1 /* 2 * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.] 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package org.opensaml.xml.security; 18 19 import java.security.interfaces.DSAParams; 20 21 import org.opensaml.xml.security.credential.Credential; 22 import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver; 23 import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager; 24 25 /** 26 * Interface for classes which store security-related configuration information, especially 27 * related to the requirements for XML Signature and XML Encryption. 28 */ 29 public interface SecurityConfiguration { 30 31 /** 32 * Get the signature algorithm URI for the specified JCA key algorithm name. 33 * 34 * @param jcaAlgorithmName a JCA key algorithm name 35 * @return a signature algorithm URI mapping, or null if no mapping is available 36 */ 37 public String getSignatureAlgorithmURI(String jcaAlgorithmName); 38 39 /** 40 * Get the signature algorithm URI for the signing key contained within the specified credential. 41 * 42 * @param credential a credential containing a signing key 43 * @return a signature algorithm URI mapping, or null if no mapping is available 44 */ 45 public String getSignatureAlgorithmURI(Credential credential); 46 47 /** 48 * Get a digest method algorithm URI suitable for use as a Signature Reference DigestMethod value. 49 * 50 * @return a digest method algorithm URI 51 */ 52 public String getSignatureReferenceDigestMethod(); 53 54 /** 55 * Get a canonicalization algorithm URI suitable for use as a Signature CanonicalizationMethod value. 56 * 57 * @return a canonicalization algorithm URI 58 */ 59 public String getSignatureCanonicalizationAlgorithm(); 60 61 /** 62 * Get the value to be used as the Signature SignatureMethod HMACOutputLength value, used 63 * only when signing with an HMAC algorithm. This value is optional when using HMAC. 64 * 65 * @return the configured HMAC output length value 66 */ 67 public Integer getSignatureHMACOutputLength(); 68 69 /** 70 * Get the encryption algorithm URI for the specified JCA key algorithm name and optional key 71 * length. 72 * 73 * Passing <code>null</code> as the key length will return the default algorithm URI for the specified 74 * JCA algorithm, if a default is configured. If no mapping for the specified key length is available, 75 * the default mapping will be returned. 76 * 77 * @param jcaAlgorithmName a JCA key algorithm name 78 * @param keyLength optional key length parameter 79 * @return an encryption algorithm URI, or null if no mapping is available 80 */ 81 public String getDataEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength); 82 83 /** 84 * Get the encryption algorithm URI for the encryption key contained within the specified credential. 85 * 86 * @param credential a credential containing an encryption key 87 * @return an encryption algorithm URI mapping, or null if no mapping is available 88 */ 89 public String getDataEncryptionAlgorithmURI(Credential credential); 90 91 /** 92 * Get the key transport encryption algorithm URI for the specified JCA key algorithm name, optional key 93 * length and optional JCA key algorithm name of the key to be encrypted. 94 * 95 * Note that typically the key length parameter is required for lookup of symmetric key wrap algorithm 96 * URI's, but is typically not required or relevant for asymmetric key transport algorithms. 97 * 98 * If a mapping is not available considering the optional key length and wrapped algorithm parameters as passed, 99 * a lookup will next be attempted by omiting the (non-null) wrapped key algorithm, and if that is unsuccessful, 100 * by then omitting the (non-null) key length parameter. If a mapping has still not been found, then a final 101 * lookup attempt will be made using the key encryption key's JCA algorithm name alone. 102 * 103 * @param jcaAlgorithmName a JCA key algorithm name for the key encryption key 104 * @param keyLength optional key length parameter 105 * @param wrappedKeyAlgorithm a JCA key algorithm name for the key to be encrypted 106 * @return an encryption algorithm URI, or null if no mapping is available 107 */ 108 public String getKeyTransportEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength, 109 String wrappedKeyAlgorithm); 110 111 /** 112 * Get the key transport encryption algorithm URI for the encryption key contained within the specified credential. 113 * 114 * @param credential a credential containing an encryption key 115 * @param wrappedKeyAlgorithm the JCA key algorithm name of the key being encrypted 116 * @return an encryption algorithm URI mapping, or null if no mapping is available 117 */ 118 public String getKeyTransportEncryptionAlgorithmURI(Credential credential, String wrappedKeyAlgorithm); 119 120 /** 121 * Get the encryption algorithm URI to be used when auto-generating random data encryption keys. 122 * 123 * @return an encryption algorithm URI, or null if no default is available 124 */ 125 public String getAutoGeneratedDataEncryptionKeyAlgorithmURI(); 126 127 /** 128 * Get a DSA parameters instance which defines the default DSA key information to be used 129 * within a DSA "key family". 130 * 131 * @param keyLength length of the DSA key whose parameters are desired 132 * @return the default DSA parameters instance, or null if no default is available 133 */ 134 public DSAParams getDSAParams(int keyLength); 135 136 /** 137 * Get the manager for named KeyInfoGenerator instances. 138 * 139 * @return the KeyInfoGenerator manager, or null if none is configured 140 */ 141 public NamedKeyInfoGeneratorManager getKeyInfoGeneratorManager(); 142 143 /** 144 * Get the KeyInfoCredentialResolver associated with the named configuration. 145 * 146 * @param name the name of the resolver configuration to return 147 * @return a KeyInfoCredentialResolver instance 148 */ 149 public KeyInfoCredentialResolver getKeyInfoCredentialResolver(String name); 150 151 /** 152 * Get the default KeyInfoCredentialResolver configuration. 153 * 154 * @return the default KeyInfoCredentialResolver 155 */ 156 public KeyInfoCredentialResolver getDefaultKeyInfoCredentialResolver(); 157 158 }