1 files changed, 98 insertions, 0 deletions

diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java
new file mode 100644
index 00000000..f04555dc
--- /dev/null
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java
@@ -0,0 +1,98 @@
+package at.gv.egiz.eaaf.modules.auth.sl20.utils;
+
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import javax.annotation.Nonnull;
+
+import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
+
+import org.jose4j.jwa.AlgorithmConstraints;
+import org.jose4j.lang.JoseException;
+
+import com.fasterxml.jackson.databind.JsonNode;
+
+public interface IJoseTools {
+
+  /**
+   * Create a JWS signature.
+   *
+   *<p>This method adds the certificate chain into JOSE header.</p>
+   *
+   * @param payLoad Payload to sign
+   * @throws SlCommandoBuildException In case of a signature creation error
+   */
+  String createSignature(String payLoad) throws SlCommandoBuildException;
+
+  /**
+   * Create a JWS signature.
+   *
+   * @param payLoad Payload to sign
+   * @param addFullCertChain If <code>true</code> the full certificate chain will be added,
+   *     otherwise only the X509CertSha256Fingerprint is added into JOSE header
+   * @return Signed PayLoad in serialized form
+   * @throws SlCommandoBuildException SlCommandoBuildException In case of a signature creation error
+   */
+  String createSignature(String payLoad, boolean addFullCertChain) throws SlCommandoBuildException;
+
+  /**
+   * Validates a signed SL2.0 message.
+   *
+   * @param serializedContent Serialized JWS signature
+   * @return Verification-result DAO
+   * @throws SL20Exception In case of a signature validation error
+   */
+  @Nonnull
+  VerificationResult validateSignature(@Nonnull String serializedContent) throws SL20Exception;
+
+  /**
+   * Validate a JWS signature.
+   *
+   * @param serializedContent JWS in serialized form
+   * @param trustedCerts      trusted X509 certificates
+   * @param constraints       signature verification constraints
+   * @return Signature-verification result
+   * @throws JoseException In case of a signature verification error
+   * @throws IOException   In case of a general IO error
+   */
+  @Nonnull
+  VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull List<X509Certificate> trustedCerts,
+      @Nonnull AlgorithmConstraints constraints) throws JoseException, IOException;
+
+  /**
+   * Validate a JWS signature.
+   *
+   * @param serializedContent JWS in serialized form
+   * @param trustStore        with trusted X509 certificates
+   * @param algconstraints    signature verification constraints
+   * @return Signature-verification result
+   * @throws JoseException     In case of a signature verification error
+   * @throws IOException       In case of a general IO error
+   * @throws KeyStoreException In case of TrustStore error
+   */
+  @Nonnull
+  VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull KeyStore trustStore,
+      @Nonnull AlgorithmConstraints algconstraints) throws JoseException, IOException, KeyStoreException;
+
+  /**
+   * Get the encryption certificate for SL2.0 End-to-End encryption.
+   *
+   * @return
+   */
+  X509Certificate getEncryptionCertificate();
+
+  /**
+   * Decrypt a serialized JWE token.
+   *
+   * @param compactSerialization Serialized JWE token
+   * @return decrypted payload
+   * @throws SL20Exception In case of a decryption error
+   */
+  JsonNode decryptPayload(String compactSerialization) throws SL20Exception;
+
+}