1 /**
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19
20 package org.apache.ws.security.str;
21
22 import org.apache.ws.security.WSDocInfo;
23 import org.apache.ws.security.WSSecurityException;
24 import org.apache.ws.security.handler.RequestData;
25
26 import org.w3c.dom.Element;
27
28 import java.security.Principal;
29 import java.security.PublicKey;
30 import java.security.cert.X509Certificate;
31 import java.util.Map;
32
33 /**
34 * This interface describes a pluggable way of extracting credentials from SecurityTokenReference
35 * elements. The implementations are used by various processors.
36 */
37 public interface STRParser {
38
39 /**
40 * ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number of the
41 * (root) cert
42 * THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 thumbprint of the (root) cert
43 * KEY_IDENTIFIER - A certificate (chain) is located via a Key Identifier Element
44 * DIRECT_REF - A certificate (chain) is located directly via an Id to another security token
45 * Note that a Thumbprint reference is also a KeyIdentifier, but takes precedence over it.
46 */
47 enum REFERENCE_TYPE {
48 ISSUER_SERIAL, THUMBPRINT_SHA1, KEY_IDENTIFIER, DIRECT_REF
49 };
50
51 /**
52 * Parse a SecurityTokenReference element and extract credentials.
53 *
54 * @param strElement The SecurityTokenReference element
55 * @param data the RequestData associated with the request
56 * @param wsDocInfo The WSDocInfo object to access previous processing results
57 * @param parameters A set of implementation-specific parameters
58 * @throws WSSecurityException
59 */
60 void parseSecurityTokenReference(
61 Element strElement,
62 RequestData data,
63 WSDocInfo wsDocInfo,
64 Map<String, Object> parameters
65 ) throws WSSecurityException;
66
67 /**
68 * Get the X509Certificates associated with this SecurityTokenReference
69 * @return the X509Certificates associated with this SecurityTokenReference
70 */
71 X509Certificate[] getCertificates();
72
73 /**
74 * Get the Principal associated with this SecurityTokenReference
75 * @return the Principal associated with this SecurityTokenReference
76 */
77 Principal getPrincipal();
78
79 /**
80 * Get the PublicKey associated with this SecurityTokenReference
81 * @return the PublicKey associated with this SecurityTokenReference
82 */
83 PublicKey getPublicKey();
84
85 /**
86 * Get the Secret Key associated with this SecurityTokenReference
87 * @return the Secret Key associated with this SecurityTokenReference
88 */
89 byte[] getSecretKey();
90
91 /**
92 * Get whether the returned credential is already trusted or not. This is currently
93 * applicable in the case of a credential extracted from a trusted HOK SAML Assertion,
94 * and a BinarySecurityToken that has been processed by a Validator. In these cases,
95 * the SignatureProcessor does not need to verify trust on the credential.
96 * @return true if trust has already been verified on the returned Credential
97 */
98 boolean isTrustedCredential();
99
100 /**
101 * Get how the certificates were referenced
102 * @return how the certificates were referenced
103 */
104 REFERENCE_TYPE getCertificatesReferenceType();
105
106 }