|
Spring Web Services Framework | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.ws.soap.security.callback.AbstractCallbackHandler org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler
public class KeyStoreCallbackHandler
Callback handler that uses Java Security KeyStore
s to handle cryptographic callbacks. Allows for
specific key stores to be set for various cryptographic operations.
KeyStoreFactoryBean
. The exact stores to be set depends on the cryptographic operations that are to be
performed by this handler. The table underneath show the key store to be used for each operation: Cryptographic operation | Key store used |
Certificate validation | first keyStore , then trustStore |
Decryption based on private key | keyStore |
Decryption based on symmetric key | symmetricStore |
Encryption based on certificate | trustStore |
Encryption based on symmetric key | symmetricStore |
Signing | keyStore |
Signature verification | trustStore |
symmetricStore
is not set, it will default to the
keyStore
. If the key or trust store is not set, this handler will use the standard Java mechanism to
load or create it. See loadDefaultKeyStore()
and loadDefaultTrustStore()
.
KeyStoreCallbackHandler
to validate incoming
certificates or signatures, you would use a trust store, like so:
<bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler"> <property name="trustStore" ref="trustStore"/> </bean> <bean id="trustStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean"> <property name="location" value="classpath:truststore.jks"/> <property name="password" value="changeit"/> </bean>If you want to use it to decrypt incoming certificates or sign outgoing messages, you would use a key store, like so:
<bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler"> <property name="keyStore" ref="keyStore"/> <property name="privateKeyPassword" value="changeit"/> </bean> <bean id="keyStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean"> <property name="location" value="classpath:keystore.jks"/> <property name="password" value="changeit"/> </bean>
CertificateValidationCallback
s,
DecryptionKeyCallback
s, EncryptionKeyCallback
s, SignatureKeyCallback
s, and
SignatureVerificationKeyCallback
s. It throws an UnsupportedCallbackException
for others.
KeyStore
,
KeyStoreFactoryBean
,
CertificateValidationCallback
,
DecryptionKeyCallback
,
EncryptionKeyCallback
,
SignatureKeyCallback
,
SignatureVerificationKeyCallback
,
The
standard Java trust store mechanismField Summary |
---|
Fields inherited from class org.springframework.ws.soap.security.callback.AbstractCallbackHandler |
---|
logger |
Constructor Summary | |
---|---|
KeyStoreCallbackHandler()
|
Method Summary | |
---|---|
void |
afterPropertiesSet()
|
protected X509Certificate |
getCertificate(PublicKey pk)
|
protected X509Certificate |
getCertificate(String alias)
|
protected X509Certificate |
getCertificateFromTrustStore(byte[] subjectKeyIdentifier)
|
protected X509Certificate |
getCertificateFromTrustStore(PublicKey pk)
|
protected X509Certificate |
getCertificateFromTrustStore(String alias)
|
protected X509Certificate |
getCertificateFromTrustStore(String issuerName,
BigInteger serialNumber)
|
protected PrivateKey |
getPrivateKey(byte[] keyIdentifier)
|
protected PrivateKey |
getPrivateKey(PublicKey publicKey)
|
protected PrivateKey |
getPrivateKey(String alias)
|
protected PrivateKey |
getPrivateKey(String issuerName,
BigInteger serialNumber)
|
protected PrivateKey |
getPrivateKey(X509Certificate certificate)
|
protected byte[] |
getSubjectKeyIdentifier(X509Certificate cert)
|
protected SecretKey |
getSymmetricKey(String alias)
|
protected void |
handleAliasPrivKeyCertRequest(com.sun.xml.wss.impl.callback.SignatureKeyCallback callback,
com.sun.xml.wss.impl.callback.SignatureKeyCallback.AliasPrivKeyCertRequest request)
Template method that handles SignatureKeyCallback s with AliasPrivKeyCertRequest s. |
protected void |
handleAliasSymmetricKeyRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback,
com.sun.xml.wss.impl.callback.DecryptionKeyCallback.AliasSymmetricKeyRequest request)
Template method that handles DecryptionKeyCallback s with AliasSymmetricKeyRequest s. |
protected void |
handleAliasSymmetricKeyRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback,
com.sun.xml.wss.impl.callback.EncryptionKeyCallback.AliasSymmetricKeyRequest request)
Template method that handles EncryptionKeyCallback s with AliasSymmetricKeyRequest s. |
protected void |
handleAliasX509CertificateRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback,
com.sun.xml.wss.impl.callback.EncryptionKeyCallback.AliasX509CertificateRequest request)
Template method that handles EncryptionKeyCallback s with AliasX509CertificateRequest s. |
protected void |
handleCertificateValidationCallback(com.sun.xml.wss.impl.callback.CertificateValidationCallback callback)
Template method that handles CertificateValidationCallback s. |
protected void |
