RequestData xref

View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.ws.security.handler;
21  
22  import java.security.cert.X509Certificate;
23  import java.util.ArrayList;
24  import java.util.Collection;
25  import java.util.List;
26  import java.util.regex.Pattern;
27  
28  import javax.security.auth.callback.CallbackHandler;
29  import javax.xml.namespace.QName;
30  
31  import org.apache.ws.security.SOAPConstants;
32  import org.apache.ws.security.WSConstants;
33  import org.apache.ws.security.WSEncryptionPart;
34  import org.apache.ws.security.WSSConfig;
35  import org.apache.ws.security.WSSecurityException;
36  import org.apache.ws.security.cache.ReplayCache;
37  import org.apache.ws.security.components.crypto.AlgorithmSuite;
38  import org.apache.ws.security.components.crypto.Crypto;
39  import org.apache.ws.security.message.WSSecHeader;
40  import org.apache.ws.security.message.token.UsernameToken;
41  import org.apache.ws.security.validate.Validator;
42  
43  /**
44   * This class holds per request data.
45   *
46   * @author Werner Dittmann (Werner.Dittmann@t-online.de)
47   */
48  public class RequestData {
49      
50      private Object msgContext = null;
51      private boolean noSerialization = false;
52      private SOAPConstants soapConstants = null;
53      private String actor = null;
54      private String username = null;
55      private String pwType = WSConstants.PASSWORD_DIGEST; // Make this the default when no password type is given.
56      private String[] utElements = null;
57      private Crypto sigCrypto = null;
58      private Crypto decCrypto = null;
59      private int sigKeyId = 0;
60      private String sigAlgorithm = null;
61      private String signatureDigestAlgorithm = null;
62      private String encryptionDigestAlgorithm = null;
63      private List<WSEncryptionPart> signatureParts = new ArrayList<WSEncryptionPart>();
64      private Crypto encCrypto = null;
65      private int encKeyId = 0;
66      private String encSymmAlgo = null;
67      private String encKeyTransport = null;
68      private String encUser = null;
69      private String signatureUser = null;
70      private List<WSEncryptionPart> encryptParts = new ArrayList<WSEncryptionPart>();
71      private X509Certificate encCert = null;
72      private int timeToLive = 300;   // Timestamp: time in seconds between creation and expiry
73      private WSSConfig wssConfig = null;
74      private List<byte[]> signatureValues = new ArrayList<byte[]>();
75      private WSSecHeader secHeader = null;
76      private boolean encSymmetricEncryptionKey = true;
77      private int secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
78      private boolean useDerivedKey = true;
79      private int derivedKeyIterations = UsernameToken.DEFAULT_ITERATION;
80      private boolean useDerivedKeyForMAC = true;
81      private boolean useSingleCert = true;
82      private CallbackHandler callback = null;
83      private boolean enableRevocation = false;
84      protected boolean requireSignedEncryptedDataElements = false;
85      private ReplayCache timestampReplayCache;
86      private ReplayCache nonceReplayCache;
87      private Collection<Pattern> subjectDNPatterns = new ArrayList<Pattern>();
88      private boolean appendSignatureAfterTimestamp;
89      private AlgorithmSuite algorithmSuite;
90      private AlgorithmSuite samlAlgorithmSuite;
91  
92      public void clear() {
93          soapConstants = null;
94          actor = username = pwType = sigAlgorithm = encSymmAlgo = encKeyTransport = encUser = null;
95          sigCrypto = decCrypto = encCrypto = null;
96          signatureParts.clear();
97          encryptParts.clear();
98          encCert = null;
99          utElements = null;
100         wssConfig = null;
101         signatureValues.clear();
102         signatureDigestAlgorithm = null;
103         encryptionDigestAlgorithm = null;
104         encSymmetricEncryptionKey = true;
105         secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
106         signatureUser = null;
107         useDerivedKey = true;
108         derivedKeyIterations = UsernameToken.DEFAULT_ITERATION;
109         useDerivedKeyForMAC = true;
110         useSingleCert = true;
111         callback = null;
112         enableRevocation = false;
113         timestampReplayCache = null;
114         nonceReplayCache = null;
115         subjectDNPatterns.clear();
116         appendSignatureAfterTimestamp = false;
117         algorithmSuite = null;
118         samlAlgorithmSuite = null;
119     }
120 
121     public Object getMsgContext() {
122         return msgContext;
123     }
124 
125     public void setMsgContext(Object msgContext) {
126         this.msgContext = msgContext;
127     }
128 
129     public boolean isNoSerialization() {
