• Home
• org.apache.wss4j
• wss4j-ws-security-common
• 2.2.7
• source code
• WSPasswordCallback.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.apache.wss4j.common.ext.WSPasswordCallback Maven / Gradle / Ivy

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.wss4j.common.ext;

import java.security.Key;

import org.w3c.dom.Element;

import javax.security.auth.callback.Callback;

/**
 * Simple class to provide a password callback mechanism.
 * 

 * It uses the JAAS authentication mechanisms and callback methods.
 * In addition to the identifier (user name) this class also provides
 * information what type of information the callback handle
 * method shall provide.
 * 

 * The  WSPasswordCallback class defines the following usage
 * codes:
 * 

 * 
UNKNOWN - an unknown usage. Never used by the WSS4J
 * implementation and shall be treated as an error by the handle
 *  method.
 * 
DECRYPT - need a password to get the private key of
 * this identifier (username) from the keystore. WSS4J uses this private
 * key to decrypt the session (symmetric) key. Because the encryption
 * method uses the public key to encrypt the session key it needs no
 * password (a public key is usually not protected by a password).
 * 
USERNAME_TOKEN - need the password to fill in or to
 * verify a UsernameToken.
 * 
SIGNATURE - need the password to get the private key of
 * this identifier (username) from the keystore. WSS4J uses this private
 * key to produce a signature. The signature verification uses the public
 * key to verify the signature.
 * 
SECURITY_CONTEXT_TOKEN - need the key to to be associated
 * with a wsc:SecurityContextToken.
 * 
PASSWORD_ENCRYPTOR_PASSWORD - return the password used with a
 * PasswordEncryptor implementation to decrypt encrypted passwords stored in
 * Crypto properties files
 * 
 */

public class WSPasswordCallback implements Callback {

    /**
     * An unknown usage. Never used by the WSS4J implementation and should be treated
     * as an error.
     */
    public static final int UNKNOWN = 0;

    /**
     * DECRYPT usage is used when the calling code needs a password to get the private key of
     * this identifier (alias) from a keystore. This is only used for the inbound case of
     * decrypting a session (symmetric) key, and not for the case of getting a private key to
     * sign the message. The CallbackHandler must set the password via the setPassword(String)
     * method.
     */
    public static final int DECRYPT = 1;

    /**
     * USERNAME_TOKEN usage is used to obtain a password for either creating a Username Token,
     * or for validating it. It is also used for the case of deriving a key from a Username Token.
     * The CallbackHandler must set the password via the setPassword(String) method.
     */
    public static final int USERNAME_TOKEN = 2;

    /**
     * SIGNATURE usage is used on the outbound side only, to get a password to get the private
     * key of this identifier (alias) from a keystore. The CallbackHandler must set the password
     * via the setPassword(String) method.
     */
    public static final int SIGNATURE = 3;

    /**
     * This identifier is deprecated and not used any more.
     */
    @Deprecated
    public static final int KEY_NAME = 4;

    /**
     * This identifier is deprecated and not used any more.
     */
    @Deprecated
    public static final int USERNAME_TOKEN_UNKNOWN = 5;

    /**
     * SECURITY_CONTEXT_TOKEN usage is for the case of when we want the CallbackHandler to
     * supply the key associated with a SecurityContextToken. The CallbackHandler must set
     * the key via the setKey(byte[]) method.
     */
    public static final int SECURITY_CONTEXT_TOKEN = 6;

    /**
     * CUSTOM_TOKEN usage is used for the case that we want the CallbackHandler to supply a
     * token as a DOM Element. For example, this is used for the case of a reference to a
     * SAML Assertion or Security Context Token that is not in the message. The CallbackHandler
     * must set the token via the setCustomToken(Element) method.
     */
    public static final int CUSTOM_TOKEN = 7;

    /**
     * This identifier is deprecated and not used any more.
     */
    @Deprecated
    public static final int ENCRYPTED_KEY_TOKEN = 8;

    /**
     * SECRET_KEY usage is used for the case that we want to obtain a secret key for encryption
     * or signature on the outbound side, or for decryption or verification on the inbound side.
     * The CallbackHandler must set the key via the setKey(byte[]) method.
     */
    public static final int SECRET_KEY = 9;

