com.sun.xml.ws.security.IssuedTokenContext Maven / Gradle / Ivy
Show all versions of wsit-api Show documentation
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 1997-2017 Oracle and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
* and Distribution License("CDDL") (collectively, the "License"). You
* may not use this file except in compliance with the License. You can
* obtain a copy of the License at
* https://oss.oracle.com/licenses/CDDL+GPL-1.1
* or LICENSE.txt. See the License for the specific
* language governing permissions and limitations under the License.
*
* When distributing the software, include this License Header Notice in each
* file and include the License file at LICENSE.txt.
*
* GPL Classpath Exception:
* Oracle designates this particular file as subject to the "Classpath"
* exception as provided by Oracle in the GPL Version 2 section of the License
* file that accompanied this code.
*
* Modifications:
* If applicable, add the following below the License Header, with the fields
* enclosed by brackets [] replaced by your own identifying information:
* "Portions Copyright [year] [name of copyright owner]"
*
* Contributor(s):
* If you wish your version of this file to be governed by only the CDDL or
* only the GPL Version 2, indicate your decision by adding "[Contributor]
* elects to include this software in this distribution under the [CDDL or GPL
* Version 2] license." If you don't indicate a single choice of license, a
* recipient has the option to distribute your version of this file under
* either the CDDL, the GPL Version 2 or to extend the choice of license to
* its licensees as provided above. However, if you add GPL Version 2 code
* and therefore, elected the GPL Version 2 license, then the option applies
* only if the new code is made subject to such option by the copyright
* holder.
*/
/*
* IssuedTokenContext.java
*
* Created on October 24, 2005, 6:55 AM
*
*/
package com.sun.xml.ws.security;
import com.sun.xml.wss.XWSSecurityException;
import org.glassfish.gmbal.Description;
import org.glassfish.gmbal.ManagedAttribute;
import org.glassfish.gmbal.ManagedData;
import java.net.URI;
import java.security.Key;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Map;
import javax.security.auth.Subject;
/**
* This interface is the SPI defined by WS-Security to enable WS-Trust/SecureConversation
* specific security interactions.
*
* This interface represents a Context containing information
* populated and used by the Trust and the Security Enforcement Layers
* (for example the proof-token of an Issued token needs to be used
* by the SecurityEnforcement Layer to secure the message).
*
*
*/
@ManagedData
@Description("Information used by Trust and Security enforcement")
public interface IssuedTokenContext {
public static String CLAIMED_ATTRUBUTES = "cliamedAttributes";
public static String TARGET_SERVICE_CERTIFICATE = "tagetedServiceCertificate";
public static String STS_CERTIFICATE = "stsCertificate";
public static String STS_PRIVATE_KEY = "stsPrivateKey";
public static String WS_TRUST_VERSION = "wstVersion";
public static String CONFIRMATION_METHOD = "samlConfirmationMethod";
public static String CONFIRMATION_KEY_INFO = "samlConfirmationKeyInfo";
public static String AUTHN_CONTEXT = "authnContext";
public static String KEY_WRAP_ALGORITHM = "keyWrapAlgorithm";
public static String STATUS = "status";
void setTokenIssuer(String issuer);
@ManagedAttribute
@Description("Token issuer")
String getTokenIssuer();
/**
* Requestor Certificate(s)
* @return the sender certificate, null otherwise
*/
@ManagedAttribute
@Description("Requestor certificate")
X509Certificate getRequestorCertificate();
/**
* Append the Requestor Certificate that was used in an
* incoming message.
*/
void setRequestorCertificate(X509Certificate cert);
/**
* Requestor username if any
* @return the requestor username if provided
*/
@ManagedAttribute
@Description("Requestor username")
String getRequestorUsername();
/**
* set requestor username
*/
void setRequestorUsername(String username);
@ManagedAttribute
@Description("Requestor subject")
Subject getRequestorSubject();
void setRequestorSubject(Subject subject);
void setTokenType(String tokenType);
@ManagedAttribute
@Description("Token type")
String getTokenType();
void setKeyType(String keyType);
@ManagedAttribute
@Description("Key type")
String getKeyType();
void setAppliesTo(String appliesTo);
@ManagedAttribute
@Description("appliesTo value")
String getAppliesTo();
/**
* Depending on the server policy, set the Token to be
* used in Securing requests and/or responses
*/
void setSecurityToken(Token tok);
/**
* Depending on the policy get the Token to be
* used in Securing requests and/or responses. The token returned
* is to be used only for inserting into the SecurityHeader, if the
* getAssociatedProofToken is not null, and it should also be used for
* securing the message if there is no Proof Token associated.
*/
@ManagedAttribute
@Description("Security token")
Token getSecurityToken();
/**
* Set the Proof Token Associated with the SecurityToken
*
* when the SecurityToken is a SecurityContext token (as defined in
* WS-SecureConversation) and Derived Keys are being used then
* the Proof Token is the
*/
void setAssociatedProofToken(Token token);
/**
* get the Proof Token (if any) associated with the SecurityToken, null otherwise
*/
@ManagedAttribute
@Description("Proof token")
Token getAssociatedProofToken();
/**
* If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
* which needs to be inserted into a for example.
* @return STR if set, null otherwise
*
*/
@ManagedAttribute
@Description("Attached security token reference")
Token getAttachedSecurityTokenReference();
/**
* If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
* which needs to be inserted into a for example.
* @return STR if set, null otherwise
*
*/
@ManagedAttribute
@Description("Unattached security token reference")
Token getUnAttachedSecurityTokenReference();
/**
* If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
* which needs to be inserted into a for example
*
*/
void setAttachedSecurityTokenReference(Token str);
/**
* If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
* which needs to be inserted into a for example
*
*/
void setUnAttachedSecurityTokenReference(Token str);
/**
* get the SecurityPolicy to be applied for the request or response
* to which this SecurityContext corresponds to
*
* This allows the Client and/or the Service (WSP/STS) to dynamically inject
* policy to be applied. For example in the case of SignChallenge when the
* Initiator (client) has to sign a specific challenge.
*
* Note: Inserting an un-solicited RSTR into a SOAP Header can also be expressed as
* a policy and the subsequent requirement to sign the RSTR will also be expressed as
* a policy
*
* TODO: There is no policy today to insert a specific element to a SOAP Header, we
* need to extend the policy definitions in XWS-Security.
*/
ArrayList