorManager();
/**
* Get the KeyInfoCredentialResolver associated with the named configuration.
*
* @param name the name of the resolver configuration to return
* @return a KeyInfoCredentialResolver instance
*/
public KeyInfoCredentialResolver getKeyInfoCredentialResolver(String name);
/**
* Get the default KeyInfoCredentialResolver configuration.
*
* @return the default KeyInfoCredentialResolver
*/
public KeyInfoCredentialResolver getDefaultKeyInfoCredentialResolver();
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy