 |
/*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License, as published by the Free Software Foundation and
* available at http://www.fsf.org/licensing/licenses/lgpl.html,
* version 2.1 or above.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* Copyright (c) 2005-2006 StrongAuth, Inc.
*
* $Date: 2006-07-18 18:31:46 -0700 (Tue, 18 Jul 2006) $
* $Revision: 188 $
* $Author: anoor $
* $URL: http://zeus.strongauth.com/svndevp/symkey/trunk/skcl/src/com/strongauth/symkey/skcl/SKS.java $
*
*/
package com.strongauth.symkey.skcl;
import com.strongauth.symkey.utility.*;
public interface SKS
{
/*
* This method retrieves a symmetric key from either the local key-cache
* or from a networked Symmetric Key Services (SKS) server. This method
* requires the certificateDN, the keystorePassword and the Symmetric Key
* Services server URL to be configured in the SKCL Properties file.
*
* @param globalKeyID java.lang.String containing the unique identifier of
* the symmetric key for this site. When the GKID is 0-0, it signifies a
* request for a new symmetric key; anything else is a request for an
* existing symmetric key.
*
* @return com.strongauth.symkey.utility.Symkey object containing the
* symmetric key as well as the KeyUsePolicy associated with this key.
*/
public Symkey getSymkey(
java.lang.String globalKeyID)
throws SymkeyExpiredCertificateException,
SymkeyInvalidCertificateException,
SymkeyInvalidGKIDException,
SymkeyInvalidDNException,
SymkeyInvalidPasswordException,
SymkeyNotFoundException,
SymkeyOtherException,
SymkeySKSUnavailableException;
/*
* This method retrieves a symmetric key from either the local key-cache
* or from a networked Symmetric Key Services (SKS) server. This method
* requires only the certificateDN and keystorePassword to be configured
* in the SKCL Properties file.
*
* @param globalKeyID java.lang.String containing the unique identifier of
* the symmetric key for this site. When the GKID is 0-0, it signifies a
* request for a new symmetric key; anything else is a request for an
* existing symmetric key.
* @param sksServer java.lang.String containing the URL of the Symmetric
* Key Services server where the key can be retreived.
*
* @return com.strongauth.symkey.utility.Symkey object containing the
* symmetric key as well as the KeyUsePolicy associated with this key.
*/
public Symkey getSymkey(
java.lang.String globalKeyID,
java.lang.String sksServer)
throws SymkeyExpiredCertificateException,
SymkeyInvalidCertificateException,
SymkeyInvalidGKIDException,
SymkeyInvalidDNException,
SymkeyInvalidPasswordException,
SymkeyNotFoundException,
SymkeyOtherException,
SymkeySKSUnavailableException;
/*
* This method retrieves a symmetric key from either the local key-cache
* or from a networked Symmetric Key Services (SKS) server. While this
* method does NOT require the certificateDN and the keystorePassword to
* be stored in the SKCL properties file, the URL of the Symmetric Key
* Services server must be be configured in the SKCL Properties file.
*
* @param certificateDN java.lang.String containing the Distinguished Name
* (DN) of the digital certificate that will be used to sign a request to
* the SKS server, as well as decrypt the encrypted response from the server.
* The same certificate is used to create digitally signed counters in the
* local key-cache.
* @param keystorePassword java.lang.String containing the password/PIN
* to the cryptographic token containing the Private Keys of the digital
* certificate of this application/device/user.
* @param globalKeyID java.lang.String containing the unique identifier of
* the symmetric key for this site. When the GKID is 0-0, it signifies a
* request for a new symmetric key; anything else is a request for an
* existing symmetric key.
*
* @return com.strongauth.symkey.utility.Symkey object containing the
* symmetric key as well as the KeyUsePolicy associated with this key.
