1 /* 2 * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.] 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package org.opensaml.xml.security.keyinfo; 18 19 import java.util.Collection; 20 21 import org.opensaml.xml.XMLObject; 22 import org.opensaml.xml.security.CriteriaSet; 23 import org.opensaml.xml.security.SecurityException; 24 import org.opensaml.xml.security.credential.Credential; 25 import org.opensaml.xml.signature.KeyInfo; 26 27 /** 28 * Interface for providers used in conjunction with a {@link KeyInfoCredentialResolver} which 29 * support resolving {@link Credential}s based on a child element of {@link KeyInfo}. 30 */ 31 public interface KeyInfoProvider { 32 33 /** 34 * Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it. 35 * 36 * @param resolver reference to a resolver which is calling the provider 37 * @param keyInfoChild the KeyInfo child being processed 38 * @param criteriaSet the credential criteria the credential must satisfy 39 * @param kiContext the resolution context, used for sharing state amongst resolvers and providers 40 * 41 * @return a resolved Credential collection, or null 42 * 43 * @throws SecurityException if there is an error during credential resolution. 44 * Note: failure to resolve a credential is not an error. 45 */ 46 public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild, 47 CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException; 48 49 /** 50 * Evaluate whether the given provider should attempt to handle resolving a credential 51 * from the specified KeyInfo child. 52 * 53 * An evaluation of <code>true</code> does not guarantee that a credential can or will be 54 * extracted form the particular KeyInfo child, only that processing should be attempted. 55 * 56 * @param keyInfoChild the KeyInfo child object to consider 57 * 58 * @return true if the provider should attempt to resolve credentials, false otherwise 59 */ 60 public boolean handles(XMLObject keyInfoChild); 61 62 }