RequestData xref

View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.ws.security.handler;
21  
22  import java.security.cert.X509Certificate;
23  import java.util.ArrayList;
24  import java.util.Collection;
25  import java.util.List;
26  import java.util.regex.Pattern;
27  
28  import javax.security.auth.callback.CallbackHandler;
29  import javax.xml.namespace.QName;
30  
31  import org.apache.ws.security.SOAPConstants;
32  import org.apache.ws.security.WSConstants;
33  import org.apache.ws.security.WSEncryptionPart;
34  import org.apache.ws.security.WSSConfig;
35  import org.apache.ws.security.WSSecurityException;
36  import org.apache.ws.security.cache.ReplayCache;
37  import org.apache.ws.security.components.crypto.AlgorithmSuite;
38  import org.apache.ws.security.components.crypto.Crypto;
39  import org.apache.ws.security.message.WSSecHeader;
40  import org.apache.ws.security.message.token.UsernameToken;
41  import org.apache.ws.security.validate.Validator;
42  
43  /**
44   * This class holds per request data.
45   *
46   * @author Werner Dittmann (Werner.Dittmann@t-online.de)
47   */
48  public class RequestData {
49      
50      private Object msgContext = null;
51      private boolean noSerialization = false;
52      private SOAPConstants soapConstants = null;
53      private String actor = null;
54      private String username = null;
55      private String pwType = WSConstants.PASSWORD_DIGEST; // Make this the default when no password type is given.
56      private String[] utElements = null;
57      private Crypto sigCrypto = null;
58      private Crypto decCrypto = null;
59      private int sigKeyId = 0;
60      private String sigAlgorithm = null;
61      private String signatureDigestAlgorithm = null;
62      private String encryptionDigestAlgorithm = null;
63      private List<WSEncryptionPart> signatureParts = new ArrayList<WSEncryptionPart>();
64      private Crypto encCrypto = null;
65      private int encKeyId = 0;
66      private String encSymmAlgo = null;
67      private String encKeyTransport = null;
68      private String encUser = null;
69      private String signatureUser = null;
70      private List<WSEncryptionPart> encryptParts = new ArrayList<WSEncryptionPart>();
71      private X509Certificate encCert = null;
72      private int timeToLive = 300;   // Timestamp: time in seconds between creation and expiry
73      private WSSConfig wssConfig = null;
74      private List<byte[]> signatureValues = new ArrayList<byte[]>();
75      private WSSecHeader secHeader = null;
76      private boolean encSymmetricEncryptionKey = true;
77      private int secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
78      private boolean useDerivedKey = true;
79      private int derivedKeyIterations = UsernameToken.DEFAULT_ITERATION;
80      private boolean useDerivedKeyForMAC = true;
81      private boolean useSingleCert = true;
82      private CallbackHandler callback = null;
83      private boolean enableRevocation = false;
84      protected boolean requireSignedEncryptedDataElements = false;
85      private ReplayCache timestampReplayCache;
86      private ReplayCache nonceReplayCache;
87      private Collection<Pattern> subjectDNPatterns = new ArrayList<Pattern>();
88      private boolean appendSignatureAfterTimestamp;
89      private int originalSignatureActionPosition;
90      private AlgorithmSuite algorithmSuite;
91      private AlgorithmSuite samlAlgorithmSuite;
92  
93      public void clear() {
94          soapConstants = null;
95          actor = username = pwType = sigAlgorithm = encSymmAlgo = encKeyTransport = encUser = null;
96          sigCrypto = decCrypto = encCrypto = null;
97          signatureParts.clear();
98          encryptParts.clear();
99          encCert = null;
100         utElements = null;
101         wssConfig = null;
102         signatureValues.clear();
103         signatureDigestAlgorithm = null;
104         encryptionDigestAlgorithm = null;
105         encSymmetricEncryptionKey = true;
106         secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
107         signatureUser = null;
108         useDerivedKey = true;
109         derivedKeyIterations = UsernameToken.DEFAULT_ITERATION;
110         useDerivedKeyForMAC = true;
111         useSingleCert = true;
112         callback = null;
113         enableRevocation = false;
114         timestampReplayCache = null;
115         nonceReplayCache = null;
116         subjectDNPatterns.clear();
117         appendSignatureAfterTimestamp = false;
118         algorithmSuite = null;
119         samlAlgorithmSuite = null;
120         setOriginalSignatureActionPosition(0);
121     }
122 
123     public Object getMsgContext() {
124         return msgContext;
125     }
126 
127     public void setMsgContext(Object msgContext) {
128         this.msgContext = msgContext;
