1 /** 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 20 package org.apache.wss4j.common.ext; 21 22 import java.security.Key; 23 24 import org.w3c.dom.Element; 25 26 import javax.security.auth.callback.Callback; 27 28 /** 29 * Simple class to provide a password callback mechanism. 30 * <p/> 31 * It uses the JAAS authentication mechanisms and callback methods. 32 * In addition to the identifier (user name) this class also provides 33 * information what type of information the callback <code>handle</code> 34 * method shall provide. 35 * <p/> 36 * The <code> WSPasswordCallback</code> class defines the following usage 37 * codes: 38 * <ul> 39 * <li><code>UNKNOWN</code> - an unknown usage. Never used by the WSS4J 40 * implementation and shall be treated as an error by the <code>handle 41 * </code> method.</li> 42 * <li><code>DECRYPT</code> - need a password to get the private key of 43 * this identifier (username) from the keystore. WSS4J uses this private 44 * key to decrypt the session (symmetric) key. Because the encryption 45 * method uses the public key to encrypt the session key it needs no 46 * password (a public key is usually not protected by a password).</li> 47 * <li><code>USERNAME_TOKEN</code> - need the password to fill in or to 48 * verify a <code>UsernameToken</code>.</li> 49 * <li><code>SIGNATURE</code> - need the password to get the private key of 50 * this identifier (username) from the keystore. WSS4J uses this private 51 * key to produce a signature. The signature verification uses the public 52 * key to verify the signature.</li> 53 * <li><code>SECURITY_CONTEXT_TOKEN</code> - need the key to to be associated 54 * with a <code>wsc:SecurityContextToken</code>.</li> 55 * <li><code>PASSWORD_ENCRYPTOR_PASSWORD</code> - return the password used with a 56 * PasswordEncryptor implementation to decrypt encrypted passwords stored in 57 * Crypto properties files</li> 58 * </ul> 59 */ 60 61 public class WSPasswordCallback implements Callback { 62 63 /** 64 * An unknown usage. Never used by the WSS4J implementation and should be treated 65 * as an error. 66 */ 67 public static final int UNKNOWN = 0; 68 69 /** 70 * DECRYPT usage is used when the calling code needs a password to get the private key of 71 * this identifier (alias) from a keystore. This is only used for the inbound case of 72 * decrypting a session (symmetric) key, and not for the case of getting a private key to 73 * sign the message. The CallbackHandler must set the password via the setPassword(String) 74 * method. 75 */ 76 public static final int DECRYPT = 1; 77 78 /** 79 * USERNAME_TOKEN usage is used to obtain a password for either creating a Username Token, 80 * or for validating it. It is also used for the case of deriving a key from a Username Token. 81 * The CallbackHandler must set the password via the setPassword(String) method. 82 */ 83 public static final int USERNAME_TOKEN = 2; 84 85 /** 86 * SIGNATURE usage is used on the outbound side only, to get a password to get the private 87 * key of this identifier (alias) from a keystore. The CallbackHandler must set the password 88 * via the setPassword(String) method. 89 */ 90 public static final int SIGNATURE = 3; 91 92 /** 93 * SECURITY_CONTEXT_TOKEN usage is for the case of when we want the CallbackHandler to 94 * supply the key associated with a SecurityContextToken. The CallbackHandler must set 95 * the key via the setKey(byte[]) method. 96 */ 97 public static final int SECURITY_CONTEXT_TOKEN = 6; 98 99 /** 100 * CUSTOM_TOKEN usage is used for the case that we want the CallbackHandler to supply a 101 * token as a DOM Element. For example, this is used for the case of a reference to a 102 * SAML Assertion or Security Context Token that is not in the message. The CallbackHandler 103 * must set the token via the setCustomToken(Element) method. 