com.sun.xml.ws.security.IssuedTokenContext Maven / Gradle / Ivy
/*
* Copyright (c) 1997, 2021 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Distribution License v. 1.0, which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/*
* IssuedTokenContext.java
*
* Created on October 24, 2005, 6:55 AM
*
*/
package com.sun.xml.ws.security;
import com.sun.xml.wss.XWSSecurityException;
import org.glassfish.gmbal.Description;
import org.glassfish.gmbal.ManagedAttribute;
import org.glassfish.gmbal.ManagedData;
import java.net.URI;
import java.security.Key;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Map;
import javax.security.auth.Subject;
/**
* This interface is the SPI defined by WS-Security to enable WS-Trust/SecureConversation
* specific security interactions.
*
* This interface represents a Context containing information
* populated and used by the Trust and the Security Enforcement Layers
* (for example the proof-token of an Issued token needs to be used
* by the SecurityEnforcement Layer to secure the message).
*
*
*/
@ManagedData
@Description("Information used by Trust and Security enforcement")
public interface IssuedTokenContext {
public static String CLAIMED_ATTRUBUTES = "cliamedAttributes";
public static String TARGET_SERVICE_CERTIFICATE = "tagetedServiceCertificate";
public static String STS_CERTIFICATE = "stsCertificate";
public static String STS_PRIVATE_KEY = "stsPrivateKey";
public static String WS_TRUST_VERSION = "wstVersion";
public static String CONFIRMATION_METHOD = "samlConfirmationMethod";
public static String CONFIRMATION_KEY_INFO = "samlConfirmationKeyInfo";
public static String AUTHN_CONTEXT = "authnContext";
public static String KEY_WRAP_ALGORITHM = "keyWrapAlgorithm";
public static String STATUS = "status";
void setTokenIssuer(String issuer);
@ManagedAttribute
@Description("Token issuer")
String getTokenIssuer();
/**
* Requestor Certificate(s)
* @return the sender certificate, null otherwise
*/
@ManagedAttribute
@Description("Requestor certificate")
X509Certificate getRequestorCertificate();
/**
* Append the Requestor Certificate that was used in an
* incoming message.
*/
void setRequestorCertificate(X509Certificate cert);
/**
* Requestor username if any
* @return the requestor username if provided
*/
@ManagedAttribute
@Description("Requestor username")
String getRequestorUsername();
/**
* set requestor username
*/
void setRequestorUsername(String username);
@ManagedAttribute
@Description("Requestor subject")
Subject getRequestorSubject();
void setRequestorSubject(Subject subject);
void setTokenType(String tokenType);
@ManagedAttribute
@Description("Token type")
String getTokenType();
void setKeyType(String keyType);
@ManagedAttribute
@Description("Key type")
String getKeyType();
void setAppliesTo(String appliesTo);
@ManagedAttribute
@Description("appliesTo value")
String getAppliesTo();
/**
* Depending on the <sp:IncludeToken> server policy, set the Token to be
* used in Securing requests and/or responses
*/
void setSecurityToken(Token tok);
/**
* Depending on the <sp:IncludeToken> policy get the Token to be
* used in Securing requests and/or responses. The token returned
* is to be used only for inserting into the SecurityHeader, if the
* getAssociatedProofToken is not null, and it should also be used for
* securing the message if there is no Proof Token associated.
*/
@ManagedAttribute
@Description("Security token")
Token getSecurityToken();
/**
* Set the Proof Token Associated with the SecurityToken
*
* when the SecurityToken is a SecurityContext token (as defined in
* WS-SecureConversation) and Derived Keys are being used then
* the Proof Token is the {@code}
*/
void setAssociatedProofToken(Token token);
/**
* get the Proof Token (if any) associated with the SecurityToken, null otherwise
*/
@ManagedAttribute
@Description("Proof token")
Token getAssociatedProofToken();
/**
* If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
* <wst:RequestedAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example.
* @return STR if set, null otherwise
*
*/
@ManagedAttribute
@Description("Attached security token reference")
Token getAttachedSecurityTokenReference();
/**
* If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
* <wst:RequestedUnAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example.
* @return STR if set, null otherwise
*
*/
@ManagedAttribute
@Description("Unattached security token reference")
Token getUnAttachedSecurityTokenReference();
/**
* If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
* <wst:RequestedAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example
*
*/
void setAttachedSecurityTokenReference(Token str);
/**
* If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
* <wst:RequestedUnAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example
*
*/
void setUnAttachedSecurityTokenReference(Token str);
/**
* get the SecurityPolicy to be applied for the request or response
* to which this SecurityContext corresponds to
*
* This allows the Client and/or the Service (WSP/STS) to dynamically inject
* policy to be applied. For example in the case of SignChallenge when the
* Initiator (client) has to sign a specific challenge.
*
* Note: Inserting an un-solicited RSTR into a SOAP Header can also be expressed as
* a policy and the subsequent requirement to sign the RSTR will also be expressed as
* a policy
*
* TODO: There is no policy today to insert a specific element to a SOAP Header, we
* need to extend the policy definitions in XWS-Security.
*/
ArrayList