129     }
130 
131     public boolean isNoSerialization() {
132         return noSerialization;
133     }
134 
135     public void setNoSerialization(boolean noSerialization) {
136         this.noSerialization = noSerialization;
137     }
138 
139     public SOAPConstants getSoapConstants() {
140         return soapConstants;
141     }
142 
143     public void setSoapConstants(SOAPConstants soapConstants) {
144         this.soapConstants = soapConstants;
145     }
146 
147     public String getActor() {
148         return actor;
149     }
150 
151     public void setActor(String actor) {
152         this.actor = actor;
153     }
154     
155     public void setSecretKeyLength(int length) {
156         secretKeyLength = length;
157     }
158     
159     public int getSecretKeyLength() {
160         return secretKeyLength;
161     }
162 
163     public String getUsername() {
164         return username;
165     }
166 
167     public void setUsername(String username) {
168         this.username = username;
169     }
170     
171     public void setEncryptSymmetricEncryptionKey(boolean encrypt) {
172         encSymmetricEncryptionKey = encrypt;
173     }
174     
175     public boolean getEncryptSymmetricEncryptionKey() {
176         return encSymmetricEncryptionKey;
177     }
178 
179     public String getPwType() {
180         return pwType;
181     }
182 
183     public void setPwType(String pwType) {
184         this.pwType = pwType;
185     }
186 
187     public String[] getUtElements() {
188         return utElements;
189     }
190 
191     public void setUtElements(String[] utElements) {
192         this.utElements = utElements;
193     }
194 
195     public Crypto getSigCrypto() {
196         return sigCrypto;
197     }
198 
199     public void setSigCrypto(Crypto sigCrypto) {
200         this.sigCrypto = sigCrypto;
201     }
202 
203     public Crypto getDecCrypto() {
204         return decCrypto;
205     }
206 
207     public void setDecCrypto(Crypto decCrypto) {
208         this.decCrypto = decCrypto;
209     }
210 
211     public int getSigKeyId() {
212         return sigKeyId;
213     }
214 
215     public void setSigKeyId(int sigKeyId) {
216         this.sigKeyId = sigKeyId;
217     }
218 
219     public String getSigAlgorithm() {
220         return sigAlgorithm;
221     }
222 
223     public void setSigAlgorithm(String sigAlgorithm) {
224         this.sigAlgorithm = sigAlgorithm;
225     }
226     
227     public String getSigDigestAlgorithm() {
228         return signatureDigestAlgorithm;
229     }
230 
231     public void setSigDigestAlgorithm(String sigDigestAlgorithm) {
232         this.signatureDigestAlgorithm = sigDigestAlgorithm;
233     }
234     
235     public String getEncDigestAlgorithm() {
236         return encryptionDigestAlgorithm;
237     }
238 
239     public void setEncDigestAlgorithm(String encDigestAlgorithm) {
240         this.encryptionDigestAlgorithm = encDigestAlgorithm;
241     }
242 
243     public List<WSEncryptionPart> getSignatureParts() {
244         return signatureParts;
245     }
246     
247     public String getSignatureUser() {
248         return signatureUser;
249     }
250 
251     public void setSignatureUser(String signatureUser) {
252         this.signatureUser = signatureUser;
253     }
254 
255     public Crypto getEncCrypto() {
256         return encCrypto;
257     }
258 
259     public void setEncCrypto(Crypto encCrypto) {
260         this.encCrypto = encCrypto;
261     }
262 
263     public int getEncKeyId() {
264         return encKeyId;
265     }
266 
267     public void setEncKeyId(int encKeyId) {
268         this.encKeyId = encKeyId;
269     }
270 
271     public String getEncSymmAlgo() {
272         return encSymmAlgo;
273     }
274 
275     public void setEncSymmAlgo(String encSymmAlgo) {
276         this.encSymmAlgo = encSymmAlgo;
277     }
278 
279     public String getEncKeyTransport() {
280         return encKeyTransport;
281     }
282 
283     public void setEncKeyTransport(String encKeyTransport) {
284         this.encKeyTransport = encKeyTransport;
285     }
286 
287     public String getEncUser() {
288         return encUser;
289     }
290 
291     public void setEncUser(String encUser) {
292         this.encUser = encUser;
293     }
294 
295     public List<WSEncryptionPart> getEncryptParts() {
296         return encryptParts;
297     }
298 
299     public X509Certificate getEncCert() {
300         return encCert;
301     }
302 
303     public void setEncCert(X509Certificate encCert) {
304         this.encCert = encCert;
305     }
306 
307     public int getTimeToLive() {
308         return timeToLive;
309     }
310 
311     public void setTimeToLive(int timeToLive) {
312         this.timeToLive = timeToLive;
313     }
314 
315     /**
316      * @return Returns the wssConfig.