104 */ 105 public static final int CUSTOM_TOKEN = 7; 106 107 /** 108 * SECRET_KEY usage is used for the case that we want to obtain a secret key for encryption 109 * or signature on the outbound side, or for decryption or verification on the inbound side. 110 * The CallbackHandler must set the key via the setKey(byte[]) method. 111 */ 112 public static final int SECRET_KEY = 9; 113 114 /** 115 * PASSWORD_ENCRYPTOR_PASSWORD usage is used to return the password used with a PasswordEncryptor 116 * implementation to decrypt encrypted passwords stored in Crypto properties files 117 */ 118 public static final int PASSWORD_ENCRYPTOR_PASSWORD = 10; 119 120 private String identifier; 121 private String password; 122 private byte[] secret; 123 private Key key; 124 private int usage; 125 private String type; 126 private Element customToken; 127 private String algorithm; 128 private Element keyInfoReference; 129 130 /** 131 * Constructor. 132 * 133 * @param id The application called back must supply the password for 134 * this identifier. 135 */ 136 public WSPasswordCallback(String id, int usage) { 137 this(id, null, null, usage); 138 } 139 140 /** 141 * Constructor. 142 * 143 * @param id The application called back must supply the password for 144 * this identifier. 145 */ 146 public WSPasswordCallback(String id, String pw, String type, int usage) { 147 identifier = id; 148 password = pw; 149 this.type = type; 150 this.usage = usage; 151 } 152 153 /** 154 * Get the identifier. 155 * <p/> 156 * 157 * @return The identifier 158 */ 159 public String getIdentifier() { 160 return identifier; 161 } 162 163 /** 164 * Set the identifier 165 * @param ident The identity. 166 */ 167 public void setIdentifier(String ident) { 168 this.identifier = ident; 169 } 170 171 /** 172 * Set the password. 173 * <p/> 174 * 175 * @param passwd is the password associated to the identifier 176 */ 177 public void setPassword(String passwd) { 178 password = passwd; 179 } 180 181 /** 182 * Get the password. 183 * <p/> 184 * 185 * @return The password 186 */ 187 public String getPassword() { 188 return password; 189 } 190 191 /** 192 * Set the Key. 193 * <p/> 194 * 195 * @param secret 196 */ 197 public void setKey(byte[] secret) { 198 this.secret = secret; 199 } 200 201 public void setKey(Key key) { 202 this.key = key; 203 } 204 205 /** 206 * Get the key. 207 * <p/> 208 * 209 * @return The key 210 */ 211 public byte[] getKey() { 212 return this.secret; 213 } 214 215 public Key getKeyObject() { 216 return key; 217 } 218 219 /** 220 * Get the usage. 221 * <p/> 222 * 223 * @return The usage for this callback 224 */ 225 public int getUsage() { 226 return usage; 227 } 228 229 /** 230 * @return Returns the type. 231 */ 232 public String getType() { 233 return type; 234 } 235 236 /** 237 * 238 * @return the custom token 239 */ 240 public Element getCustomToken() { 241 return customToken; 242 } 243 244 /** 245 * Set the custom token 246 * @param customToken 247 */ 248 public void setCustomToken(Element customToken) { 249 this.customToken = customToken; 250 } 251 252 /** 253 * Get the algorithm to be used. For example, a different secret key might be returned depending 254 * on the algorithm. 255 */ 256 public String getAlgorithm() { 257 return algorithm; 258 } 259 260 /** 261 * Specify an algorithm to be used. For example, a different secret key might be returned depending 262 * on the algorithm. 263 */ 264 public void setAlgorithm(String algorithm) { 265 this.algorithm = algorithm; 266 } 267 268 public Element getKeyInfoReference() { 269 return keyInfoReference; 270 } 271 272 /** 273 * This allows the CallbackHandler to specify a custom Element used to reference the 274 * key (if for example SECRET_KEY is the usage of the callback) 275 * @param keyInfoReference 276 */ 277 public void setKeyInfoReference(Element keyInfoReference) { 278 this.keyInfoReference = keyInfoReference; 279 } 280 281 282 }