1 /*
2 * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 package org.opensaml.xml.security;
18
19 import java.security.interfaces.DSAParams;
20
21 import org.opensaml.xml.security.credential.Credential;
22 import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
23 import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
24
25 /**
26 * Interface for classes which store security-related configuration information, especially
27 * related to the requirements for XML Signature and XML Encryption.
28 */
29 public interface SecurityConfiguration {
30
31 /**
32 * Get the signature algorithm URI for the specified JCA key algorithm name.
33 *
34 * @param jcaAlgorithmName a JCA key algorithm name
35 * @return a signature algorithm URI mapping, or null if no mapping is available
36 */
37 public String getSignatureAlgorithmURI(String jcaAlgorithmName);
38
39 /**
40 * Get the signature algorithm URI for the signing key contained within the specified credential.
41 *
42 * @param credential a credential containing a signing key
43 * @return a signature algorithm URI mapping, or null if no mapping is available
44 */
45 public String getSignatureAlgorithmURI(Credential credential);
46
47 /**
48 * Get a digest method algorithm URI suitable for use as a Signature Reference DigestMethod value.
49 *
50 * @return a digest method algorithm URI
51 */
52 public String getSignatureReferenceDigestMethod();
53
54 /**
55 * Get a canonicalization algorithm URI suitable for use as a Signature CanonicalizationMethod value.
56 *
57 * @return a canonicalization algorithm URI
58 */
59 public String getSignatureCanonicalizationAlgorithm();
60
61 /**
62 * Get the value to be used as the Signature SignatureMethod HMACOutputLength value, used
63 * only when signing with an HMAC algorithm. This value is optional when using HMAC.
64 *
65 * @return the configured HMAC output length value
66 */
67 public Integer getSignatureHMACOutputLength();
68
69 /**
70 * Get the encryption algorithm URI for the specified JCA key algorithm name and optional key
71 * length.
72 *
73 * Passing <code>null</code> as the key length will return the default algorithm URI for the specified
74 * JCA algorithm, if a default is configured. If no mapping for the specified key length is available,
75 * the default mapping will be returned.
76 *
77 * @param jcaAlgorithmName a JCA key algorithm name
78 * @param keyLength optional key length parameter
79 * @return an encryption algorithm URI, or null if no mapping is available
80 */
81 public String getDataEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength);
82
83 /**
84 * Get the encryption algorithm URI for the encryption key contained within the specified credential.
85 *
86 * @param credential a credential containing an encryption key
87 * @return an encryption algorithm URI mapping, or null if no mapping is available
88 */
89 public String getDataEncryptionAlgorithmURI(Credential credential);
90
91 /**
92 * Get the key transport encryption algorithm URI for the specified JCA key algorithm name, optional key
93 * length and optional JCA key algorithm name of the key to be encrypted.
94 *
95 * Note that typically the key length parameter is required for lookup of symmetric key wrap algorithm
96 * URI's, but is typically not required or relevant for asymmetric key transport algorithms.
97 *
98 * If a mapping is not available considering the optional key length and wrapped algorithm parameters as passed,
99 * a lookup will next be attempted by omiting the (non-null) wrapped key algorithm, and if that is unsuccessful,
100 * by then omitting the (non-null) key length parameter. If a mapping has still not been found, then a final
101 * lookup attempt will be made using the key encryption key's JCA algorithm name alone.
102 *
103 * @param jcaAlgorithmName a JCA key algorithm name for the key encryption key
104 * @param keyLength optional key length parameter
105 * @param wrappedKeyAlgorithm a JCA key algorithm name for the key to be encrypted
106 * @return an encryption algorithm URI, or null if no mapping is available
107 */
108 public String getKeyTransportEncryptionAlgorithmURI(String jcaAlgorithmName, Integer keyLength,
109 String wrappedKeyAlgorithm);
110
111 /**
112 * Get the key transport encryption algorithm URI for the encryption key contained within the specified credential.
113 *
114 * @param credential a credential containing an encryption key
115 * @param wrappedKeyAlgorithm the JCA key algorithm name of the key being encrypted
116 * @return an encryption algorithm URI mapping, or null if no mapping is available
117 */
118 public String getKeyTransportEncryptionAlgorithmURI(Credential credential, String wrappedKeyAlgorithm);
119
120 /**
121 * Get the encryption algorithm URI to be used when auto-generating random data encryption keys.
122 *
123 * @return an encryption algorithm URI, or null if no default is available
124 */
125 public String getAutoGeneratedDataEncryptionKeyAlgorithmURI();
126
127 /**
128 * Get a DSA parameters instance which defines the default DSA key information to be used
129 * within a DSA "key family".
130 *
131 * @param keyLength length of the DSA key whose parameters are desired
132 * @return the default DSA parameters instance, or null if no default is available
133 */
134 public DSAParams getDSAParams(int keyLength);
135
136 /**
137 * Get the manager for named KeyInfoGenerator instances.
138 *
139 * @return the KeyInfoGenerator manager, or null if none is configured
140 */
141 public NamedKeyInfoGeneratorManager getKeyInfoGeneratorManager();
142
143 /**
144 * Get the KeyInfoCredentialResolver associated with the named configuration.
145 *
146 * @param name the name of the resolver configuration to return
147 * @return a KeyInfoCredentialResolver instance
148 */
149 public KeyInfoCredentialResolver getKeyInfoCredentialResolver(String name);
150
151 /**
152 * Get the default KeyInfoCredentialResolver configuration.
153 *
154 * @return the default KeyInfoCredentialResolver
155 */
156 public KeyInfoCredentialResolver getDefaultKeyInfoCredentialResolver();
157
158 }