130         return noSerialization;
131     }
132 
133     public void setNoSerialization(boolean noSerialization) {
134         this.noSerialization = noSerialization;
135     }
136 
137     public SOAPConstants getSoapConstants() {
138         return soapConstants;
139     }
140 
141     public void setSoapConstants(SOAPConstants soapConstants) {
142         this.soapConstants = soapConstants;
143     }
144 
145     public String getActor() {
146         return actor;
147     }
148 
149     public void setActor(String actor) {
150         this.actor = actor;
151     }
152     
153     public void setSecretKeyLength(int length) {
154         secretKeyLength = length;
155     }
156     
157     public int getSecretKeyLength() {
158         return secretKeyLength;
159     }
160 
161     public String getUsername() {
162         return username;
163     }
164 
165     public void setUsername(String username) {
166         this.username = username;
167     }
168     
169     public void setEncryptSymmetricEncryptionKey(boolean encrypt) {
170         encSymmetricEncryptionKey = encrypt;
171     }
172     
173     public boolean getEncryptSymmetricEncryptionKey() {
174         return encSymmetricEncryptionKey;
175     }
176 
177     public String getPwType() {
178         return pwType;
179     }
180 
181     public void setPwType(String pwType) {
182         this.pwType = pwType;
183     }
184 
185     public String[] getUtElements() {
186         return utElements;
187     }
188 
189     public void setUtElements(String[] utElements) {
190         this.utElements = utElements;
191     }
192 
193     public Crypto getSigCrypto() {
194         return sigCrypto;
195     }
196 
197     public void setSigCrypto(Crypto sigCrypto) {
198         this.sigCrypto = sigCrypto;
199     }
200 
201     public Crypto getDecCrypto() {
202         return decCrypto;
203     }
204 
205     public void setDecCrypto(Crypto decCrypto) {
206         this.decCrypto = decCrypto;
207     }
208 
209     public int getSigKeyId() {
210         return sigKeyId;
211     }
212 
213     public void setSigKeyId(int sigKeyId) {
214         this.sigKeyId = sigKeyId;
215     }
216 
217     public String getSigAlgorithm() {
218         return sigAlgorithm;
219     }
220 
221     public void setSigAlgorithm(String sigAlgorithm) {
222         this.sigAlgorithm = sigAlgorithm;
223     }
224     
225     public String getSigDigestAlgorithm() {
226         return signatureDigestAlgorithm;
227     }
228 
229     public void setSigDigestAlgorithm(String sigDigestAlgorithm) {
230         this.signatureDigestAlgorithm = sigDigestAlgorithm;
231     }
232     
233     public String getEncDigestAlgorithm() {
234         return encryptionDigestAlgorithm;
235     }
236 
237     public void setEncDigestAlgorithm(String encDigestAlgorithm) {
238         this.encryptionDigestAlgorithm = encDigestAlgorithm;
239     }
240 
241     public List<WSEncryptionPart> getSignatureParts() {
242         return signatureParts;
243     }
244     
245     public String getSignatureUser() {
246         return signatureUser;
247     }
248 
249     public void setSignatureUser(String signatureUser) {
250         this.signatureUser = signatureUser;
251     }
252 
253     public Crypto getEncCrypto() {
254         return encCrypto;
255     }
256 
257     public void setEncCrypto(Crypto encCrypto) {
258         this.encCrypto = encCrypto;
259     }
260 
261     public int getEncKeyId() {
262         return encKeyId;
263     }
264 
265     public void setEncKeyId(int encKeyId) {
266         this.encKeyId = encKeyId;
267     }
268 
269     public String getEncSymmAlgo() {
270         return encSymmAlgo;
271     }
272 
273     public void setEncSymmAlgo(String encSymmAlgo) {
274         this.encSymmAlgo = encSymmAlgo;
275     }
276 
277     public String getEncKeyTransport() {
278         return encKeyTransport;
279     }
280 
281     public void setEncKeyTransport(String encKeyTransport) {
282         this.encKeyTransport = encKeyTransport;
283     }
284 
285     public String getEncUser() {
286         return encUser;
287     }
288 
289     public void setEncUser(String encUser) {
290         this.encUser = encUser;
291     }
292 
293     public List<WSEncryptionPart> getEncryptParts() {
294         return encryptParts;
295     }
296 
297     public X509Certificate getEncCert() {
298         return encCert;
299     }
300 
301     public void setEncCert(X509Certificate encCert) {
302         this.encCert = encCert;
303     }
304 
305     public int getTimeToLive() {
306         return timeToLive;
307     }
308 
309     public void setTimeToLive(int timeToLive) {
310         this.timeToLive = timeToLive;
311     }
312 
313     /**
314      * @return Returns the wssConfig.
