View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.common.ext;
21  
22  import java.security.Key;
23  
24  import org.w3c.dom.Element;
25  
26  import javax.security.auth.callback.Callback;
27  
28  /**
29   * Simple class to provide a password callback mechanism.
30   * <p/>
31   * It uses the JAAS authentication mechanisms and callback methods.
32   * In addition to the identifier (user name) this class also provides
33   * information what type of information the callback <code>handle</code>
34   * method shall provide.
35   * <p/>
36   * The <code> WSPasswordCallback</code> class defines the following usage
37   * codes:
38   * <ul>
39   * <li><code>UNKNOWN</code> - an unknown usage. Never used by the WSS4J
40   * implementation and shall be treated as an error by the <code>handle
41   * </code> method.</li>
42   * <li><code>DECRYPT</code> - need a password to get the private key of
43   * this identifier (username) from the keystore. WSS4J uses this private
44   * key to decrypt the session (symmetric) key. Because the encryption
45   * method uses the public key to encrypt the session key it needs no
46   * password (a public key is usually not protected by a password).</li>
47   * <li><code>USERNAME_TOKEN</code> - need the password to fill in or to
48   * verify a <code>UsernameToken</code>.</li>
49   * <li><code>SIGNATURE</code> - need the password to get the private key of
50   * this identifier (username) from the keystore. WSS4J uses this private
51   * key to produce a signature. The signature verification uses the public
52   * key to verify the signature.</li>
53   * <li><code>SECURITY_CONTEXT_TOKEN</code> - need the key to to be associated
54   * with a <code>wsc:SecurityContextToken</code>.</li>
55   * <li><code>PASSWORD_ENCRYPTOR_PASSWORD</code> - return the password used with a
56   * PasswordEncryptor implementation to decrypt encrypted passwords stored in
57   * Crypto properties files</li>
58   * </ul>
59   */
60  
61  public class WSPasswordCallback implements Callback {
62  
63      /**
64       * An unknown usage. Never used by the WSS4J implementation and should be treated
65       * as an error.
66       */
67      public static final int UNKNOWN = 0;
68  
69      /**
70       * DECRYPT usage is used when the calling code needs a password to get the private key of
71       * this identifier (alias) from a keystore. This is only used for the inbound case of
72       * decrypting a session (symmetric) key, and not for the case of getting a private key to
73       * sign the message. The CallbackHandler must set the password via the setPassword(String)
74       * method.
75       */
76      public static final int DECRYPT = 1;
77  
78      /**
79       * USERNAME_TOKEN usage is used to obtain a password for either creating a Username Token,
80       * or for validating it. It is also used for the case of deriving a key from a Username Token.
81       * The CallbackHandler must set the password via the setPassword(String) method.
82       */
83      public static final int USERNAME_TOKEN = 2;
84  
85      /**
86       * SIGNATURE usage is used on the outbound side only, to get a password to get the private
87       * key of this identifier (alias) from a keystore. The CallbackHandler must set the password
88       * via the setPassword(String) method.
89       */
90      public static final int SIGNATURE = 3;
91  
92      /**
93       * SECURITY_CONTEXT_TOKEN usage is for the case of when we want the CallbackHandler to
94       * supply the key associated with a SecurityContextToken. The CallbackHandler must set
95       * the key via the setKey(byte[]) method.
96       */
97      public static final int SECURITY_CONTEXT_TOKEN = 6;
98  
99      /**
100      * CUSTOM_TOKEN usage is used for the case that we want the CallbackHandler to supply a
101      * token as a DOM Element. For example, this is used for the case of a reference to a
102      * SAML Assertion or Security Context Token that is not in the message. The CallbackHandler
103      * must set the token via the setCustomToken(Element) method.
104      */
105     public static final int CUSTOM_TOKEN = 7;
106 
107     /**
108      * SECRET_KEY usage is used for the case that we want to obtain a secret key for encryption
109      * or signature on the outbound side, or for decryption or verification on the inbound side.