*/
public Symkey getSymkey(
java.lang.String certificateDN,
java.lang.String keystorePassword,
java.lang.String globalKeyID)
throws SymkeyExpiredCertificateException,
SymkeyInvalidCertificateException,
SymkeyInvalidGKIDException,
SymkeyInvalidDNException,
SymkeyInvalidPasswordException,
SymkeyNotFoundException,
SymkeyOtherException,
SymkeySKSUnavailableException;
/*
* This method retrieves a symmetric key from either the local key-cache
* or from a networked Symmetric Key Services (SKS) server. This method
* does NOT require the certificateDN and keystorePassword to be configured
* in the SKCL Properties file.
*
* @param certificateDN java.lang.String containing the Distinguished Name
* (DN) of the digital certificate that will be used to sign a request to
* the SKS server, as well as decrypt the encrypted response from the server.
* The same certificate is used to create digitally signed counters in the
* local key-cache.
* @param keystorePassword java.lang.String containing the password/PIN
* to the cryptographic token containing the Private Keys of the digital
* certificate of this application/device/user.
* @param globalKeyID java.lang.String containing the unique identifier of
* the symmetric key for this site. When the GKID is 0-0, it signifies a
* request for a new symmetric key; anything else is a request for an
* existing symmetric key.
* @param sksServer java.lang.String containing the URL of the Symmetric
* Key Services server where the key can be retreived.
*
* @return com.strongauth.symkey.utility.Symkey object containing the
* symmetric key as well as the KeyUsePolicy associated with this key.
*/
public Symkey getSymkey(
java.lang.String certificateDN,
java.lang.String keystorePassword,
java.lang.String globalKeyID,
java.lang.String sksServer)
throws SymkeyExpiredCertificateException,
SymkeyInvalidCertificateException,
SymkeyInvalidGKIDException,
SymkeyInvalidDNException,
SymkeyInvalidPasswordException,
SymkeyNotFoundException,
SymkeyOtherException,
SymkeySKSUnavailableException;
/*
* This method encrypts plaintext passed in as a byte array (suitable
* for binary data), using one of the supported algorithms, and returns
* the ciphertext in a byte array. This method DOES require the
* certificateDN and keystorePassword to be configured in the SKCL
* Properties file.
*
* @param initializationVector java.lang.String containing the initial
* bytes to be used in the encryption. Since only CBC-based modes are
* supported by this library currently, the IV is required.
* @param plaintextInput - The byte array containing the plaintext that
* needs to be encrypted.
* @param symmetricKeyObject com.strongauth.symkey.utility.Symkey object
* containing the symmetric key as well as the KeyUsePolicy associated
* with this key.
* @param JCEProvider java.lang.String containing the identifier of
* supported and configured JCE providers. This string identifier must
* also be in the SKCL Properties file. If a null string is provided,
* the default SunJCE provider is used.
*
* @return byte array containing the encrypted ciphertext
*
* @throws com.strongauth.symkey.utility.SymkeyOtherException if there
* is any problem in the method
*/
public byte[] encryptToBytes(
java.lang.String initializationVector,
byte[] plaintextInput,
Symkey symmetricKeyObject,
java.lang.String JCEProvider)
throws SymkeyOtherException;
/*
* This method encrypts plaintext passed in as a byte array (suitable
* for binary data), using one of the supported algorithms, and returns
* the ciphertext in a byte array. This method does NOT require the
* certificateDN and keystorePassword to be configured in the SKCL
* Properties file.
*
* @param initializationVector java.lang.String containing the initial
* bytes to be used in the encryption. Since only CBC-based modes are
* supported by this library currently, the IV is required.
* @param plaintextInput - The byte array containing the plaintext that
* needs to be encrypted.
* @param symmetricKeyObject com.strongauth.symkey.utility.Symkey object
* containing the symmetric key as well as the KeyUsePolicy associated
* with this key.
* @param JCEProvider java.lang.String containing the identifier of
* supported and configured JCE providers. This string identifier must
* also be in the SKCL Properties file. If a null string is provided,
* the default SunJCE provider is used.
* @param certificateDN java.lang.String containing the Distinguished Name
* (DN) of the digital certificate that will be used to sign a request to
* the SKS server, as well as decrypt the encrypted response from the server.
* The same certificate is used to create digitally signed counters in the
* local key-cache.
