Package org.apache.wss4j.common.ext

Class WSPasswordCallback

  • All Implemented Interfaces:
    Callback
    public class WSPasswordCallback
extends Object
implements Callback
    Simple class to provide a password callback mechanism.

    It uses the JAAS authentication mechanisms and callback methods. In addition to the identifier (user name) this class also provides information what type of information the callback handle method shall provide.

    The WSPasswordCallback class defines the following usage codes:

    • UNKNOWN - an unknown usage. Never used by the WSS4J implementation and shall be treated as an error by the handle method.
    • DECRYPT - need a password to get the private key of this identifier (username) from the keystore. WSS4J uses this private key to decrypt the session (symmetric) key. Because the encryption method uses the public key to encrypt the session key it needs no password (a public key is usually not protected by a password).
    • USERNAME_TOKEN - need the password to fill in or to verify a UsernameToken.
    • SIGNATURE - need the password to get the private key of this identifier (username) from the keystore. WSS4J uses this private key to produce a signature. The signature verification uses the public key to verify the signature.
    • SECURITY_CONTEXT_TOKEN - need the key to to be associated with a wsc:SecurityContextToken.
    • PASSWORD_ENCRYPTOR_PASSWORD - return the password used with a PasswordEncryptor implementation to decrypt encrypted passwords stored in Crypto properties files

    • Field Detail

      • UNKNOWN

        public static final int UNKNOWN
        An unknown usage. Never used by the WSS4J implementation and should be treated as an error.
        See Also:
        Constant Field Values

      • DECRYPT

        public static final int DECRYPT
        DECRYPT usage is used when the calling code needs a password to get the private key of this identifier (alias) from a keystore. This is only used for the inbound case of decrypting a session (symmetric) key, and not for the case of getting a private key to sign the message. The CallbackHandler must set the password via the setPassword(String) method.
        See Also:
        Constant Field Values

      • USERNAME_TOKEN

        public static final int USERNAME_TOKEN
        USERNAME_TOKEN usage is used to obtain a password for either creating a Username Token, or for validating it. It is also used for the case of deriving a key from a Username Token. The CallbackHandler must set the password via the setPassword(String) method.
        See Also:
        Constant Field Values

      • SIGNATURE

        public static final int SIGNATURE
        SIGNATURE usage is used on the outbound side only, to get a password to get the private key of this identifier (alias) from a keystore. The CallbackHandler must set the password via the setPassword(String) method.
        See Also:
        Constant Field Values

      • SECURITY_CONTEXT_TOKEN

        public static final int SECURITY_CONTEXT_TOKEN
        SECURITY_CONTEXT_TOKEN usage is for the case of when we want the CallbackHandler to supply the key associated with a SecurityContextToken. The CallbackHandler must set the key via the setKey(byte[]) method.
        See Also:
        Constant Field Values

      • CUSTOM_TOKEN

        public static final int CUSTOM_TOKEN
        CUSTOM_TOKEN usage is used for the case that we want the CallbackHandler to supply a token as a DOM Element. For example, this is used for the case of a reference to a SAML Assertion or Security Context Token that is not in the message. The CallbackHandler must set the token via the setCustomToken(Element) method.
        See Also:
        Constant Field Values

      • SECRET_KEY

        public static final int SECRET_KEY
        SECRET_KEY usage is used for the case that we want to obtain a secret key for encryption or signature on the outbound side, or for decryption or verification on the inbound side. The CallbackHandler must set the key via the setKey(byte[]) method.
        See Also:
        Constant Field Values

      • PASSWORD_ENCRYPTOR_PASSWORD

        public static final int PASSWORD_ENCRYPTOR_PASSWORD
        PASSWORD_ENCRYPTOR_PASSWORD usage is used to return the password used with a PasswordEncryptor implementation to decrypt encrypted passwords stored in Crypto properties files
        See Also:
        Constant Field Values

    • Constructor Detail

      • WSPasswordCallback

        public WSPasswordCallback​(String id,
                          int usage)
        Constructor.
        Parameters:
        id - The application called back must supply the password for this identifier.

      • WSPasswordCallback

        public WSPasswordCallback​(String id,
                          String pw,
                          String type,
                          int usage)
        Constructor.
        Parameters:
        id - The application called back must supply the password for this identifier.

    • Method Detail

      • getIdentifier

        public String getIdentifier()
        Get the identifier.

        Returns:
        The identifier

      • setIdentifier

        public void setIdentifier​(String ident)
        Set the identifier
        Parameters:
        ident - The identity.

      • setPassword

        public void setPassword​(String passwd)
        Set the password.

        Parameters:
        passwd - is the password associated to the identifier

      • getPassword

        public String getPassword()
        Get the password.

        Returns:
        The password

      • setKey

        public void setKey​(byte[] secret)
        Set the Key.

        Parameters:
        secret -

      • setKey

        public void setKey​(Key key)

      • getKey

        public byte[] getKey()
        Get the key.

        Returns:
        The key

      • getKeyObject

        public Key getKeyObject()

      • getUsage

        public int getUsage()
        Get the usage.

        Returns:
        The usage for this callback

      • getType

        public String getType()
        Returns:
        Returns the type.

      • getCustomToken

        public Element getCustomToken()
        Returns:
        the custom token

      • setCustomToken

        public void setCustomToken​(Element customToken)
        Set the custom token
        Parameters:
        customToken -

      • getAlgorithm

        public String getAlgorithm()
        Get the algorithm to be used. For example, a different secret key might be returned depending on the algorithm.

      • setAlgorithm

        public void setAlgorithm​(String algorithm)
        Specify an algorithm to be used. For example, a different secret key might be returned depending on the algorithm.

      • getKeyInfoReference

        public Element getKeyInfoReference()

      • setKeyInfoReference

        public void setKeyInfoReference​(Element keyInfoReference)
        This allows the CallbackHandler to specify a custom Element used to reference the key (if for example SECRET_KEY is the usage of the callback)
        Parameters:
        keyInfoReference -