110      * The CallbackHandler must set the key via the setKey(byte[]) method.
111      */
112     public static final int SECRET_KEY = 9;
113 
114     /**
115      * PASSWORD_ENCRYPTOR_PASSWORD usage is used to return the password used with a PasswordEncryptor
116      * implementation to decrypt encrypted passwords stored in Crypto properties files
117      */
118     public static final int PASSWORD_ENCRYPTOR_PASSWORD = 10;
119 
120     private String identifier;
121     private String password;
122     private byte[] secret;
123     private Key key;
124     private int usage;
125     private String type;
126     private Element customToken;
127     private String algorithm;
128     private Element keyInfoReference;
129 
130     /**
131      * Constructor.
132      *
133      * @param id The application called back must supply the password for
134      *           this identifier.
135      */
136     public WSPasswordCallback(String id, int usage) {
137         this(id, null, null, usage);
138     }
139 
140     /**
141      * Constructor.
142      *
143      * @param id The application called back must supply the password for
144      *           this identifier.
145      */
146     public WSPasswordCallback(String id, String pw, String type, int usage) {
147         identifier = id;
148         password = pw;
149         this.type = type;
150         this.usage = usage;
151     }
152 
153     /**
154      * Get the identifier.
155      * <p/>
156      *
157      * @return The identifier
158      */
159     public String getIdentifier() {
160         return identifier;
161     }
162 
163     /**
164      * Set the identifier
165      * @param ident The identity.
166      */
167     public void setIdentifier(String ident) {
168         this.identifier = ident;
169     }
170 
171     /**
172      * Set the password.
173      * <p/>
174      *
175      * @param passwd is the password associated to the identifier
176      */
177     public void setPassword(String passwd) {
178         password = passwd;
179     }
180 
181     /**
182      * Get the password.
183      * <p/>
184      *
185      * @return The password
186      */
187     public String getPassword() {
188         return password;
189     }
190 
191     /**
192      * Set the Key.
193      * <p/>
194      *
195      * @param secret
196      */
197     public void setKey(byte[] secret) {
198         this.secret = secret;
199     }
200 
201     public void setKey(Key key) {
202         this.key = key;
203     }
204 
205     /**
206      * Get the key.
207      * <p/>
208      *
209      * @return The key
210      */
211     public byte[] getKey() {
212         return this.secret;
213     }
214 
215     public Key getKeyObject() {
216         return key;
217     }
218 
219     /**
220      * Get the usage.
221      * <p/>
222      *
223      * @return The usage for this callback
224      */
225     public int getUsage() {
226         return usage;
227     }
228 
229     /**
230      * @return Returns the type.
231      */
232     public String getType() {
233         return type;
234     }
235 
236     /**
237      *
238      * @return the custom token
239      */
240     public Element getCustomToken() {
241         return customToken;
242     }
243 
244     /**
245      * Set the custom token
246      * @param customToken
247      */
248     public void setCustomToken(Element customToken) {
249         this.customToken = customToken;
250     }
251 
252     /**
253      * Get the algorithm to be used. For example, a different secret key might be returned depending
254      * on the algorithm.
255      */
256     public String getAlgorithm() {
257         return algorithm;
258     }
259 
260     /**
261      * Specify an algorithm to be used. For example, a different secret key might be returned depending
262      * on the algorithm.
263      */
264     public void setAlgorithm(String algorithm) {
265         this.algorithm = algorithm;
266     }
267 
268     public Element getKeyInfoReference() {
269         return keyInfoReference;
270     }
271 
272     /**
273      * This allows the CallbackHandler to specify a custom Element used to reference the
274      * key (if for example SECRET_KEY is the usage of the callback)
275      * @param keyInfoReference
276      */
277     public void setKeyInfoReference(Element keyInfoReference) {
278         this.keyInfoReference = keyInfoReference;
279     }
280 
281 
282 }