KeyStoreCallbackHandler.java example

Explorer
spring-ws-master
/*
 * Copyright 2005-2014 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.ws.soap.security.wss4j2.callback;

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.Key;

import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.ws.soap.security.support.KeyStoreUtils;

/**
 * Callback handler that uses Java Security {@code KeyStore}s to handle cryptographic callbacks. Allows for
 * specific key stores to be set for various cryptographic operations.
 *
 * @author Tareq Abed Rabbo
 * @author Arjen Poutsma
 * @author Jamin Hitchcock
 * @see org.springframework.ws.soap.security.support.KeyStoreFactoryBean
 * @since 2.3.0
 */
public class KeyStoreCallbackHandler extends AbstractWsPasswordCallbackHandler implements InitializingBean {

	private String privateKeyPassword;

	private char[] symmetricKeyPassword;

	private KeyStore keyStore;
	
	/**
	 * Invoked when the callback has a {@link WSPasswordCallback#DECRYPT} usage.
	 *
	 * <p>This method is invoked when WSS4J needs a password to get the private key of the {@link
	 * WSPasswordCallback#getIdentifier() identifier} (username) from the keystore. WSS4J uses this private key to
	 * decrypt the session (symmetric) key. Because the encryption method uses the public key to encrypt the session key
	 * it needs no password (a public key is usually not protected by a password).
	 *
	 * <p>Default implementation throws an {@link UnsupportedCallbackException}.
	 */
	protected void handleDecrypt(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
		callback.setPassword(privateKeyPassword);
	}
	
	/**
	 * Invoked when the callback has a {@link WSPasswordCallback#SECRET_KEY} usage.
	 *
	 * <p>Default implementation throws an {@link UnsupportedCallbackException}.
	 */
	protected void handleSecretKey(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
		String id = callback.getIdentifier();
		Key key;
		
		try {
			key = keyStore.getKey(id, symmetricKeyPassword != null ? symmetricKeyPassword : privateKeyPassword.toCharArray());
		} catch (UnrecoverableKeyException e) {
			throw new IOException("Could not get key", e);
		} catch (KeyStoreException e) {
			throw new IOException("Could not get key", e);
		} catch (NoSuchAlgorithmException e) {
			throw new IOException("Could not get key", e);
		}
		 
		callback.setKey(key.getEncoded());
	}

	/** Sets the key store to use if a symmetric key name is embedded. */
	public void setKeyStore(KeyStore keyStore) {
		this.keyStore = keyStore;
	}

	/**
	 * Sets the password used to retrieve private keys from the keystore. This property is required for decryption based
	 * on private keys, and signing.
	 */
	public void setPrivateKeyPassword(String privateKeyPassword) {
		if (privateKeyPassword != null) {
			this.privateKeyPassword = privateKeyPassword;
		}
	}

	/**
	 * Sets the password used to retrieve keys from the symmetric keystore. If this property is not set, it defaults to
	 * the private key password.
	 *
	 * @see #setPrivateKeyPassword(String)
	 */
	public void setSymmetricKeyPassword(String symmetricKeyPassword) {
		if (symmetricKeyPassword != null) {
			this.symmetricKeyPassword = symmetricKeyPassword.toCharArray();
		}
	}

	@Override
	public void afterPropertiesSet() throws Exception {
		if (keyStore == null) {
			loadDefaultKeyStore();
		}
		if (symmetricKeyPassword == null) {
			symmetricKeyPassword = privateKeyPassword.toCharArray();
		}
	}

	/** Loads the key store indicated by system properties. Delegates to {@link KeyStoreUtils#loadDefaultKeyStore()}. */
	protected void loadDefaultKeyStore() {
		try {
			keyStore = KeyStoreUtils.loadDefaultKeyStore();
			if (logger.isDebugEnabled()) {
				logger.debug("Loaded default key store");
			}
		}
		catch (Exception ex) {
			logger.warn("Could not open default key store", ex);
		}
	}

}