1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.ws.soap.security.xwss.callback.jaas;
18
19 import java.security.cert.X509Certificate;
20 import javax.security.auth.Subject;
21 import javax.security.auth.callback.Callback;
22 import javax.security.auth.callback.UnsupportedCallbackException;
23 import javax.security.auth.login.LoginContext;
24 import javax.security.auth.login.LoginException;
25
26 import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
27
28
29
30
31
32
33
34
35
36
37
38
39
40 public class JaasCertificateValidationCallbackHandler extends AbstractJaasValidationCallbackHandler {
41
42
43
44
45
46
47
48 @Override
49 protected final void handleInternal(Callback callback) throws UnsupportedCallbackException {
50 if (callback instanceof CertificateValidationCallback) {
51 ((CertificateValidationCallback) callback).setValidator(new JaasCertificateValidator());
52 }
53 else {
54 throw new UnsupportedCallbackException(callback);
55 }
56 }
57
58 private class JaasCertificateValidator implements CertificateValidationCallback.CertificateValidator {
59
60 public boolean validate(X509Certificate certificate)
61 throws CertificateValidationCallback.CertificateValidationException {
62 Subject subject = new Subject();
63 subject.getPrincipals().add(certificate.getSubjectX500Principal());
64 LoginContext loginContext;
65 try {
66 loginContext = new LoginContext(getLoginContextName(), subject);
67 }
68 catch (LoginException ex) {
69 throw new CertificateValidationCallback.CertificateValidationException(ex);
70 }
71 catch (SecurityException ex) {
72 throw new CertificateValidationCallback.CertificateValidationException(ex);
73 }
74
75 try {
76 loginContext.login();
77 Subject subj = loginContext.getSubject();
78 if (!subj.getPrincipals().isEmpty()) {
79 if (logger.isDebugEnabled()) {
80 logger.debug("Authentication request for certificate with DN [" +
81 certificate.getSubjectX500Principal().getName() + "] successful");
82 }
83 return true;
84 }
85 else {
86 if (logger.isDebugEnabled()) {
87 logger.debug("Authentication request for certificate with DN [" +
88 certificate.getSubjectX500Principal().getName() + "] failed");
89 }
90 return false;
91 }
92 }
93 catch (LoginException ex) {
94 if (logger.isDebugEnabled()) {
95 logger.debug("Authentication request for certificate with DN [" +
96 certificate.getSubjectX500Principal().getName() + "] failed");
97 }
98 return false;
99 }
100 }
101 }
102 }