View Javadoc

1   /*
2    * Copyright 2005-2012 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.wss4j.callback;
18  
19  import java.io.IOException;
20  import java.security.GeneralSecurityException;
21  import java.security.Key;
22  import java.security.KeyStore;
23  import javax.crypto.SecretKey;
24  import javax.security.auth.callback.UnsupportedCallbackException;
25  
26  import org.springframework.beans.factory.InitializingBean;
27  import org.springframework.ws.soap.security.support.KeyStoreUtils;
28  
29  import org.apache.ws.security.WSPasswordCallback;
30  
31  /**
32   * Callback handler that uses Java Security <code>KeyStore</code>s to handle cryptographic callbacks. Allows for
33   * specific key stores to be set for various cryptographic operations.
34   *
35   * @author Tareq Abed Rabbo
36   * @author Arjen Poutsma
37   * @see org.springframework.ws.soap.security.support.KeyStoreFactoryBean
38   * @since 1.5.0
39   */
40  public class KeyStoreCallbackHandler extends AbstractWsPasswordCallbackHandler implements InitializingBean {
41  
42      private String privateKeyPassword;
43  
44      private char[] symmetricKeyPassword;
45  
46      private KeyStore keyStore;
47  
48      /** Sets the key store to use if a symmetric key name is embedded. */
49      public void setKeyStore(KeyStore keyStore) {
50          this.keyStore = keyStore;
51      }
52  
53      /**
54       * Sets the password used to retrieve private keys from the keystore. This property is required for decryption based
55       * on private keys, and signing.
56       */
57      public void setPrivateKeyPassword(String privateKeyPassword) {
58          if (privateKeyPassword != null) {
59              this.privateKeyPassword = privateKeyPassword;
60          }
61      }
62  
63      /**
64       * Sets the password used to retrieve keys from the symmetric keystore. If this property is not set, it defaults to
65       * the private key password.
66       *
67       * @see #setPrivateKeyPassword(String)
68       */
69      public void setSymmetricKeyPassword(String symmetricKeyPassword) {
70          if (symmetricKeyPassword != null) {
71              this.symmetricKeyPassword = symmetricKeyPassword.toCharArray();
72          }
73      }
74  
75      public void afterPropertiesSet() throws Exception {
76          if (keyStore == null) {
77              loadDefaultKeyStore();
78          }
79          if (symmetricKeyPassword == null) {
80              symmetricKeyPassword = privateKeyPassword.toCharArray();
81          }
82      }
83  
84      @Override
85      protected void handleDecrypt(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
86          callback.setPassword(privateKeyPassword);
87      }
88  
89  
90      @Override
91      protected void handleSecretKey(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
92          try {
93              String identifier = callback.getIdentifier();
94              Key key = keyStore.getKey(identifier, symmetricKeyPassword);
95              if (key instanceof SecretKey) {
96                  callback.setKey(key.getEncoded());
97              }
98              else {
99                  logger.error("Key [" + key + "] is not a javax.crypto.SecretKey");
100             }
101         }
102         catch (GeneralSecurityException ex) {
103             logger.error("Could not obtain symmetric key", ex);
104         }
105     }
106 
107     /** Loads the key store indicated by system properties. Delegates to {@link KeyStoreUtils#loadDefaultKeyStore()}. */
108     protected void loadDefaultKeyStore() {
109         try {
110             keyStore = KeyStoreUtils.loadDefaultKeyStore();
111             if (logger.isDebugEnabled()) {
112                 logger.debug("Loaded default key store");
113             }
114         }
115         catch (Exception ex) {
116             logger.warn("Could not open default key store", ex);
117         }
118     }
119 
120 }