    /**
     * PASSWORD_ENCRYPTOR_PASSWORD usage is used to return the password used with a PasswordEncryptor
     * implementation to decrypt encrypted passwords stored in Crypto properties files
     */
    public static final int PASSWORD_ENCRYPTOR_PASSWORD = 10;

    private String identifier;
    private String password;
    private byte[] secret;
    private byte[] encryptedSecret;
    private Key key;
    private int usage;
    private String type;
    private Element customToken;
    private String algorithm;
    private Element keyInfoReference;

    /**
     * Constructor.
     *
     * @param id The application called back must supply the password for
     *           this identifier.
     */
    public WSPasswordCallback(String id, int usage) {
        this(id, null, null, usage);
    }

    /**
     * Constructor.
     *
     * @param id The application called back must supply the password for
     *           this identifier.
     */
    public WSPasswordCallback(String id, String pw, String type, int usage) {
        identifier = id;
        password = pw;
        this.type = type;
        this.usage = usage;
    }

    /**
     * Get the identifier.
     * 

     *
     * @return The identifier
     */
    public String getIdentifier() {
        return identifier;
    }

    /**
     * Set the identifier
     * @param ident The identity.
     */
    public void setIdentifier(String ident) {
        this.identifier = ident;
    }

    /**
     * Set the password.
     * 

     *
     * @param passwd is the password associated to the identifier
     */
    public void setPassword(String passwd) {
        password = passwd;
    }

    /**
     * Get the password.
     * 

     *
     * @return The password
     */
    public String getPassword() {
        return password;
    }

    /**
     * Set the Key.
     * 

     *
     * @param secret
     */
    public void setKey(byte[] secret) {
        this.secret = secret;
    }

    public void setKey(Key key) {
        this.key = key;
    }

    /**
     * Get the key.
     * 

     *
     * @return The key
     */
    public byte[] getKey() {
        return this.secret;
    }

    public Key getKeyObject() {
        return key;
    }

    /**
     * Get the usage.
     * 

     *
     * @return The usage for this callback
     */
    public int getUsage() {
        return usage;
    }

    /**
     * @return Returns the type.
     */
    public String getType() {
        return type;
    }

    /**
     *
     * @return the custom token
     */
    public Element getCustomToken() {
        return customToken;
    }

    /**
     * Set the custom token
     * @param customToken
     */
    public void setCustomToken(Element customToken) {
        this.customToken = customToken;
    }

    /**
     * Get the Encrypted Secret. The CallbackHandler may return an encrypted version of the secret key
     * to be used, instead of having WSS4J explicitly encrypt the key. Alternatively, the recipient can
     * call this with the cipher content of the EncryptedKey, if a symmetric key wrap algorithm is used.
     *
     */
    public byte[] getEncryptedSecret() {
        return encryptedSecret;
    }

    /**
     * Set the Encrypted Secret. The CallbackHandler may return an encrypted version of the secret key
     * to be used, instead of having WSS4J explicitly encrypt the key. Alternatively, the recipient can
     * call this with the cipher content of the EncryptedKey, if a symmetric key wrap algorithm is used.
     *
     * @param encryptedSecret
     */
    public void setEncryptedSecret(byte[] encryptedSecret) {
        this.encryptedSecret = encryptedSecret;
    }

    /**
     * Get the algorithm to be used. For example, a different secret key might be returned depending
     * on the algorithm.
     */
    public String getAlgorithm() {
        return algorithm;
    }

    /**
     * Specify an algorithm to be used. For example, a different secret key might be returned depending
     * on the algorithm.
     */
    public void setAlgorithm(String algorithm) {
        this.algorithm = algorithm;
    }

    public Element getKeyInfoReference() {
        return keyInfoReference;
    }

    /**
     * This allows the CallbackHandler to specify a custom Element used to reference the
     * key (if for example SECRET_KEY is the usage of the callback)
     * @param keyInfoReference
     */
    public void setKeyInfoReference(Element keyInfoReference) {
        this.keyInfoReference = keyInfoReference;
    }


}