View Javadoc

1   /*
2    * The MIT License
3    *
4    * Original work sponsored and donated by National Board of e-Health (NSI), Denmark (http://www.nsi.dk)
5    *
6    * Copyright (C) 2011 National Board of e-Health (NSI), Denmark (http://www.nsi.dk)
7    *
8    * Permission is hereby granted, free of charge, to any person obtaining a copy of
9    * this software and associated documentation files (the "Software"), to deal in
10   * the Software without restriction, including without limitation the rights to
11   * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
12   * of the Software, and to permit persons to whom the Software is furnished to do
13   * so, subject to the following conditions:
14   *
15   * The above copyright notice and this permission notice shall be included in all
16   * copies or substantial portions of the Software.
17   *
18   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24   * SOFTWARE.
25   *
26   * $HeadURL: https://svn.softwareborsen.dk/sosi/trunk/modules/seal/src/main/java/dk/sosi/seal/vault/CredentialVault.java $
27   * $Id: CredentialVault.java 9261 2011-10-27 13:01:41Z ads@lakeside.dk $
28   */
29  package dk.sosi.seal.vault;
30  
31  import java.security.KeyStore;
32  import java.security.cert.X509Certificate;
33  
34  /**
35   * An interface representing a store for system credentials. The vault can store
36   * both public certificate and a private key (<coe>CredentialPair</code>)
37   * for the system that uses this <code>CredentialVault</code>.
38   * 
39   * @author kkj
40   * @author $LastChangedBy: ads@lakeside.dk $
41   * @since 1.0
42   */
43  public interface CredentialVault {
44  
45      public static final String ALIAS_SYSTEM = System.getProperty("dk.sosi.seal.vault.CredentialVault#Alias", "SOSI:ALIAS_SYSTEM");
46      
47  	/**
48  	 * Returns <code>true</code> if the passed certificate is a 
49  	 * trusted certificate..
50  	 * </p>
51  	 * Please note: This mechanism should <b>not</b>be used in federations.
52  	 * In federative architectures please use @link{dk.sosi.seal.pki.Federation} to check STS certificates etc. 
53  	 * 
54  	 * @param certificate
55  	 *            the certificate to check.
56  	 * @throws CredentialVaultException
57  	 *             if anything unexpected happened.
58  	 */
59  	boolean isTrustedCertificate(X509Certificate certificate) throws CredentialVaultException;
60  
61  	/**
62  	 * Gets the credential pair (private key and certificate) embedded in this
63  	 * credential vault.
64  	 * 
65  	 * @throws CredentialVaultException
66  	 *             if anything unexpected happened.
67  	 */
68  	CredentialPair getSystemCredentialPair() throws CredentialVaultException;
69  
70  	/**
71  	 * Associates a credential pair (private key and certificate) to this
72  	 * credential vault.
73  	 * 
74  	 * @param credentialPair
75  	 *            the credential pair to associate
76  	 * @throws CredentialVaultException
77  	 *             if anything unexpected happened.
78  	 */
79  	void setSystemCredentialPair(CredentialPair credentialPair) throws CredentialVaultException;
80  
81  	/**
82  	 * Returns the underlying keystore.
83  	 */
84  	KeyStore getKeyStore();
85  }