package at.gv.egiz.eaaf.modules.pvp2.api.utils; import java.security.KeyStore; import java.security.Provider; import java.security.cert.X509Certificate; import java.util.List; import javax.annotation.Nonnull; import javax.annotation.Nullable; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; public interface IPvp2CredentialProvider { /** * Get Credentials to sign metadata. * * @return Credentials * @throws CredentialsNotAvailableException In case of a credential error */ @Nonnull EaafX509Credential getMetaDataSigningCredential() throws CredentialsNotAvailableException; /** * Get Credentials to sign SAML2 messages, like AuthnRequest, Response, * Assertions as some examples. * * @return Credentials * @throws CredentialsNotAvailableException In case of a credential error */ @Nonnull EaafX509Credential getMessageSigningCredential() throws CredentialsNotAvailableException; /** * Get Credentials to encrypt messages, like Assertion as example. * * @return Credentials * @throws CredentialsNotAvailableException In case of a credential error */ @Nullable EaafX509Credential getMessageEncryptionCredential() throws CredentialsNotAvailableException; /** * Get a List of trusted {@link X509Certificate} that are available in this * KeyStore. * * @return List of trusted {@link X509Certificate}, or an emptry {@link List} if * no certificates are available * @throws CredentialsNotAvailableException In case of a KeyStore error */ @Nonnull List getTrustedCertificates() throws CredentialsNotAvailableException; /** * Get the {@link KeyStore} that is used in this {@link IPvp2CredentialProvider}. * * @return KeyStore {@link Pair} of {@link KeyStore} and JCE {@link Provider} * if a special provider is in use */ @Nonnull Pair getKeyStore(); }