315      */
316     public WSSConfig getWssConfig() {
317         return wssConfig;
318     }
319 
320     /**
321      * @param wssConfig The wssConfig to set.
322      */
323     public void setWssConfig(WSSConfig wssConfig) {
324         this.wssConfig = wssConfig;
325     }
326     
327     /**
328      * @return Returns the list of stored signature values.
329      */
330     public List<byte[]> getSignatureValues() {
331         return signatureValues;
332     }
333 
334     /**
335      * @return Returns the secHeader.
336      */
337     public WSSecHeader getSecHeader() {
338         return secHeader;
339     }
340 
341     /**
342      * @param secHeader The secHeader to set.
343      */
344     public void setSecHeader(WSSecHeader secHeader) {
345         this.secHeader = secHeader;
346     }
347     
348     /**
349      * @param derivedKey Set whether to derive keys as per the 
350      *        UsernameTokenProfile 1.1 spec. Default is true.
351      */
352     public void setUseDerivedKey(boolean derivedKey) {
353         useDerivedKey = derivedKey;
354     }
355     
356     /**
357      * Return whether to derive keys as per the UsernameTokenProfile 
358      * 1.1 spec. Default is true.
359      */
360     public boolean isUseDerivedKey() {
361         return useDerivedKey;
362     }
363     
364     /**
365      * Set the derived key iterations. Default is 1000.
366      * @param iterations The number of iterations to use when deriving a key
367      */
368     public void setDerivedKeyIterations(int iterations) {
369         derivedKeyIterations = iterations;
370     }
371     
372     /**
373      * Get the derived key iterations.
374      * @return The number of iterations to use when deriving a key
375      */
376     public int getDerivedKeyIterations() {
377         return derivedKeyIterations;
378     }
379     
380     /**
381      * Whether to use the derived key for a MAC.
382      * @param useMac Whether to use the derived key for a MAC.
383      */
384     public void setUseDerivedKeyForMAC(boolean useMac) {
385         useDerivedKeyForMAC = useMac;
386     }
387     
388     /**
389      * Whether to use the derived key for a MAC.
390      * @return Whether to use the derived key for a MAC.
391      */
392     public boolean isUseDerivedKeyForMAC() {
393         return useDerivedKeyForMAC;
394     }
395     
396     /**
397      * Whether to use a single certificate or a whole certificate chain when
398      * constructing a BinarySecurityToken used for direct reference in Signature.
399      * @param useSingleCert true if only to use a single certificate
400      */
401     public void setUseSingleCert(boolean useSingleCert) {
402         this.useSingleCert = useSingleCert;
403     }
404     
405     /**
406      * Whether to use a single certificate or a whole certificate chain when
407      * constructing a BinarySecurityToken used for direct reference in Signature.
408      * @return whether to use a single certificate
409      */
410     public boolean isUseSingleCert() {
411         return useSingleCert;
412     }
413 
414     /**
415      * Set whether to enable CRL checking or not when verifying trust in a certificate.