* @param keystorePassword java.lang.String containing the password/PIN
* to the cryptographic token containing the Private Keys of the digital
* certificate of this application/device/user.
*
* @return byte array containing the encrypted ciphertext
*
* @throws com.strongauth.symkey.utility.SymkeyOtherException if there
* is any problem in the method
*/
public byte[] encryptToBytes(
java.lang.String initializationVector,
byte[] plaintextInput,
Symkey symmetricKeyObject,
java.lang.String JCEProvider,
java.lang.String certificateDN,
java.lang.String keystorePassword)
throws SymkeyOtherException;
/*
* This method encrypts plaintext passed in as a String (suitable for
* for non-binary data), using one of the supported algorithms, and
* returns the ciphertext in a byte array. This method DOES require
* the certificateDN and keystorePassword to be configured in the SKCL
* Properties file.
*
* @param initializationVector java.lang.String containing the initial
* bytes to be used in the encryption. Since only CBC-based modes are
* supported by this library currently, the IV is required.
* @param plaintextInput java.lang.String containing the plaintext that
* needs to be encrypted.
* @param symmetricKeyObject com.strongauth.symkey.utility.Symkey object
* containing the symmetric key as well as the KeyUsePolicy associated
* with this key.
* @param JCEProvider java.lang.String containing the identifier of
* supported and configured JCE providers. This string identifier must
* also be in the SKCL Properties file. If a null string is provided,
* the default SunJCE provider is used.
*
* @return byte array containing the encrypted ciphertext
*
* @throws com.strongauth.symkey.utility.SymkeyOtherException if there
* is any problem in the method
*/
public byte[] encryptToBytes(
java.lang.String initializationVector,
java.lang.String plaintextInput,
Symkey symmetricKeyObject,
java.lang.String JCEProvider)
throws SymkeyOtherException;
/*
* This method encrypts plaintext passed in as a String (suitable for
* for non-binary data), using one of the supported algorithms, and
* returns the ciphertext in a byte array. This method does NOT
* require the certificateDN and keystorePassword to be configured in
* the SKCL Properties file.
*
* @param initializationVector java.lang.String containing the initial
* bytes to be used in the encryption. Since only CBC-based modes are
* supported by this library currently, the IV is required.
* @param plaintextInput java.lang.String containing the plaintext that
* needs to be encrypted.
* @param symmetricKeyObject com.strongauth.symkey.utility.Symkey object
* containing the symmetric key as well as the KeyUsePolicy associated
* with this key.
* @param JCEProvider java.lang.String containing the identifier of
* supported and configured JCE providers. This string identifier must
* also be in the SKCL Properties file. If a null string is provided,
* the default SunJCE provider is used.
* @param certificateDN java.lang.String containing the Distinguished Name
* (DN) of the digital certificate that will be used to sign a request to
* the SKS server, as well as decrypt the encrypted response from the server.
* The same certificate is used to create digitally signed counters in the
* local key-cache.
* @param keystorePassword java.lang.String containing the password/PIN
* to the cryptographic token containing the Private Keys of the digital
* certificate of this application/device/user.
*
* @return byte array containing the encrypted ciphertext
*
* @throws com.strongauth.symkey.utility.SymkeyOtherException if there
* is any problem in the method
*/
public byte[] encryptToBytes(
java.lang.String initializationVector,
java.lang.String plaintextInput,
Symkey symmetricKeyObject,
java.lang.String JCEProvider,
java.lang.String certificateDN,
java.lang.String keystorePassword)
throws SymkeyOtherException;
/*
* This method encrypts plaintext passed in as a byte array (suitable
* for binary data), using one of the supported algorithms, and returns
* the ciphertext in an XML document that conforms to the W3C's XML
* Encryption standard (http://www.w3.org/Encryption/2001/). This
* method DOES require the certificateDN and keystorePassword to be
* configured in the SKCL Properties file.
*
* @param initializationVector java.lang.String containing the initial
* bytes to be used in the encryption. Since only CBC-based modes are
* supported by this library currently, the IV is required.
