com.sun.xml.ws.security.IssuedTokenContext Maven / Gradle / Ivy

Show more of this group Show more artifacts with this name
Show all versions of wssx-api Show documentation
There is a newer version: 4.0.4
/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright (c) 1997-2017 Oracle and/or its affiliates. All rights reserved.
 *
 * The contents of this file are subject to the terms of either the GNU
 * General Public License Version 2 only ("GPL") or the Common Development
 * and Distribution License("CDDL") (collectively, the "License").  You
 * may not use this file except in compliance with the License.  You can
 * obtain a copy of the License at
 * https://oss.oracle.com/licenses/CDDL+GPL-1.1
 * or LICENSE.txt.  See the License for the specific
 * language governing permissions and limitations under the License.
 *
 * When distributing the software, include this License Header Notice in each
 * file and include the License file at LICENSE.txt.
 *
 * GPL Classpath Exception:
 * Oracle designates this particular file as subject to the "Classpath"
 * exception as provided by Oracle in the GPL Version 2 section of the License
 * file that accompanied this code.
 *
 * Modifications:
 * If applicable, add the following below the License Header, with the fields
 * enclosed by brackets [] replaced by your own identifying information:
 * "Portions Copyright [year] [name of copyright owner]"
 *
 * Contributor(s):
 * If you wish your version of this file to be governed by only the CDDL or
 * only the GPL Version 2, indicate your decision by adding "[Contributor]
 * elects to include this software in this distribution under the [CDDL or GPL
 * Version 2] license."  If you don't indicate a single choice of license, a
 * recipient has the option to distribute your version of this file under
 * either the CDDL, the GPL Version 2 or to extend the choice of license to
 * its licensees as provided above.  However, if you add GPL Version 2 code
 * and therefore, elected the GPL Version 2 license, then the option applies
 * only if the new code is made subject to such option by the copyright
 * holder.
 */

/*
 * IssuedTokenContext.java
 *
 * Created on October 24, 2005, 6:55 AM
 *
 */

package com.sun.xml.ws.security;

import com.sun.xml.wss.XWSSecurityException;

import org.glassfish.gmbal.Description;
import org.glassfish.gmbal.ManagedAttribute;
import org.glassfish.gmbal.ManagedData;

import java.net.URI;
import java.security.Key;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Map;

import javax.security.auth.Subject;


/**
 * This interface is the SPI defined by WS-Security to enable WS-Trust/SecureConversation 
 * specific security interactions.
 *
 * This interface represents a  Context containing information
 * populated and used by the Trust and the Security Enforcement Layers 
 * (for example the proof-token of an Issued token needs to be used 
 * by the SecurityEnforcement Layer to secure the message).
 *
 * 
 */
@ManagedData
@Description("Information used by Trust and Security enforcement")
public interface IssuedTokenContext {
    
    public static String CLAIMED_ATTRUBUTES = "cliamedAttributes";
    public static String TARGET_SERVICE_CERTIFICATE = "tagetedServiceCertificate";
    public static String STS_CERTIFICATE = "stsCertificate";
    public static String STS_PRIVATE_KEY = "stsPrivateKey";
    public static String WS_TRUST_VERSION = "wstVersion";
    public static String CONFIRMATION_METHOD = "samlConfirmationMethod";
    public static String CONFIRMATION_KEY_INFO = "samlConfirmationKeyInfo";
    public static String AUTHN_CONTEXT = "authnContext";
    public static String KEY_WRAP_ALGORITHM = "keyWrapAlgorithm";
    public static String STATUS = "status";
    
    void setTokenIssuer(String issuer);
    
    @ManagedAttribute
    @Description("Token issuer")
    String getTokenIssuer();
    
    /**
     * Requestor Certificate(s)
     * @return the sender certificate, null otherwise
     */
    @ManagedAttribute
    @Description("Requestor certificate")
    X509Certificate getRequestorCertificate();
    
    /**
     * Append the Requestor Certificate that was used in an 
     * incoming message.
     */
    void setRequestorCertificate(X509Certificate cert);
    
     /**
     * Requestor username if any
     * @return the requestor username if provided
     */
    @ManagedAttribute
    @Description("Requestor username")
    String getRequestorUsername();

    /**
     * set requestor username
     */
    void setRequestorUsername(String username);

    
    @ManagedAttribute
    @Description("Requestor subject")
    Subject getRequestorSubject();
    
    void setRequestorSubject(Subject subject);
    
    void setTokenType(String tokenType);
    
    @ManagedAttribute
    @Description("Token type")
    String getTokenType();
    
    void setKeyType(String keyType);
    
    @ManagedAttribute
    @Description("Key type")
    String getKeyType();
    
    void setAppliesTo(String appliesTo);
    
    @ManagedAttribute
    @Description("appliesTo value")
    String getAppliesTo();
    
    /**
     * Depending on the  server policy, set the Token to be
     * used in Securing requests and/or responses
     */
    void setSecurityToken(Token tok);
   
    /**
     * Depending on the  policy get the Token to be
     * used in Securing requests and/or responses. The token returned 
     * is to be used only for inserting into the SecurityHeader, if the
     * getAssociatedProofToken is not null, and it should also be used for
     * securing the message if there is no Proof Token associated. 
     */
    @ManagedAttribute
    @Description("Security token")
    Token getSecurityToken();
   
   /**
    * Set the Proof Token Associated with the SecurityToken
    * 
    * when the SecurityToken is a SecurityContext token (as defined in 
    * WS-SecureConversation) and Derived Keys are being used then 
    * the Proof Token is the 
    */
    void setAssociatedProofToken(Token token);
   
   /**
    * get the Proof Token (if any) associated with the SecurityToken, null otherwise
    */
    @ManagedAttribute
    @Description("Proof token")
    Token getAssociatedProofToken(); 
   
   /**
    * If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
    *  which needs to be inserted into a  for example.
    * @return STR if set, null otherwise
    *
    */
    @ManagedAttribute
    @Description("Attached security token reference")
    Token getAttachedSecurityTokenReference();
  
   /**
    * If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
    *  which needs to be inserted into a  for example.
    * @return STR if set, null otherwise
    *
    */
    @ManagedAttribute
    @Description("Unattached security token reference")
    Token getUnAttachedSecurityTokenReference();
  
   /**
    * If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
    *  which needs to be inserted into a  for example
    *
    */
    void setAttachedSecurityTokenReference(Token str);
  
    /**
    * If the token returned doesnt allow use of wsu:id attribute then a STR is returned as
    *  which needs to be inserted into a  for example
    *
    */
    void setUnAttachedSecurityTokenReference(Token str);
    
   /**
    * get the SecurityPolicy to be applied for the request or response 
    * to which this SecurityContext corresponds to
    *
    * This allows the Client and/or the Service (WSP/STS) to dynamically inject 
    * policy to be applied. For example in the case of SignChallenge when the 
    * Initiator (client) has to sign a specific challenge.
    * 

    * Note: Inserting an un-solicited RSTR into a SOAP Header can also be expressed as
    * a policy and the subsequent requirement to sign the RSTR will also be expressed as
    * a policy
    * 
    * TODO: There is no policy today to insert a specific element to a SOAP Header, we 
    * need to extend the policy definitions in XWS-Security.
    */
    ArrayList