001: /*
002: * BEGIN_HEADER - DO NOT EDIT
003: *
004: * The contents of this file are subject to the terms
005: * of the Common Development and Distribution License
006: * (the "License"). You may not use this file except
007: * in compliance with the License.
008: *
009: * You can obtain a copy of the license at
010: * https://open-esb.dev.java.net/public/CDDLv1.0.html.
011: * See the License for the specific language governing
012: * permissions and limitations under the License.
013: *
014: * When distributing Covered Code, include this CDDL
015: * HEADER in each file and include the License file at
016: * https://open-esb.dev.java.net/public/CDDLv1.0.html.
017: * If applicable add the following below this CDDL HEADER,
018: * with the fields enclosed by brackets "[]" replaced with
019: * your own identifying information: Portions Copyright
020: * [year] [name of copyright owner]
021: */
022:
023: /*
024: * @(#)HttpSecurityHandler.java
025: * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
026: *
027: * END_HEADER - DO NOT EDIT
028: */
029: /**
030: * HttpSecurityHandler.java
031: *
032: * SUN PROPRIETARY/CONFIDENTIAL.
033: * This software is the proprietary information of Sun Microsystems, Inc.
034: * Use is subject to license terms.
035: *
036: * Created on October 19, 2004, 5:53 PM
037: */package com.sun.jbi.binding.security;
038:
039: import java.io.IOException;
040:
041: import java.net.URL;
042: import java.net.URLConnection;
043: import java.security.KeyManagementException;
044: import java.security.KeyStoreException;
045: import java.security.NoSuchAlgorithmException;
046: import java.security.UnrecoverableKeyException;
047: import java.security.cert.CertificateException;
048: import java.security.cert.X509Certificate;
049: import javax.security.auth.Subject;
050: import javax.servlet.http.HttpServletRequest;
051:
052: /**
053: * HttpsSecurityHandler defines a set of methods which can be used by a Http binding.
054: *
055: * @author Sun Microsystems, Inc.
056: */
057: public interface HttpSecurityHandler {
058:
059: /**
060: * Authenticate a HttpServletRequest.
061: *
062: * If the Endpoint requires SSL Client Authentication, this method gets the Client
063: * Certificate from the request and authenticates the Sender. If a Client Certificate
064: * is missing an exception is thrown.
065: *
066: * If the Endpoint does not require SSL Client Authentication none of the above steps
067: * are performed and an empty Subject is returned. This method does not return a null
068: * Subject to avoid NullPOinterExceptions.
069: *
070: * @param request is the HttpServletRequest.
071: * @param endpoint is the targeted Endpoint
072: * @param subject is the Sender Subject to be updated, if null a new one is created.
073: * @throws HttpErrorResponseException when the processing results in a Http Error
074: * @return the authenticated Subject
075: * response to be sent to the client.
076: */
077: Subject authenticateSenderRequest(HttpServletRequest request,
078: Endpoint endpoint, Subject subject)
079: throws HttpErrorResponseException;
080:
081: /**
082: * Authenticate the Sender Request by getting the Sender identity from the
083: * Certificate.
084: *
085: * @param cert is the trusted X.509 Certificate.
086: * @param endpoint is the targeted Endpoint
087: * @param subject is the Sender Subject to be updated, if null a new one is created.
088: * @throws HttpErrorResponseException when the processing results in a Http Error
089: * response to be sent to the client.
090: * @return the authenticated Subject
091: */
092: Subject authenticateSenderRequest(X509Certificate cert,
093: Endpoint endpoint, Subject subject)
094: throws HttpErrorResponseException;
095:
096: /**
097: * Make this a secure Connection. The choice of using SSL3.0/TLS and the TrustStore
098: * Keystore details should come from the endpoint/operation details.
099: * @param serverURL Is the Server URL the secure connection is being made to.
100: * @param endpoint is the Endpoint on behalf of which the secure connection
101: * is being made.
102: * @throws KeyStoreException when a problem is encountered accessing the KeyStore
103: * @throws NoSuchAlgorithmException If the TLS algorithm is unknown
104: * @throws KeyManagementException on KeyMamagement errors.
105: * @throws CertificateException on certificate related problems.
106: * @throws UnrecoverableKeyException If a required Key cannot be obtained from the
107: * store.
108: * @throws java.io.IOException on IO realted errors.
109: * @return an instance of a Secure URL Connection
110: */
111: URLConnection createSecureClientConnection(URL serverURL,
112: Endpoint endpoint) throws IOException, KeyStoreException,
113: NoSuchAlgorithmException, KeyManagementException,
114: CertificateException, UnrecoverableKeyException;
115: }
|