* @param plaintextInput - The byte array containing the plaintext that
* needs to be encrypted.
* @param symmetricKeyObject com.strongauth.symkey.utility.Symkey object
* containing the symmetric key as well as the KeyUsePolicy associated
* with this key.
* @param JCEProvider java.lang.String containing the identifier of
* supported and configured JCE providers. This string identifier must
* also be in the SKCL Properties file. If a null string is provided,
* the default SunJCE provider is used.
*
* @return java.lang.String containing the XMLEncryption document
*
* @throws com.strongauth.symkey.utility.SymkeyOtherException if there
* is any problem in the method
*/
public java.lang.String encryptToXML(
java.lang.String initializationVector,
byte[] plaintextInput,
Symkey symmetricKeyObject,
java.lang.String JCEProvider)
throws SymkeyOtherException;
/*
* This method encrypts plaintext passed in as a byte array (suitable
* for binary data), using one of the supported algorithms, and returns
* the ciphertext in an XML document that conforms to the W3C's XML
* Encryption standard (http://www.w3.org/Encryption/2001/). This
* method does NOT require the certificateDN and keystorePassword to be
* configured in the SKCL Properties file.
*
* @param initializationVector java.lang.String containing the initial
* bytes to be used in the encryption. Since only CBC-based modes are
* supported by this library currently, the IV is required.
* @param plaintextInput - The byte array containing the plaintext that
* needs to be encrypted.
* @param symmetricKeyObject com.strongauth.symkey.utility.Symkey object
* containing the symmetric key as well as the KeyUsePolicy associated
* with this key.
* @param JCEProvider java.lang.String containing the identifier of
* supported and configured JCE providers. This string identifier must
* also be in the SKCL Properties file. If a null string is provided,
* the default SunJCE provider is used.
* @param certificateDN java.lang.String containing the Distinguished Name
* (DN) of the digital certificate that will be used to sign a request to
* the SKS server, as well as decrypt the encrypted response from the server.
* The same certificate is used to create digitally signed counters in the
* local key-cache.
* @param keystorePassword java.lang.String containing the password/PIN
* to the cryptographic token containing the Private Keys of the digital
* certificate of this application/device/user.
*
* @return java.lang.String containing the XMLEncryption document
*
* @throws com.strongauth.symkey.utility.SymkeyOtherException if there
* is any problem in the method
*/
public java.lang.String encryptToXML(
java.lang.String initializationVector,
byte[] plaintextInput,
Symkey symmetricKeyObject,
java.lang.String JCEProvider,
java.lang.String certificateDN,
java.lang.String keystorePassword)
throws SymkeyOtherException;
/*
* This method encrypts plaintext passed in as a String (suitable for
* non-binary data), using one of the supported algorithms, and returns
* the ciphertext in an XML document that conforms to the W3C's XML
* Encryption standard (http://www.w3.org/Encryption/2001/). This
* method DOES require the certificateDN and keystorePassword to be
* configured in the SKCL Properties file.
*
* @param initializationVector java.lang.String containing the initial
* bytes to be used in the encryption. Since only CBC-based modes are
* supported by this library currently, the IV is required.
* @param plaintextInput java.lang.String containing the plaintext that
* needs to be encrypted.
* @param symmetricKeyObject com.strongauth.symkey.utility.Symkey object
* containing the symmetric key as well as the KeyUsePolicy associated
* with this key.
* @param JCEProvider java.lang.String containing the identifier of
* supported and configured JCE providers. This string identifier must
* also be in the SKCL Properties file. If a null string is provided,
* the default SunJCE provider is used.
*
* @return java.lang.String containing the XMLEncryption document
*
* @throws com.strongauth.symkey.utility.SymkeyOtherException if there
* is any problem in the method
*/
public java.lang.String encryptToXML(
java.lang.String initializationVector,
java.lang.String plaintextInput,
Symkey symmetricKeyObject,
java.lang.String JCEProvider)
throws SymkeyOtherException;
/*
* This method encrypts plaintext passed in as a String (suitable for
* non-binary data), using one of the supported algorithms, and returns
* the ciphertext in an XML document that conforms to the W3C's XML
* Encryption standard (http://www.w3.org/Encryption/2001/). This
* method does NOT require the certificateDN and keystorePassword to be
* configured in the SKCL Properties file.