handleDefaultPrivKeyCertRequest(com.sun.xml.wss.impl.callback.SignatureKeyCallback callback,
com.sun.xml.wss.impl.callback.SignatureKeyCallback.DefaultPrivKeyCertRequest request)
Template method that handles SignatureKeyCallback s with DefaultPrivKeyCertRequest s. |
protected void |
handleDefaultX509CertificateRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback,
com.sun.xml.wss.impl.callback.EncryptionKeyCallback.DefaultX509CertificateRequest request)
Template method that handles EncryptionKeyCallback s with DefaultX509CertificateRequest s. |
protected void |
handlePublicKeyBasedPrivKeyCertRequest(com.sun.xml.wss.impl.callback.SignatureKeyCallback callback,
com.sun.xml.wss.impl.callback.SignatureKeyCallback.PublicKeyBasedPrivKeyCertRequest request)
Template method that handles SignatureKeyCallback s with PublicKeyBasedPrivKeyCertRequest s. |
protected void |
handlePublicKeyBasedPrivKeyRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback,
com.sun.xml.wss.impl.callback.DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest request)
Template method that handles DecryptionKeyCallback s with PublicKeyBasedPrivKeyRequest s. |
protected void |
handlePublicKeyBasedRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback,
com.sun.xml.wss.impl.callback.EncryptionKeyCallback.PublicKeyBasedRequest request)
Template method that handles EncryptionKeyCallback s with PublicKeyBasedRequest s. |
protected void |
handlePublicKeyBasedRequest(com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback callback,
com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback.PublicKeyBasedRequest request)
Template method that handles SignatureKeyCallback s with PublicKeyBasedRequest s. |
protected void |
handleX509CertificateBasedRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback,
com.sun.xml.wss.impl.callback.DecryptionKeyCallback.X509CertificateBasedRequest request)
Template method that handles DecryptionKeyCallback s with X509CertificateBasedRequest s. |
protected void |
handleX509IssuerSerialBasedRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback,
com.sun.xml.wss.impl.callback.DecryptionKeyCallback.X509IssuerSerialBasedRequest request)
Template method that handles DecryptionKeyCallback s with X509IssuerSerialBasedRequest s. |
protected void |
handleX509IssuerSerialBasedRequest(com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback callback,
com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest request)
Template method that handles SignatureKeyCallback s with X509IssuerSerialBasedRequest s. |
protected void |
handleX509SubjectKeyIdentifierBasedRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback,
com.sun.xml.wss.impl.callback.DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest request)
Template method that handles DecryptionKeyCallback s with X509SubjectKeyIdentifierBasedRequest s. |
protected void |
handleX509SubjectKeyIdentifierBasedRequest(com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback callback,
com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest request)
Template method that handles SignatureKeyCallback s with PublicKeyBasedPrivKeyCertRequest s. |
protected void |
loadDefaultKeyStore()
Loads the key store indicated by system properties. |
protected void |
loadDefaultTrustStore()
Loads a default trust store. |
void |
setDefaultAlias(String defaultAlias)
Sets the key store alias for the default certificate and private key. |
void |
setKeyStore(KeyStore keyStore)
Sets the default key store. |
void |
setPrivateKeyPassword(String privateKeyPassword)
Sets the password used to retrieve private keys from the keystore. |
void |
setSymmetricKeyPassword(String symmetricKeyPassword)
Sets the password used to retrieve keys from the symmetric keystore. |
void |
setSymmetricStore(KeyStore symmetricStore)
Sets the key store used for encryption and decryption using symmetric keys. |
void |
setTrustStore(KeyStore trustStore)
Sets the key store used for signature verifications and encryptions. |
Methods inherited from class org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler |
---|
handleDecryptionKeyCallback, handleEncryptionKeyCallback, handleInternal, handlePrivateKeyRequest, handlePrivKeyCertRequest, handleSignatureKeyCallback, handleSignatureVerificationKeyCallback, handleSymmetricKeyRequest, handleSymmetricKeyRequest, handleX509CertificateRequest, handleX509CertificateRequest |
Methods inherited from class org.springframework.ws.soap.security.callback.AbstractCallbackHandler |
---|
handle |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public KeyStoreCallbackHandler()
Method Detail |
---|
public void setDefaultAlias(String defaultAlias)
public void setKeyStore(KeyStore keyStore)
KeyStoreFactoryBean
,
loadDefaultTrustStore()
public void setPrivateKeyPassword(String privateKeyPassword)
public void setSymmetricKeyPassword(String symmetricKeyPassword)
setPrivateKeyPassword(String)
public void setSymmetricStore(KeyStore symmetricStore)
keyStore
property.
