1 /*
2 * Copyright 2003-2004 The Apache Software Foundation.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17
18 package org.apache.ws.security;
19
20 import org.w3c.dom.Element;
21
22 import javax.security.auth.callback.Callback;
23
24 /**
25 * Simple class to provide a password callback mechanism.
26 * <p/>
27 * It uses the JAAS authentication mechanisms and callback methods.
28 * In addition to the identifier (user name) this class also provides
29 * information what type of information the callback <code>handle</code>
30 * method shall provide.
31 * <p/>
32 * The <code> WSPasswordCallback</code> class defines the following usage
33 * codes:
34 * <ul>
35 * <li><code>UNKNOWN</code> - an unknown usage. Never used by the WSS4J
36 * implementation and shall be treated as an error by the <code>handle
37 * </code> method.</li>
38 * <li><code>DECRYPT</code> - need a password to get the private key of
39 * this identifier (username) from the keystore. WSS4J uses this private
40 * key to decrypt the session (symmetric) key. Because the encryption
41 * method uses the public key to encrypt the session key it needs no
42 * password (a public key is usually not protected by a password).</li>
43 * <li><code>USERNAME_TOKEN</code> - need the password to fill in or to
44 * verify a <code>UsernameToken</code>.</li>
45 * <li><code>SIGNATURE</code> - need the password to get the private key of
46 * this identifier (username) from the keystore. WSS4J uses this private
47 * key to produce a signature. The signature verification uses the public
48 * key to verify the signature.</li>
49 * <li><code>KEY_NAME</code> - need the <i>key</i>, not the password,
50 * associated with the identifier. WSS4J uses this key to encrypt or
51 * decrypt parts of the SOAP request. Note, the key must match the
52 * symmetric encryption/decryption algorithm specified (refer to
53 * {@link org.apache.ws.security.handler.WSHandlerConstants#ENC_SYM_ALGO}).</li>
54 * <li><code>USERNAME_TOKEN_UNKNOWN</code> - either an not specified
55 * password type or a password type passwordText. In these both cases <b>only</b>
56 * the password variable is <b>set</b>. The callback class now may check if
57 * the username and password match. If they don't match the callback class must
58 * throw an exception. The exception can be a UnsupportedCallbackException or
59 * an IOException.</li>
60 * <li><code>SECURITY_CONTEXT_TOKEN</code> - need the key to to be associated
61 * with a <code>wsc:SecurityContextToken</code>.</li>
62 * </ul>
63 *
64 * @author Werner Dittmann (Werner.Dittmann@siemens.com).
65 */
66
67 public class WSPasswordCallback implements Callback {
68
69 public static final int UNKNOWN = 0;
70 public static final int DECRYPT = 1;
71 public static final int USERNAME_TOKEN = 2;
72 public static final int SIGNATURE = 3;
73 public static final int KEY_NAME = 4;
74 public static final int USERNAME_TOKEN_UNKNOWN = 5;
75 public final static int SECURITY_CONTEXT_TOKEN = 6;
76 public final static int CUSTOM_TOKEN = 7;
77 public final static int ENCRYPTED_KEY_TOKEN = 8;
78
79 private String identifier;
80 private String password;
81 private byte[] key;
82 private int usage;
83 private String type;
84 private Element customToken;
85
86 /**
87 * Constructor.
88 *
89 * @param id The application called back must supply the password for
90 * this identifier.
91 */
92 public WSPasswordCallback(String id, int usage) {
93 this(id, null, null, usage);
94 }
95
96 /**
97 * Constructor.
98 *
99 * @param id The application called back must supply the password for
100 * this identifier.
101 */
102 public WSPasswordCallback(String id, String pw, String type, int usage) {
103 identifier = id;
104 password = pw;
105 this.type = type;
106 this.usage = usage;
107 }
108 /**
109 * Get the identifier.
110 * <p/>
111 *
112 * @return The identifier
113 */
114 public String getIdentifier() {
115 return identifier;
116 }
117
118 /**
119 * Get the identifier.
120 * <p/>
121 *
122 * @return The identifier
123 * @deprecated use getIdentifier() instead
124 */
125 public String getIdentifer() {
126 return getIdentifier();
127 }
128
129 /**
130 * Extended callback interface allows for setting the username as well.
131 * Callback functions can change the identifier, this is intended in the usernametoken scenario
132 * where the usernametoken denotes the identity, but a fixed identity for signing is used
133 * The initial value is that from the configuration file. If this method is not called, the
134 * configured identity is used.
135 *
136 * @param ident The identity.
137 */
138 public void setIdentifier(String ident) {
139 this.identifier = ident;
140 }
141
142 /**
143 * Set the password.
144 * <p/>
145 *
146 * @param passwd is the password associated to the identifier
147 */
148 public void setPassword(String passwd) {
149 password = passwd;
150 }
151
152 /**
153 * Get the password.
154 * <p/>
155 *
156 * @return The password
157 */
158 public String getPassword() {
159 return password;
160 }
161
162 /**
163 * Set the Key.
164 * <p/>
165 *
166 * @param key is the key associated to the identifier
167 */
168 public void setKey(byte[] key) {
169 this.key = key;
170 }
171
172 /**
173 * Get the key.
174 * <p/>
175 *
176 * @return The key
177 */
178 public byte[] getKey() {
179 return this.key;
180 }
181
182 /**
183 * Get the usage.
184 * <p/>
185 *
186 * @return The usage for this callback
187 */
188 public int getUsage() {
189 return usage;
190 }
191 /**
192 * The password type is only relevant for usage <code>USERNAME_TOKEN</code>
193 * and <code>USERNAME_TOKEN_UNKNOWN</code>.
194 *
195 * @return Returns the passwordType.
196 */
197 public String getPasswordType() {
198 return type;
199 }
200
201 /**
202 * The key type is only relevant for usage <code>ENCRYPTED_KEY_TOKEN</code>
203 *
204 * @return Returns the type.
205 */
206 public String getKeyType() {
207 return type;
208 }
209 public Element getCustomToken() {
210 return customToken;
211 }
212
213 public void setCustomToken(Element customToken) {
214 this.customToken = customToken;
215 }
216 }
217
218