View Javadoc

1   /*
2    * Copyright 2005-2012 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.wss4j.callback;
18  
19  import java.io.IOException;
20  import javax.security.auth.callback.Callback;
21  import javax.security.auth.callback.UnsupportedCallbackException;
22  
23  import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
24  import org.springframework.ws.soap.security.callback.CleanupCallback;
25  
26  import org.apache.ws.security.WSPasswordCallback;
27  
28  /**
29   * Abstract base class for {@link javax.security.auth.callback.CallbackHandler} implementations that handle {@link
30   * WSPasswordCallback} callbacks.
31   *
32   * @author Arjen Poutsma
33   * @since 1.5.0
34   */
35  public abstract class AbstractWsPasswordCallbackHandler extends AbstractCallbackHandler {
36  
37      /**
38       * Handles {@link WSPasswordCallback} callbacks. Inspects the callback {@link WSPasswordCallback#getUsage() usage}
39       * code, and calls the various <code>handle*</code> template methods.
40       *
41       * @param callback the callback
42       * @throws IOException                  in case of I/O errors
43       * @throws UnsupportedCallbackException when the callback is not supported
44       */
45      @Override
46      protected final void handleInternal(Callback callback) throws IOException, UnsupportedCallbackException {
47          if (callback instanceof WSPasswordCallback) {
48              WSPasswordCallback passwordCallback = (WSPasswordCallback) callback;
49              switch (passwordCallback.getUsage()) {
50                  case WSPasswordCallback.DECRYPT:
51                      handleDecrypt(passwordCallback);
52                      break;
53                  case WSPasswordCallback.USERNAME_TOKEN:
54                      handleUsernameToken(passwordCallback);
55                      break;
56                  case WSPasswordCallback.SIGNATURE:
57                      handleSignature(passwordCallback);
58                      break;
59                  case WSPasswordCallback.SECURITY_CONTEXT_TOKEN:
60                      handleSecurityContextToken(passwordCallback);
61                      break;
62                  case WSPasswordCallback.CUSTOM_TOKEN:
63                      handleCustomToken(passwordCallback);
64                      break;
65                  case WSPasswordCallback.SECRET_KEY:
66                      handleSecretKey(passwordCallback);
67                      break;
68                  default:
69                      throw new UnsupportedCallbackException(callback,
70                              "Unknown usage [" + passwordCallback.getUsage() + "]");
71              }
72          }
73          else if (callback instanceof CleanupCallback) {
74              handleCleanup((CleanupCallback) callback);
75          }
76          else if (callback instanceof UsernameTokenPrincipalCallback) {
77              handleUsernameTokenPrincipal((UsernameTokenPrincipalCallback) callback);
78          }
79          else {
80              throw new UnsupportedCallbackException(callback);
81          }
82      }
83  
84      /**
85       * Invoked when the callback has a {@link WSPasswordCallback#DECRYPT} usage.
86       * <p/>
87       * This method is invoked when WSS4J needs a password to get the private key of the {@link
88       * WSPasswordCallback#getIdentifier() identifier} (username) from the keystore. WSS4J uses this private key to
89       * decrypt the session (symmetric) key. Because the encryption method uses the public key to encrypt the session key
90       * it needs no password (a public key is usually not protected by a password).
91       * <p/>
92       * Default implementation throws an {@link UnsupportedCallbackException}.
93       */
94      protected void handleDecrypt(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
95          throw new UnsupportedCallbackException(callback);
96      }
97  
98      /**
99       * Invoked when the callback has a {@link WSPasswordCallback#USERNAME_TOKEN} usage.
100      * <p/>
101      * This method is invoked when WSS4J needs the password to fill in or to verify a UsernameToken.
102      * <p/>
103      * Default implementation throws an {@link UnsupportedCallbackException}.
104      */
105     protected void handleUsernameToken(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
106         throw new UnsupportedCallbackException(callback);
107     }
108 
109     /**
110      * Invoked when the callback has a {@link WSPasswordCallback#SIGNATURE} usage.
111      * <p/>
112      * This method is invoked when WSS4J needs the password to get the private key of the {@link
113      * WSPasswordCallback#getIdentifier() identifier} (username) from the keystore. WSS4J uses this private key to
114      * produce a signature. The signature verfication uses the public key to verfiy the signature.
115      * <p/>
116      * Default implementation throws an {@link UnsupportedCallbackException}.
117      */
118     protected void handleSignature(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
119         throw new UnsupportedCallbackException(callback);
120     }
121 
122     /**
123      * Invoked when the callback has a {@link WSPasswordCallback#SECURITY_CONTEXT_TOKEN} usage.
124      * <p/>
125      * This method is invoked when WSS4J needs the key to to be associated with a SecurityContextToken.
126      * <p/>
127      * Default implementation throws an {@link UnsupportedCallbackException}.
128      */
129     protected void handleSecurityContextToken(WSPasswordCallback callback)
130             throws IOException, UnsupportedCallbackException {
131         throw new UnsupportedCallbackException(callback);
132     }
133 
134     /**
135      * Invoked when the callback has a {@link WSPasswordCallback#CUSTOM_TOKEN} usage.
136      * <p/>
137      * Default implementation throws an {@link UnsupportedCallbackException}.
138      */
139     protected void handleCustomToken(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
140         throw new UnsupportedCallbackException(callback);
141     }
142 
143     /**
144      * Invoked when the callback has a {@link WSPasswordCallback#SECRET_KEY} usage.
145      * <p/>
146      * Default implementation throws an {@link UnsupportedCallbackException}.
147      */
148     protected void handleSecretKey(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
149         throw new UnsupportedCallbackException(callback);
150     }
151 
152     /**
153      * Invoked when a {@link CleanupCallback} is passed to {@link #handle(Callback[])}.
154      * <p/>
155      * Default implementation throws an {@link UnsupportedCallbackException}.
156      */
157     protected void handleCleanup(CleanupCallback callback) throws IOException, UnsupportedCallbackException {
158         throw new UnsupportedCallbackException(callback);
159     }
160 
161     /**
162      * Invoked when a {@link UsernameTokenPrincipalCallback} is passed to {@link #handle(Callback[])}.
163      * <p/>
164      * Default implementation throws an {@link UnsupportedCallbackException}.
165      */
166     protected void handleUsernameTokenPrincipal(UsernameTokenPrincipalCallback callback)
167             throws IOException, UnsupportedCallbackException {
168         throw new UnsupportedCallbackException(callback);
169     }
170 }