KeyStoreFactoryBean
,
setKeyStore(java.security.KeyStore)
public void setTrustStore(KeyStore trustStore)
KeyStoreFactoryBean
,
loadDefaultTrustStore()
public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface InitializingBean
Exception
protected final void handleAliasPrivKeyCertRequest(com.sun.xml.wss.impl.callback.SignatureKeyCallback callback, com.sun.xml.wss.impl.callback.SignatureKeyCallback.AliasPrivKeyCertRequest request) throws IOException
CryptographyCallbackHandler
SignatureKeyCallback
s with AliasPrivKeyCertRequest
s.
Called from handlePrivKeyCertRequest()
. Default implementation throws an
UnsupportedCallbackException
.
handleAliasPrivKeyCertRequest
in class CryptographyCallbackHandler
IOException
protected final void handleAliasSymmetricKeyRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback, com.sun.xml.wss.impl.callback.DecryptionKeyCallback.AliasSymmetricKeyRequest request) throws IOException
CryptographyCallbackHandler
DecryptionKeyCallback
s with AliasSymmetricKeyRequest
s.
Called from handleSymmetricKeyRequest()
. Default implementation throws an
UnsupportedCallbackException
.
handleAliasSymmetricKeyRequest
in class CryptographyCallbackHandler
IOException
protected final void handleAliasSymmetricKeyRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback, com.sun.xml.wss.impl.callback.EncryptionKeyCallback.AliasSymmetricKeyRequest request) throws IOException
CryptographyCallbackHandler
EncryptionKeyCallback
s with AliasSymmetricKeyRequest
s.
Called from handleSymmetricKeyRequest()
. Default implementation throws an
UnsupportedCallbackException
.
handleAliasSymmetricKeyRequest
in class CryptographyCallbackHandler
IOException
protected final void handleAliasX509CertificateRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback, com.sun.xml.wss.impl.callback.EncryptionKeyCallback.AliasX509CertificateRequest request) throws IOException
CryptographyCallbackHandler
EncryptionKeyCallback
s with AliasX509CertificateRequest
s.
Called from handleX509CertificateRequest()
. Default implementation throws an
UnsupportedCallbackException
.
handleAliasX509CertificateRequest
in class CryptographyCallbackHandler
IOException
protected final void handleCertificateValidationCallback(com.sun.xml.wss.impl.callback.CertificateValidationCallback callback)
CryptographyCallbackHandler
CertificateValidationCallback
s. Called from
handleInternal()
. Default implementation throws an UnsupportedCallbackException
.
handleCertificateValidationCallback
in class CryptographyCallbackHandler
protected final void handleDefaultPrivKeyCertRequest(com.sun.xml.wss.impl.callback.SignatureKeyCallback callback, com.sun.xml.wss.impl.callback.SignatureKeyCallback.DefaultPrivKeyCertRequest request) throws IOException
CryptographyCallbackHandler
SignatureKeyCallback
s with DefaultPrivKeyCertRequest
s.
Called from handlePrivKeyCertRequest()
. Default implementation throws an
UnsupportedCallbackException
.
handleDefaultPrivKeyCertRequest
in class CryptographyCallbackHandler
IOException
protected final void handleDefaultX509CertificateRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback, com.sun.xml.wss.impl.callback.EncryptionKeyCallback.DefaultX509CertificateRequest request) throws IOException
CryptographyCallbackHandler
EncryptionKeyCallback
s with DefaultX509CertificateRequest
s.
Called from handleX509CertificateRequest()
. Default implementation throws an
UnsupportedCallbackException
.
handleDefaultX509CertificateRequest
in class CryptographyCallbackHandler
IOException
protected final void handlePublicKeyBasedPrivKeyCertRequest(com.sun.xml.wss.impl.callback.SignatureKeyCallback callback, com.sun.xml.wss.impl.callback.SignatureKeyCallback.PublicKeyBasedPrivKeyCertRequest request) throws IOException
CryptographyCallbackHandler
SignatureKeyCallback
s with PublicKeyBasedPrivKeyCertRequest
s.
Called from handlePrivKeyCertRequest()
. Default implementation throws an
UnsupportedCallbackException
.
handlePublicKeyBasedPrivKeyCertRequest
in class CryptographyCallbackHandler
IOException
protected final void handlePublicKeyBasedPrivKeyRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback, com.sun.xml.wss.impl.callback.DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest request) throws IOException
CryptographyCallbackHandler
DecryptionKeyCallback
s with PublicKeyBasedPrivKeyRequest
s.
