All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.wss4j.common.ext.WSPasswordCallback Maven / Gradle / Ivy

The newest version!
/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.wss4j.common.ext;

import java.security.Key;

import org.w3c.dom.Element;

import javax.security.auth.callback.Callback;

/**
 * Simple class to provide a password callback mechanism.
 * 

* It uses the JAAS authentication mechanisms and callback methods. * In addition to the identifier (user name) this class also provides * information what type of information the callback handle * method shall provide. *

* The WSPasswordCallback class defines the following usage * codes: *

    *
  • UNKNOWN - an unknown usage. Never used by the WSS4J * implementation and shall be treated as an error by the handle * method.
  • *
  • DECRYPT - need a password to get the private key of * this identifier (username) from the keystore. WSS4J uses this private * key to decrypt the session (symmetric) key. Because the encryption * method uses the public key to encrypt the session key it needs no * password (a public key is usually not protected by a password).
  • *
  • USERNAME_TOKEN - need the password to fill in or to * verify a UsernameToken.
  • *
  • SIGNATURE - need the password to get the private key of * this identifier (username) from the keystore. WSS4J uses this private * key to produce a signature. The signature verification uses the public * key to verify the signature.
  • *
  • SECURITY_CONTEXT_TOKEN - need the key to to be associated * with a wsc:SecurityContextToken.
  • *
  • PASSWORD_ENCRYPTOR_PASSWORD - return the password used with a * PasswordEncryptor implementation to decrypt encrypted passwords stored in * Crypto properties files
  • *
*/ public class WSPasswordCallback implements Callback { /** * An unknown usage. Never used by the WSS4J implementation and should be treated * as an error. */ public static final int UNKNOWN = 0; /** * DECRYPT usage is used when the calling code needs a password to get the private key of * this identifier (alias) from a keystore. This is only used for the inbound case of * decrypting a session (symmetric) key, and not for the case of getting a private key to * sign the message. The CallbackHandler must set the password via the setPassword(String) * method. */ public static final int DECRYPT = 1; /** * USERNAME_TOKEN usage is used to obtain a password for either creating a Username Token, * or for validating it. It is also used for the case of deriving a key from a Username Token. * The CallbackHandler must set the password via the setPassword(String) method. */ public static final int USERNAME_TOKEN = 2; /** * SIGNATURE usage is used on the outbound side only, to get a password to get the private * key of this identifier (alias) from a keystore. The CallbackHandler must set the password * via the setPassword(String) method. */ public static final int SIGNATURE = 3; /** * SECURITY_CONTEXT_TOKEN usage is for the case of when we want the CallbackHandler to * supply the key associated with a SecurityContextToken. The CallbackHandler must set * the key via the setKey(byte[]) method. */ public static final int SECURITY_CONTEXT_TOKEN = 6; /** * CUSTOM_TOKEN usage is used for the case that we want the CallbackHandler to supply a * token as a DOM Element. For example, this is used for the case of a reference to a * SAML Assertion or Security Context Token that is not in the message. The CallbackHandler * must set the token via the setCustomToken(Element) method. */ public static final int CUSTOM_TOKEN = 7; /** * SECRET_KEY usage is used for the case that we want to obtain a secret key for encryption * or signature on the outbound side, or for decryption or verification on the inbound side. * The CallbackHandler must set the key via the setKey(byte[]) method. */ public static final int SECRET_KEY = 9; /** * PASSWORD_ENCRYPTOR_PASSWORD usage is used to return the password used with a PasswordEncryptor * implementation to decrypt encrypted passwords stored in Crypto properties files */ public static final int PASSWORD_ENCRYPTOR_PASSWORD = 10; private String identifier; private String password; private byte[] secret; private Key key; private int usage; private String type; private Element customToken; private String algorithm; private Element keyInfoReference; /** * Constructor. * * @param id The application called back must supply the password for * this identifier. */ public WSPasswordCallback(String id, int usage) { this(id, null, null, usage); } /** * Constructor. * * @param id The application called back must supply the password for * this identifier. */ public WSPasswordCallback(String id, String pw, String type, int usage) { identifier = id; password = pw; this.type = type; this.usage = usage; } /** * Get the identifier. *

* * @return The identifier */ public String getIdentifier() { return identifier; } /** * Set the identifier * @param ident The identity. */ public void setIdentifier(String ident) { this.identifier = ident; } /** * Set the password. *

* * @param passwd is the password associated to the identifier */ public void setPassword(String passwd) { password = passwd; } /** * Get the password. *

* * @return The password */ public String getPassword() { return password; } /** * Set the Key. *

* * @param secret */ public void setKey(byte[] secret) { this.secret = secret; } public void setKey(Key key) { this.key = key; } /** * Get the key. *

* * @return The key */ public byte[] getKey() { return this.secret; } public Key getKeyObject() { return key; } /** * Get the usage. *

* * @return The usage for this callback */ public int getUsage() { return usage; } /** * @return Returns the type. */ public String getType() { return type; } /** * * @return the custom token */ public Element getCustomToken() { return customToken; } /** * Set the custom token * @param customToken */ public void setCustomToken(Element customToken) { this.customToken = customToken; } /** * Get the algorithm to be used. For example, a different secret key might be returned depending * on the algorithm. */ public String getAlgorithm() { return algorithm; } /** * Specify an algorithm to be used. For example, a different secret key might be returned depending * on the algorithm. */ public void setAlgorithm(String algorithm) { this.algorithm = algorithm; } public Element getKeyInfoReference() { return keyInfoReference; } /** * This allows the CallbackHandler to specify a custom Element used to reference the * key (if for example SECRET_KEY is the usage of the callback) * @param keyInfoReference */ public void setKeyInfoReference(Element keyInfoReference) { this.keyInfoReference = keyInfoReference; } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy