KeyStoreCallbackHandler xref

View Javadoc

1   /*
2    * Copyright 2002-2009 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.wss4j.callback;
18  
19  import java.io.IOException;
20  import java.security.GeneralSecurityException;
21  import java.security.Key;
22  import java.security.KeyStore;
23  import javax.crypto.SecretKey;
24  import javax.security.auth.callback.UnsupportedCallbackException;
25  
26  import org.apache.ws.security.WSPasswordCallback;
27  import org.apache.ws.security.WSSecurityException;
28  
29  import org.springframework.beans.factory.InitializingBean;
30  import org.springframework.ws.soap.security.support.KeyStoreUtils;
31  
32  /**
33   * Callback handler that uses Java Security <code>KeyStore</code>s to handle cryptographic callbacks. Allows for
34   * specific key stores to be set for various cryptographic operations.
35   *
36   * @author Tareq Abed Rabbo
37   * @author Arjen Poutsma
38   * @see org.springframework.ws.soap.security.support.KeyStoreFactoryBean
39   * @since 1.5.0
40   */
41  public class KeyStoreCallbackHandler extends AbstractWsPasswordCallbackHandler implements InitializingBean {
42  
43      private String privateKeyPassword;
44  
45      private char[] symmetricKeyPassword;
46  
47      private KeyStore keyStore;
48  
49      /** Sets the key store to use if a symmetric key name is embedded. */
50      public void setKeyStore(KeyStore keyStore) {
51          this.keyStore = keyStore;
52      }
53  
54      /**
55       * Sets the password used to retrieve private keys from the keystore. This property is required for decryption based
56       * on private keys, and signing.
57       */
58      public void setPrivateKeyPassword(String privateKeyPassword) {
59          if (privateKeyPassword != null) {
60              this.privateKeyPassword = privateKeyPassword;
61          }
62      }
63  
64      /**
65       * Sets the password used to retrieve keys from the symmetric keystore. If this property is not set, it defaults to
66       * the private key password.
67       *
68       * @see #setPrivateKeyPassword(String)
69       */
70      public void setSymmetricKeyPassword(String symmetricKeyPassword) {
71          if (symmetricKeyPassword != null) {
72              this.symmetricKeyPassword = symmetricKeyPassword.toCharArray();
73          }
74      }
75  
76      public void afterPropertiesSet() throws Exception {
77          if (keyStore == null) {
78              loadDefaultKeyStore();
79          }
80          if (symmetricKeyPassword == null) {
81              symmetricKeyPassword = privateKeyPassword.toCharArray();
82          }
83      }
84  
85      protected void handleDecrypt(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
86          callback.setPassword(privateKeyPassword);
87      }
88  
89      protected void handleKeyName(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
90          try {
91              String identifier = callback.getIdentifier();
92              Key key = keyStore.getKey(identifier, symmetricKeyPassword);
93              if (key instanceof SecretKey) {
94                  callback.setKey(key.getEncoded());
95              }
96              else {
97                  throw new WSSecurityException("Key [" + key + "] is not a javax.crypto.SecretKey");
98              }
99          }
100         catch (GeneralSecurityException ex) {
101             throw new WSSecurityException("Could not obtain symmetric key", ex);
102         }
103     }
104 
105     /** Loads the key store indicated by system properties. Delegates to {@link KeyStoreUtils#loadDefaultKeyStore()}. */
106     protected void loadDefaultKeyStore() {
107         try {
108             keyStore = KeyStoreUtils.loadDefaultKeyStore();
109             if (logger.isDebugEnabled()) {
110                 logger.debug("Loaded default key store");
111             }
112         }
113         catch (Exception ex) {
114             logger.warn("Could not open default key store", ex);
115         }
116     }
117 
118 }