*
* @param initializationVector java.lang.String containing the initial
* bytes to be used in the encryption. Since only CBC-based modes are
* supported by this library currently, the IV is required.
* @param plaintextInput java.lang.String containing the plaintext that
* needs to be encrypted.
* @param symmetricKeyObject com.strongauth.symkey.utility.Symkey object
* containing the symmetric key as well as the KeyUsePolicy associated
* with this key.
* @param JCEProvider java.lang.String containing the identifier of
* supported and configured JCE providers. This string identifier must
* also be in the SKCL Properties file. If a null string is provided,
* the default SunJCE provider is used.
* @param certificateDN java.lang.String containing the Distinguished Name
* (DN) of the digital certificate that will be used to sign a request to
* the SKS server, as well as decrypt the encrypted response from the server.
* The same certificate is used to create digitally signed counters in the
* local key-cache.
* @param keystorePassword java.lang.String containing the password/PIN
* to the cryptographic token containing the Private Keys of the digital
* certificate of this application/device/user.
*
* @return java.lang.String containing the XMLEncryption document
*
* @throws com.strongauth.symkey.utility.SymkeyOtherException if there
* is any problem in the method
*/
public java.lang.String encryptToXML(
java.lang.String initializationVector,
java.lang.String plaintextInput,
Symkey symmetricKeyObject,
java.lang.String JCEProvider,
java.lang.String certificateDN,
java.lang.String keystorePassword)
throws SymkeyOtherException;
/*
* This method decrypts ciphertext passed in as a byte array (suitable
* for binary data), using one of the supported algorithms, and returns
* the plaintext in a byte array.
*
* @param initializationVector java.lang.String containing the initial
* bytes to be used in the decryption. Since only CBC-based modes are
* supported by this library currently, the IV is required.
* @param ciphertextInput - The byte array containing the encrypted data
* that needs to be decrypted.
* @param symmetricKeyObject com.strongauth.symkey.utility.Symkey object
* containing the symmetric key as well as the KeyUsePolicy associated
* with this key.
* @param JCEProvider java.lang.String containing the identifier of
* supported and configured JCE providers. This string identifier must
* also be in the SKCL Properties file. If a null string is provided,
* the default SunJCE provider is used.
*
* @return byte array containing the decrypted plaintext
*
* @throws com.strongauth.symkey.utility.SymkeyOtherException if there
* is any problem in the method
*/
public byte[] decryptBytes(
java.lang.String initializationVector,
byte[] ciphertextInput,
Symkey symmetricKeyObject,
java.lang.String JCEProvider)
throws SymkeyOtherException;
/*
* This method decrypts ciphertext passed in as a String (suitable for
* Base64-encoded ciphertext), using one of the supported algorithms,
* and returns the plaintext in a byte array.
*
* @param initializationVector java.lang.String containing the initial
* bytes to be used in the decryption. Since only CBC-based modes are
* supported by this library currently, the IV is required.
* @param ciphertextInput java.lang.String containing the Base64-text
* of the encrypted data that needs to be decrypted.
* @param symmetricKeyObject com.strongauth.symkey.utility.Symkey object
* containing the symmetric key as well as the KeyUsePolicy associated
* with this key.
* @param JCEProvider java.lang.String containing the identifier of
* supported and configured JCE providers. This string identifier must
* also be in the SKCL Properties file. If a null string is provided,
* the default SunJCE provider is used.
*
* @return byte array containing the decrypted plaintext
*
* @throws com.strongauth.symkey.utility.SymkeyOtherException if there
* is any problem in the method
*/
public byte[] decryptBytes(
java.lang.String initializationVector,
java.lang.String ciphertextInput,
Symkey symmetricKeyObject,
java.lang.String JCEProvider)
throws SymkeyOtherException;
/*
* This method decrypts ciphertext inside an XMLEncryption document
* (passed in as a String), using one of the supported algorithms,
* and returns the plaintext in a byte array.
