Home » wss4j-src-1.5.7 » org.apache.ws.security » [javadoc | source]

    1   /*
    2    * Copyright  2003-2004 The Apache Software Foundation.
    3    *
    4    *  Licensed under the Apache License, Version 2.0 (the "License");
    5    *  you may not use this file except in compliance with the License.
    6    *  You may obtain a copy of the License at
    7    *
    8    *      http://www.apache.org/licenses/LICENSE-2.0
    9    *
   10    *  Unless required by applicable law or agreed to in writing, software
   11    *  distributed under the License is distributed on an "AS IS" BASIS,
   12    *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   13    *  See the License for the specific language governing permissions and
   14    *  limitations under the License.
   15    *
   16    */
   17   
   18   package org.apache.ws.security;
   19   
   20   import org.w3c.dom.Element;
   21   
   22   import javax.security.auth.callback.Callback;
   23   
   24   /**
   25    * Simple class to provide a password callback mechanism.
   26    * <p/>
   27    * It uses the JAAS authentication mechanisms and callback methods.
   28    * In addition to the identifier (user name) this class also provides
   29    * information what type of information the callback <code>handle</code>
   30    * method shall provide.
   31    * <p/>
   32    * The <code> WSPasswordCallback</code> class defines the following usage
   33    * codes:
   34    * <ul>
   35    * <li><code>UNKNOWN</code> - an unknown usage. Never used by the WSS4J
   36    * implementation and shall be treated as an error by the <code>handle
   37    * </code> method.</li>
   38    * <li><code>DECRYPT</code> - need a password to get the private key of
   39    * this identifier (username) from the keystore. WSS4J uses this private
   40    * key to decrypt the session (symmetric) key. Because the encryption
   41    * method uses the public key to encrypt the session key it needs no
   42    * password (a public key is usually not protected by a password).</li>
   43    * <li><code>USERNAME_TOKEN</code> - need the password to fill in or to
   44    * verify a <code>UsernameToken</code>.</li>
   45    * <li><code>SIGNATURE</code> - need the password to get the private key of
   46    * this identifier (username) from    the keystore. WSS4J uses this private
   47    * key to produce a signature. The signature verification uses the public
   48    * key to verify the signature.</li>
   49    * <li><code>KEY_NAME</code> - need the <i>key</i>, not the password,
   50    * associated with the identifier. WSS4J uses this key to encrypt or
   51    * decrypt parts of the SOAP request. Note, the key must match the
   52    * symmetric encryption/decryption algorithm specified (refer to
   53    * {@link org.apache.ws.security.handler.WSHandlerConstants#ENC_SYM_ALGO}).</li>
   54    * <li><code>USERNAME_TOKEN_UNKNOWN</code> - either an not specified 
   55    * password type or a password type passwordText. In these both cases <b>only</b>
   56    * the password variable is <b>set</b>. The callback class now may check if
   57    * the username and password match. If they don't match the callback class must
   58    * throw an exception. The exception can be a UnsupportedCallbackException or
   59    * an IOException.</li>
   60    * <li><code>SECURITY_CONTEXT_TOKEN</code> - need the key to to be associated 
   61    * with a <code>wsc:SecurityContextToken</code>.</li>
   62    * </ul>
   63    *
   64    * @author Werner Dittmann (Werner.Dittmann@siemens.com).
   65    */
   66   
   67   public class WSPasswordCallback implements Callback {
   68   
   69       public static final int UNKNOWN = 0;
   70       public static final int DECRYPT = 1;
   71       public static final int USERNAME_TOKEN = 2;
   72       public static final int SIGNATURE = 3;
   73       public static final int KEY_NAME = 4;
   74       public static final int USERNAME_TOKEN_UNKNOWN = 5;
   75       public final static int SECURITY_CONTEXT_TOKEN = 6;
   76       public final static int CUSTOM_TOKEN = 7;
   77       public final static int ENCRYPTED_KEY_TOKEN = 8;
   78       
   79       private String identifier;
   80       private String password;
   81       private byte[] key;
   82       private int usage;
   83       private String type;
   84       private Element customToken;
   85       
   86       /**
   87        * Constructor.
   88        *
   89        * @param id The application called back must supply the password for
   90        *           this identifier.
   91        */
   92       public WSPasswordCallback(String id, int usage) {
   93           this(id, null, null, usage);
   94       }
   95   
   96       /**
   97        * Constructor.
   98        *
   99        * @param id The application called back must supply the password for
  100        *           this identifier.
  101        */
  102       public WSPasswordCallback(String id, String pw, String type, int usage) {
  103           identifier = id;
  104           password = pw;
  105           this.type = type;
  106           this.usage = usage;
  107       }
  108       /**
  109        * Get the identifier.
  110        * <p/>
  111        *
  112        * @return The identifier
  113        */
  114       public String getIdentifier() {
  115           return identifier;
  116       }
  117       
  118       /**
  119        * Get the identifier.
  120        * <p/>
  121        *
  122        * @return The identifier
  123        * @deprecated use getIdentifier() instead
  124        */
  125       public String getIdentifer() {
  126           return getIdentifier();
  127       }
  128       
  129       /**
  130        * Extended callback interface allows for setting the username as well.
  131        * Callback functions can change the identifier, this is intended in the usernametoken scenario
  132        * where the usernametoken denotes the identity, but a fixed identity for signing is used
  133        * The initial value is that from the configuration file. If this method is not called, the
  134        * configured identity is used.
  135        * 
  136        * @param ident The identity.
  137        */
  138       public void setIdentifier(String ident) {
  139           this.identifier = ident;
  140       }
  141   
  142       /**
  143        * Set the password.
  144        * <p/>
  145        *
  146        * @param passwd is the password associated to the identifier
  147        */
  148       public void setPassword(String passwd) {
  149           password = passwd;
  150       }
  151   
  152       /**
  153        * Get the password.
  154        * <p/>
  155        *
  156        * @return The password
  157        */
  158       public String getPassword() {
  159           return password;
  160       }
  161   
  162       /**
  163        * Set the Key.
  164        * <p/>
  165        *
  166        * @param key is the key associated to the identifier
  167        */
  168       public void setKey(byte[] key) {
  169           this.key = key;
  170       }
  171   
  172       /**
  173        * Get the key.
  174        * <p/>
  175        *
  176        * @return The key
  177        */
  178       public byte[] getKey() {
  179           return this.key;
  180       }
  181   
  182       /**
  183        * Get the usage.
  184        * <p/>
  185        *
  186        * @return The usage for this callback
  187        */
  188       public int getUsage() {
  189           return usage;
  190       }
  191       /**
  192        * The password type is only relevant for usage <code>USERNAME_TOKEN</code>
  193        * and <code>USERNAME_TOKEN_UNKNOWN</code>.
  194        * 
  195        * @return Returns the passwordType.
  196        */
  197       public String getPasswordType() {
  198           return type;
  199       }
  200   
  201       /**
  202        * The key type is only relevant for usage <code>ENCRYPTED_KEY_TOKEN</code>
  203        * 
  204        * @return Returns the type.
  205        */
  206       public String getKeyType() {
  207           return type;
  208       }
  209       public Element getCustomToken() {
  210           return customToken;
  211       }
  212   
  213       public void setCustomToken(Element customToken) {
  214           this.customToken = customToken;
  215       }
  216   }
  217   
  218   

Home » wss4j-src-1.5.7 » org.apache.ws.security » [javadoc | source]