Called from handlePrivateKeyRequest()
. Default implementation throws an
UnsupportedCallbackException
.
handlePublicKeyBasedPrivKeyRequest
in class CryptographyCallbackHandler
IOException
protected final void handlePublicKeyBasedRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback, com.sun.xml.wss.impl.callback.EncryptionKeyCallback.PublicKeyBasedRequest request) throws IOException
CryptographyCallbackHandler
EncryptionKeyCallback
s with PublicKeyBasedRequest
s. Called
from handleX509CertificateRequest()
. Default implementation throws an
UnsupportedCallbackException
.
handlePublicKeyBasedRequest
in class CryptographyCallbackHandler
IOException
protected final void handlePublicKeyBasedRequest(com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback callback, com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback.PublicKeyBasedRequest request) throws IOException
CryptographyCallbackHandler
SignatureKeyCallback
s with PublicKeyBasedRequest
s. Called
from handlePrivKeyCertRequest()
. Default implementation throws an
UnsupportedCallbackException
.
handlePublicKeyBasedRequest
in class CryptographyCallbackHandler
IOException
protected final void handleX509CertificateBasedRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback, com.sun.xml.wss.impl.callback.DecryptionKeyCallback.X509CertificateBasedRequest request) throws IOException
CryptographyCallbackHandler
DecryptionKeyCallback
s with X509CertificateBasedRequest
s.
Called from handlePrivateKeyRequest()
. Default implementation throws an
UnsupportedCallbackException
.
handleX509CertificateBasedRequest
in class CryptographyCallbackHandler
IOException
protected final void handleX509IssuerSerialBasedRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback, com.sun.xml.wss.impl.callback.DecryptionKeyCallback.X509IssuerSerialBasedRequest request) throws IOException
CryptographyCallbackHandler
DecryptionKeyCallback
s with X509IssuerSerialBasedRequest
s.
Called from handlePrivateKeyRequest()
. Default implementation throws an
UnsupportedCallbackException
.
handleX509IssuerSerialBasedRequest
in class CryptographyCallbackHandler
IOException
protected final void handleX509IssuerSerialBasedRequest(com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback callback, com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest request) throws IOException
CryptographyCallbackHandler
SignatureKeyCallback
s with X509IssuerSerialBasedRequest
s.
Called from handlePrivKeyCertRequest()
. Default implementation throws an
UnsupportedCallbackException
.
handleX509IssuerSerialBasedRequest
in class CryptographyCallbackHandler
IOException
protected final void handleX509SubjectKeyIdentifierBasedRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback, com.sun.xml.wss.impl.callback.DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest request) throws IOException
CryptographyCallbackHandler
DecryptionKeyCallback
s with X509SubjectKeyIdentifierBasedRequest
s.
Called from handlePrivateKeyRequest()
. Default implementation throws an
UnsupportedCallbackException
.
handleX509SubjectKeyIdentifierBasedRequest
in class CryptographyCallbackHandler
IOException
protected final void handleX509SubjectKeyIdentifierBasedRequest(com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback callback, com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest request) throws IOException
CryptographyCallbackHandler
SignatureKeyCallback
s with PublicKeyBasedPrivKeyCertRequest
s.
Called from handlePrivKeyCertRequest()
. Default implementation throws an
UnsupportedCallbackException
.
handleX509SubjectKeyIdentifierBasedRequest
in class CryptographyCallbackHandler
IOException
protected X509Certificate getCertificate(String alias) throws IOException
IOException
protected X509Certificate getCertificate(PublicKey pk) throws IOException
IOException
protected X509Certificate getCertificateFromTrustStore(String alias) throws IOException
IOException
protected X509Certificate getCertificateFromTrustStore(byte[] subjectKeyIdentifier) throws IOException
IOException
protected X509Certificate getCertificateFromTrustStore(PublicKey pk) throws IOException
IOException
protected X509Certificate getCertificateFromTrustStore(String issuerName, BigInteger serialNumber) throws IOException
IOException
protected PrivateKey getPrivateKey(String alias) throws IOException
IOException
protected PrivateKey getPrivateKey(PublicKey publicKey) throws IOException
IOException
protected PrivateKey getPrivateKey(X509Certificate certificate) throws IOException
IOException
protected PrivateKey getPrivateKey(byte[] keyIdentifier) throws IOException
IOException
protected PrivateKey getPrivateKey(String issuerName, BigInteger serialNumber) throws IOException
IOException
protected final byte[] getSubjectKeyIdentifier(X509Certificate cert)
protected SecretKey getSymmetricKey(String alias) throws IOException
IOException
protected void loadDefaultKeyStore()
KeyStoreUtils.loadDefaultKeyStore()
.
protected void loadDefaultTrustStore()
KeyStoreUtils.loadDefaultTrustStore()
.
|
Spring Web Services Framework | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |