Package com.sun.xml.ws.security

Interface IssuedTokenContext

  • All Known Implementing Classes:
    IssuedTokenContextImpl
    @ManagedData
@Description("Information used by Trust and Security enforcement")
public interface IssuedTokenContext
    This interface is the SPI defined by WS-Security to enable WS-Trust/SecureConversation specific security interactions.

    This interface represents a Context containing information populated and used by the Trust and the Security Enforcement Layers (for example the proof-token of an Issued token needs to be used by the SecurityEnforcement Layer to secure the message).

    • Method Detail

      • setTokenIssuer

        void setTokenIssuer​(String issuer)

      • getTokenIssuer

        @ManagedAttribute
@Description("Token issuer")
String getTokenIssuer()

      • getRequestorCertificate

        @ManagedAttribute
@Description("Requestor certificate")
X509Certificate getRequestorCertificate()
        Requestor Certificate(s)
        Returns:
        the sender certificate, null otherwise

      • setRequestorCertificate

        void setRequestorCertificate​(X509Certificate cert)
        Append the Requestor Certificate that was used in an incoming message.

      • getRequestorUsername

        @ManagedAttribute
@Description("Requestor username")
String getRequestorUsername()
        Requestor username if any
        Returns:
        the requestor username if provided

      • setRequestorUsername

        void setRequestorUsername​(String username)
        set requestor username

      • getRequestorSubject

        @ManagedAttribute
@Description("Requestor subject")
Subject getRequestorSubject()

      • setRequestorSubject

        void setRequestorSubject​(Subject subject)

      • setTokenType

        void setTokenType​(String tokenType)

      • getTokenType

        @ManagedAttribute
@Description("Token type")
String getTokenType()

      • setKeyType

        void setKeyType​(String keyType)

      • getKeyType

        @ManagedAttribute
@Description("Key type")
String getKeyType()

      • setAppliesTo

        void setAppliesTo​(String appliesTo)

      • getAppliesTo

        @ManagedAttribute
@Description("appliesTo value")
String getAppliesTo()

      • setSecurityToken

        void setSecurityToken​(Token tok)
        Depending on the <sp:IncludeToken> server policy, set the Token to be used in Securing requests and/or responses

      • getSecurityToken

        @ManagedAttribute
@Description("Security token")
Token getSecurityToken()
        Depending on the <sp:IncludeToken> policy get the Token to be used in Securing requests and/or responses. The token returned is to be used only for inserting into the SecurityHeader, if the getAssociatedProofToken is not null, and it should also be used for securing the message if there is no Proof Token associated.

      • setAssociatedProofToken

        void setAssociatedProofToken​(Token token)
        Set the Proof Token Associated with the SecurityToken

        when the SecurityToken is a SecurityContext token (as defined in WS-SecureConversation) and Derived Keys are being used then the Proof Token is the <wsc:DerivedKeyToken>

      • getAssociatedProofToken

        @ManagedAttribute
@Description("Proof token")
Token getAssociatedProofToken()
        get the Proof Token (if any) associated with the SecurityToken, null otherwise

      • getAttachedSecurityTokenReference

        @ManagedAttribute
@Description("Attached security token reference")
Token getAttachedSecurityTokenReference()
        If the token returned doesnt allow use of wsu:id attribute then a STR is returned as <wst:RequestedAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example.
        Returns:
        STR if set, null otherwise

      • getUnAttachedSecurityTokenReference

        @ManagedAttribute
@Description("Unattached security token reference")
Token getUnAttachedSecurityTokenReference()
        If the token returned doesnt allow use of wsu:id attribute then a STR is returned as <wst:RequestedUnAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example.
        Returns:
        STR if set, null otherwise

      • setAttachedSecurityTokenReference

        void setAttachedSecurityTokenReference​(Token str)
        If the token returned doesnt allow use of wsu:id attribute then a STR is returned as <wst:RequestedAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example

      • setUnAttachedSecurityTokenReference

        void setUnAttachedSecurityTokenReference​(Token str)
        If the token returned doesnt allow use of wsu:id attribute then a STR is returned as <wst:RequestedUnAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example

      • getSecurityPolicy

        ArrayList<Object> getSecurityPolicy()
        get the SecurityPolicy to be applied for the request or response to which this SecurityContext corresponds to This allows the Client and/or the Service (WSP/STS) to dynamically inject policy to be applied. For example in the case of SignChallenge when the Initiator (client) has to sign a specific challenge.

        Note: Inserting an un-solicited RSTR into a SOAP Header can also be expressed as a policy and the subsequent requirement to sign the RSTR will also be expressed as a policy

        TODO: There is no policy today to insert a specific element to a SOAP Header, we need to extend the policy definitions in XWS-Security.