416      * @param enableRevocation whether to enable CRL checking 
417      */
418     public void setEnableRevocation(boolean enableRevocation) {
419         this.enableRevocation = enableRevocation;
420     }
421     
422     /**
423      * Get whether to enable CRL checking or not when verifying trust in a certificate.
424      * @return whether to enable CRL checking
425      */
426     public boolean isRevocationEnabled() {
427         return enableRevocation;
428     }
429     
430     /**
431      * @return whether EncryptedData elements are required to be signed
432      */
433     public boolean isRequireSignedEncryptedDataElements() {
434         return requireSignedEncryptedDataElements;
435     }
436 
437     /**
438      * Configure the engine to verify that EncryptedData elements
439      * are in a signed subtree of the document. This can be used to
440      * prevent some wrapping based attacks when encrypt-before-sign
441      * token protection is selected.
442      *  
443      * @param requireSignedEncryptedDataElements
444      */
445     public void setRequireSignedEncryptedDataElements(boolean requireSignedEncryptedDataElements) {
446         this.requireSignedEncryptedDataElements = requireSignedEncryptedDataElements;
447     }
448     
449     /**
450      * Sets the CallbackHandler used for this request
451      * @param cb
452      */
453     public void setCallbackHandler(CallbackHandler cb) { 
454         callback = cb;
455     }
456     
457     /**
458      * Returns the CallbackHandler used for this request.
459      * @return the CallbackHandler used for this request.
460      */
461     public CallbackHandler getCallbackHandler() {
462         return callback;
463     }
464 
465     /**
466      * Get the Validator instance corresponding to the QName
467      * @param qName the QName with which to find a Validator instance
468      * @return the Validator instance corresponding to the QName
469      * @throws WSSecurityException
470      */
471     public Validator getValidator(QName qName) throws WSSecurityException {
472         if (wssConfig != null)  {
473             return wssConfig.getValidator(qName);
474         }
475         return null;
476     }
477     
478     /**
479      * Set the replay cache for Timestamps
480      */
481     public void setTimestampReplayCache(ReplayCache newCache) {
482         timestampReplayCache = newCache;
483     }
484 
485     /**
486      * Get the replay cache for Timestamps
487      */
488     public ReplayCache getTimestampReplayCache() {
489         return timestampReplayCache;
490     }
491     
492     /**
493      * Set the replay cache for Nonces
494      */
495     public void setNonceReplayCache(ReplayCache newCache) {
496         nonceReplayCache = newCache;
497     }
498 
499     /**
500      * Get the replay cache for Nonces
501      */
502     public ReplayCache getNonceReplayCache() {
503         return nonceReplayCache;
504     }
505     
506     /**
507      * Set the Signature Subject Cert Constraints
508      */
509     public void setSubjectCertConstraints(Collection<Pattern> subjectCertConstraints) {
510         if (subjectCertConstraints != null) {
511             subjectDNPatterns.addAll(subjectCertConstraints);
512         }
513     }
514     
515     /**
516      * Get the Signature Subject Cert Constraints
517      */
518     public Collection<Pattern> getSubjectCertConstraints() {
519         return subjectDNPatterns;
520     }
521 
522     public boolean isAppendSignatureAfterTimestamp() {
523         return appendSignatureAfterTimestamp;
524     }
525 
526     public void setAppendSignatureAfterTimestamp(boolean appendSignatureAfterTimestamp) {
527         this.appendSignatureAfterTimestamp = appendSignatureAfterTimestamp;
528     }
529 
530     public AlgorithmSuite getAlgorithmSuite() {
531         return algorithmSuite;
532     }
533 
534     public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
535         this.algorithmSuite = algorithmSuite;
536     }
537     
538     public AlgorithmSuite getSamlAlgorithmSuite() {
539         return samlAlgorithmSuite;
540     }
541 
542     public void setSamlAlgorithmSuite(AlgorithmSuite samlAlgorithmSuite) {
543         this.samlAlgorithmSuite = samlAlgorithmSuite;
544     }
545         
546 }