317      */
318     public WSSConfig getWssConfig() {
319         return wssConfig;
320     }
321 
322     /**
323      * @param wssConfig The wssConfig to set.
324      */
325     public void setWssConfig(WSSConfig wssConfig) {
326         this.wssConfig = wssConfig;
327     }
328     
329     /**
330      * @return Returns the list of stored signature values.
331      */
332     public List<byte[]> getSignatureValues() {
333         return signatureValues;
334     }
335 
336     /**
337      * @return Returns the secHeader.
338      */
339     public WSSecHeader getSecHeader() {
340         return secHeader;
341     }
342 
343     /**
344      * @param secHeader The secHeader to set.
345      */
346     public void setSecHeader(WSSecHeader secHeader) {
347         this.secHeader = secHeader;
348     }
349     
350     /**
351      * @param derivedKey Set whether to derive keys as per the 
352      *        UsernameTokenProfile 1.1 spec. Default is true.
353      */
354     public void setUseDerivedKey(boolean derivedKey) {
355         useDerivedKey = derivedKey;
356     }
357     
358     /**
359      * Return whether to derive keys as per the UsernameTokenProfile 
360      * 1.1 spec. Default is true.
361      */
362     public boolean isUseDerivedKey() {
363         return useDerivedKey;
364     }
365     
366     /**
367      * Set the derived key iterations. Default is 1000.
368      * @param iterations The number of iterations to use when deriving a key
369      */
370     public void setDerivedKeyIterations(int iterations) {
371         derivedKeyIterations = iterations;
372     }
373     
374     /**
375      * Get the derived key iterations.
376      * @return The number of iterations to use when deriving a key
377      */
378     public int getDerivedKeyIterations() {
379         return derivedKeyIterations;
380     }
381     
382     /**
383      * Whether to use the derived key for a MAC.
384      * @param useMac Whether to use the derived key for a MAC.
385      */
386     public void setUseDerivedKeyForMAC(boolean useMac) {
387         useDerivedKeyForMAC = useMac;
388     }
389     
390     /**
391      * Whether to use the derived key for a MAC.
392      * @return Whether to use the derived key for a MAC.
393      */
394     public boolean isUseDerivedKeyForMAC() {
395         return useDerivedKeyForMAC;
396     }
397     
398     /**
399      * Whether to use a single certificate or a whole certificate chain when
400      * constructing a BinarySecurityToken used for direct reference in Signature.
401      * @param useSingleCert true if only to use a single certificate
402      */
403     public void setUseSingleCert(boolean useSingleCert) {
404         this.useSingleCert = useSingleCert;
405     }
406     
407     /**
408      * Whether to use a single certificate or a whole certificate chain when
409      * constructing a BinarySecurityToken used for direct reference in Signature.
410      * @return whether to use a single certificate
411      */
412     public boolean isUseSingleCert() {
413         return useSingleCert;
414     }
415 
416     /**
417      * Set whether to enable CRL checking or not when verifying trust in a certificate.