      • setOtherPartyEntropy

        void setOtherPartyEntropy​(Object entropy)
        Set the Entropy information provided by the other Part (if any)

        WS-Trust allows requestor to provide input to key material in the request. The requestor might do this to satisfy itself as to the degree of entropy(cyrptographic randomness) of atleast some of the material used to generate the actual Key.

        For composite Keys Entropy can be set by both parties, the concrete entropy element can be a <wst:Entropy> instance but the argument here is generic to avoid a dependence of the SPI on WS-Trust packages

      • getDecipheredOtherPartyEntropy

        Key getDecipheredOtherPartyEntropy​(Key privKey)
                            throws XWSSecurityException
        Get the Entropy if any provided by the other party, null otherwise If the Entropy was specified as an <xenc:EncryptedKey> then this method would return the decrypted secret
        Throws:
        XWSSecurityException

      • getOtherPartyEntropy

        @ManagedAttribute
@Description("Other party entropy")
Object getOtherPartyEntropy()
        Get the Entropy if any provided by the Other Party, null otherwise

      • setSelfEntropy

        void setSelfEntropy​(Object entropy)
        Set self Entropy

      • getSelfEntropy

        @ManagedAttribute
@Description("Self entropy")
Object getSelfEntropy()
        Get self Entropy if set, null otherwise

      • getComputedKeyAlgorithmFromProofToken

        URI getComputedKeyAlgorithmFromProofToken()
        Return the <wst:ComputedKey> URI if any inside the RSTR, null otherwise. The Security Enforcement Layer would compute the Key as P_SHA1(Ent(req), Ent(res))

      • setProofKey

        void setProofKey​(byte[] key)
        set the SecureConversation ProofToken as a byte[] array

      • getProofKey

        byte[] getProofKey()
        get the SecureConversation ProofToken as a byte[] array

      • setProofKeyPair

        void setProofKeyPair​(KeyPair keys)

      • getProofKeyPair

        KeyPair getProofKeyPair()

      • setAuthnContextClass

        void setAuthnContextClass​(String authType)

      • getAuthnContextClass

        String getAuthnContextClass()

      • getCreationTime

        Date getCreationTime()
        Returns:
        the creation Time of the IssuedToken

      • getExpirationTime

        Date getExpirationTime()
        get the Expiration Time for this Token if any

      • setCreationTime

        void setCreationTime​(Date date)
        set the creation Time of the IssuedToken

      • setEndpointAddress

        void setEndpointAddress​(String endPointAddress)
        set the endpointaddress

      • getEndpointAddress

        String getEndpointAddress()
        Get the endpoint address

      • setExpirationTime

        void setExpirationTime​(Date date)
        set the Expiration Time for this Token if any.

      • getSignatureAlgorithm

        String getSignatureAlgorithm()
        Returns:
        The signature algorithm to use to sign IssuedToken

      • setSignatureAlgorithm

        void setSignatureAlgorithm​(String sigAlgo)
        Parameters:
        sigAlgo - : signature algorithm to use to sign IssuedToken

      • getEncryptionAlgorithm

        String getEncryptionAlgorithm()
        Returns:
        The encryption algorithm to use to encrypt IssuedToken

      • setEncryptionAlgorithm

        void setEncryptionAlgorithm​(String encAlgo)
        Parameters:
        encAlgo - : The encryption algorithm to use to encrypt IssuedToken

      • getCanonicalizationAlgorithm

        String getCanonicalizationAlgorithm()
        Returns:
        The canonicalization algorithm to use when signing IssuedToken

      • setCanonicalizationAlgorithm

        void setCanonicalizationAlgorithm​(String canonicalizationAlgo)
        Parameters:
        canonicalizationAlgo - : The canonicalization algorithm to use when signing IssuedToken

      • getSignWith

        String getSignWith()
        Returns:
        The signature algorithm the client intends to use when using ProofKey to sign the application message

      • setSignWith

        void setSignWith​(String sigAlgo)
        Parameters:
        sigAlgo - : The signature algorithm the client intends to use when using ProofKey to sign the application message

      • getEncryptWith

        String getEncryptWith()
        Returns:
        The encryption algorithm the client intends to use when using ProofKey to encrypt the application message

      • setEncryptWith

        void setEncryptWith​(String encAlgo)
        Parameters:
        encAlgo - The encryption algorithm the client intends to use when using ProofKey to encrypt the application message

      • getSecurityContextTokenInfo

        SecurityContextTokenInfo getSecurityContextTokenInfo()
        Get the SecurityContextTokenInfo for this Token if any.

      • setTarget

        void setTarget​(Token target)

      • getTarget

        Token getTarget()

      • setSecurityContextTokenInfo

        void setSecurityContextTokenInfo​(SecurityContextTokenInfo sctInfo)
        set the SecurityContextTokenInfo for this Token if any.

      • destroy

        void destroy()
        Destroy the IssuedTokenContext.