View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.security;
18  
19  import java.security.interfaces.DSAParams;
20  
21  import org.opensaml.xml.security.credential.Credential;
22  import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
23  import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
24  
25  /**
26   * Interface for classes which store security-related configuration information, especially
27   * related to the requirements for XML Signature and XML Encryption.
28   */
29  public interface SecurityConfiguration {
30      
31      /**
32       * Get the signature algorithm URI for the specified JCA key algorithm name.
33       * 
34       * @param jcaAlgorithmName a JCA key algorithm name
35       * @return a signature algorithm URI mapping, or null if no mapping is available
36       */
37      public String getSignatureAlgorithmURI(String jcaAlgorithmName);
38      
39      /**
40       * Get the signature algorithm URI for the signing key contained within the specified credential.
41       * 
42       * @param credential a credential containing a signing key
43       * @return a signature algorithm URI mapping, or null if no mapping is available
44       */
45      public String getSignatureAlgorithmURI(Credential credential);
46      
47      /**
48       * Get a digest method algorithm URI suitable for use as a Signature Reference DigestMethod value.
49       * 
50       * @return a digest method algorithm URI
51       */
52      public String getSignatureReferenceDigestMethod();
53      
54      /**
55       * Get a canonicalization algorithm URI suitable for use as a Signature CanonicalizationMethod value.
56       * 
57       * @return a canonicalization algorithm URI
58       */
59      public String getSignatureCanonicalizationAlgorithm();
60      
61      /**
62       * Get the value to be used as the Signature SignatureMethod HMACOutputLength value, used
63       * only when signing with an HMAC algorithm.  This value is optional when using HMAC.
64       * 
65       * @return the configured HMAC output length value
66       */
67      public Integer getSignatureHMACOutputLength();
68      
69      /**
70       * Get the encryption algorithm URI for the specified JCA key algorithm name and optional key
71       * length.
72       * 
73       * Passing <code>null</code> as the key length will return the default algorithm URI for the specified
74       * JCA algorithm, if a default is configured.  If no mapping for the specified key length is available,
75       * the default mapping will be returned.
76       * 
77       * @param jcaAlgorithmName a JCA key algorithm name
78       * @param keyLength  optional key length parameter
79       * @return an encryption algorithm URI, or null if no mapping is available
80       */
81      public String getDataEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength);
82      
83      /**
84       * Get the encryption algorithm URI for the encryption key contained within the specified credential.
85       * 
86       * @param credential a credential containing an encryption key
87       * @return an encryption algorithm URI mapping, or null if no mapping is available
88       */
89      public String getDataEncryptionAlgorithmURI(Credential credential);
90      
91      /**
92       * Get the key transport encryption algorithm URI for the specified JCA key algorithm name, optional key
93       * length and optional JCA key algorithm name of the key to be encrypted.
94       * 
95       * Note that typically the key length parameter is required for lookup of symmetric key wrap algorithm
96       * URI's, but is typically not required or relevant for asymmetric key transport algorithms.
97       * 
98       * If a mapping is not available considering the optional key length and wrapped algorithm parameters as passed,
99       * a lookup will next be attempted by omiting the (non-null) wrapped key algorithm, and if that is unsuccessful,
100      * by then omitting the (non-null) key length parameter.  If a mapping has still not been found, then a final
101      * lookup attempt will be made using the key encryption key's JCA algorithm name alone.
102      * 
103      * @param jcaAlgorithmName a JCA key algorithm name for the key encryption key
104      * @param keyLength  optional key length parameter
105      * @param wrappedKeyAlgorithm a JCA key algorithm name for the key to be encrypted
106      * @return an encryption algorithm URI, or null if no mapping is available
107      */
108     public String getKeyTransportEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength,
109             String wrappedKeyAlgorithm);
110     
111     /**
112      * Get the key transport encryption algorithm URI for the encryption key contained within the specified credential.
113      * 
114      * @param credential a credential containing an encryption key
115      * @param wrappedKeyAlgorithm the JCA key algorithm name of the key being encrypted
116      * @return an encryption algorithm URI mapping, or null if no mapping is available
117      */
118     public String getKeyTransportEncryptionAlgorithmURI(Credential credential, String wrappedKeyAlgorithm);
119     
120     /**
121      * Get the encryption algorithm URI to be used when auto-generating random data encryption keys.
122      * 
123      * @return an encryption algorithm URI, or null if no default is available
124      */
125     public String getAutoGeneratedDataEncryptionKeyAlgorithmURI();
126     
127     /**
128      * Get a DSA parameters instance which defines the default DSA key information to be used 
129      * within a DSA "key family".
130      * 
131      * @param keyLength length of the DSA key whose parameters are desired
132      * @return the default DSA parameters instance, or null if no default is available
133      */
134     public DSAParams getDSAParams(int keyLength);
135     
136     /**
137      * Get the manager for named KeyInfoGenerator instances.
138      * 
139      * @return the KeyInfoGenerator manager, or null if none is configured
140      */
141     public NamedKeyInfoGeneratorManager getKeyInfoGeneratorManager();
142     
143     /**
144      * Get the KeyInfoCredentialResolver associated with the named configuration.
145      * 
146      * @param name the name of the resolver configuration to return
147      * @return a KeyInfoCredentialResolver instance
148      */
149     public KeyInfoCredentialResolver getKeyInfoCredentialResolver(String name);
150     
151     /**
152      * Get the default KeyInfoCredentialResolver configuration.
153      * 
154      * @return the default KeyInfoCredentialResolver
155      */
156     public KeyInfoCredentialResolver getDefaultKeyInfoCredentialResolver();
157     
158 }