418      * @param enableRevocation whether to enable CRL checking 
419      */
420     public void setEnableRevocation(boolean enableRevocation) {
421         this.enableRevocation = enableRevocation;
422     }
423     
424     /**
425      * Get whether to enable CRL checking or not when verifying trust in a certificate.
426      * @return whether to enable CRL checking
427      */
428     public boolean isRevocationEnabled() {
429         return enableRevocation;
430     }
431     
432     /**
433      * @return whether EncryptedData elements are required to be signed
434      */
435     public boolean isRequireSignedEncryptedDataElements() {
436         return requireSignedEncryptedDataElements;
437     }
438 
439     /**
440      * Configure the engine to verify that EncryptedData elements
441      * are in a signed subtree of the document. This can be used to
442      * prevent some wrapping based attacks when encrypt-before-sign
443      * token protection is selected.
444      *  
445      * @param requireSignedEncryptedDataElements
446      */
447     public void setRequireSignedEncryptedDataElements(boolean requireSignedEncryptedDataElements) {
448         this.requireSignedEncryptedDataElements = requireSignedEncryptedDataElements;
449     }
450     
451     /**
452      * Sets the CallbackHandler used for this request
453      * @param cb
454      */
455     public void setCallbackHandler(CallbackHandler cb) { 
456         callback = cb;
457     }
458     
459     /**
460      * Returns the CallbackHandler used for this request.
461      * @return the CallbackHandler used for this request.
462      */
463     public CallbackHandler getCallbackHandler() {
464         return callback;
465     }
466 
467     /**
468      * Get the Validator instance corresponding to the QName
469      * @param qName the QName with which to find a Validator instance
470      * @return the Validator instance corresponding to the QName
471      * @throws WSSecurityException
472      */
473     public Validator getValidator(QName qName) throws WSSecurityException {
474         if (wssConfig != null)  {
475             return wssConfig.getValidator(qName);
476         }
477         return null;
478     }
479     
480     /**
481      * Set the replay cache for Timestamps
482      */
483     public void setTimestampReplayCache(ReplayCache newCache) {
484         timestampReplayCache = newCache;
485     }
486 
487     /**
488      * Get the replay cache for Timestamps
489      */
490     public ReplayCache getTimestampReplayCache() {
491         return timestampReplayCache;
492     }
493     
494     /**
495      * Set the replay cache for Nonces
496      */
497     public void setNonceReplayCache(ReplayCache newCache) {
498         nonceReplayCache = newCache;
499     }
500 
501     /**
502      * Get the replay cache for Nonces
503      */
504     public ReplayCache getNonceReplayCache() {
505         return nonceReplayCache;
506     }
507     
508     /**
509      * Set the Signature Subject Cert Constraints
510      */
511     public void setSubjectCertConstraints(Collection<Pattern> subjectCertConstraints) {
512         if (subjectCertConstraints != null) {
513             subjectDNPatterns.addAll(subjectCertConstraints);
514         }
515     }
516     
517     /**
518      * Get the Signature Subject Cert Constraints
519      */
520     public Collection<Pattern> getSubjectCertConstraints() {
521         return subjectDNPatterns;
522     }
523 
524     public boolean isAppendSignatureAfterTimestamp() {
525         return appendSignatureAfterTimestamp;
526     }
527 
528     public void setAppendSignatureAfterTimestamp(boolean appendSignatureAfterTimestamp) {
529         this.appendSignatureAfterTimestamp = appendSignatureAfterTimestamp;
530     }
531 
532     public AlgorithmSuite getAlgorithmSuite() {
533         return algorithmSuite;
534     }
535 
536     public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
537         this.algorithmSuite = algorithmSuite;
538     }
539     
540     public AlgorithmSuite getSamlAlgorithmSuite() {
541         return samlAlgorithmSuite;
542     }
543 
544     public void setSamlAlgorithmSuite(AlgorithmSuite samlAlgorithmSuite) {
545         this.samlAlgorithmSuite = samlAlgorithmSuite;
546     }
547 
548     public int getOriginalSignatureActionPosition() {
549         return originalSignatureActionPosition;
550     }
551 
552     public void setOriginalSignatureActionPosition(int originalSignatureActionPosition) {
553         this.originalSignatureActionPosition = originalSignatureActionPosition;
554     }
555         
556 }