*
* @param initializationVector java.lang.String containing the initial
* bytes to be used in the decryption. Since only CBC-based modes are
* supported by this library currently, the IV is required.
* @param ciphertextInput java.lang.String containing the Base64-text
* of the encrypted data that needs to be decrypted.
* @param symmetricKeyObject com.strongauth.symkey.utility.Symkey object
* containing the symmetric key as well as the KeyUsePolicy associated
* with this key.
* @param JCEProvider java.lang.String containing the identifier of
* supported and configured JCE providers. This string identifier must
* also be in the SKCL Properties file. If a null string is provided,
* the default SunJCE provider is used.
*
* @return byte array containing the decrypted plaintext
*
* @throws com.strongauth.symkey.utility.SymkeyOtherException if there
* is any problem in the method
*/
public byte[] decryptXML(
java.lang.String initializationVector,
java.lang.String ciphertextInput,
Symkey symmetricKeyObject,
java.lang.String JCEProvider)
throws SymkeyOtherException;
/**
* This method simply converts bytes to a hexadecimal representation,
* which is useful for printing and storing as text.
*
* @param bytes The bytes to be converted
* @return a hex representation of bytes
*/
public String bytesToHex(byte[] bytes);
/*
* This method calculates the Secure Hashing Algorithim-1 (SHA1)
* message digest for the given input, and returns a Base64-encoded
* digest string.
*
* @param input The byte array containing the input, over which the
* message digest is calculated.
* @param JCEProvider java.lang.String containing the identifier of
* supported and configured JCE providers. This string identifier must
* also be in the SKCL Properties file. If a null string is provided,
* the default SunJCE provider is used.
*
* @return java.lang.String containing the Base64-encoded SHA1 message
* digest over the input
*
* @throws java.lang.Exception if there is any problem in the method
*/
public String getSHA1(byte[] input, String JCEProvider) throws Exception;
/*
* This method calculates the Secure Hashing Algorithim-256 (SHA256)
* message digest for the given input, and returns a Base64-encoded
* digest string.
*
* @param input The byte array containing the input, over which the
* message digest is calculated.
* @param JCEProvider java.lang.String containing the identifier of
* supported and configured JCE providers. This string identifier must
* also be in the SKCL Properties file. If a null string is provided,
* the default SunJCE provider is used.
*
* @return java.lang.String containing the Base64-encoded SHA256 message
* digest over the input
*
* @throws java.lang.Exception if there is any problem in the method
*/
public String getSHA256(byte[] input, String JCEProvider) throws Exception;
/*
* This method calculates the Secure Hashing Algorithim-384 (SHA384)
* message digest for the given input, and returns a Base64-encoded
* digest string.
*
* @param input The byte array containing the input, over which the
* message digest is calculated.
* @param JCEProvider java.lang.String containing the identifier of
* supported and configured JCE providers. This string identifier must
* also be in the SKCL Properties file. If a null string is provided,
* the default SunJCE provider is used.
*
* @return java.lang.String containing the Base64-encoded SHA256 message
* digest over the input
*
* @throws java.lang.Exception if there is any problem in the method
*/
public String getSHA384(byte[] input, String JCEProvider) throws Exception;
/*
* This method calculates the Secure Hashing Algorithim-512 (SHA512)
* message digest for the given input, and returns a Base64-encoded
* digest string.
*
* @param input The byte array containing the input, over which the
* message digest is calculated.
* @param JCEProvider java.lang.String containing the identifier of
* supported and configured JCE providers. This string identifier must
* also be in the SKCL Properties file. If a null string is provided,
* the default SunJCE provider is used.
*
* @return java.lang.String containing the Base64-encoded SHA256 message
* digest over the input
*
* @throws java.lang.Exception if there is any problem in the method
*/
public String getSHA512(byte[] input, String JCEProvider) throws Exception;
}
|
|
