[507] | 1 | package xwss.saml;
|
---|
| 2 |
|
---|
| 3 | import com.sun.xml.wss.impl.callback.KeyStoreCallback;
|
---|
| 4 | import com.sun.xml.wss.impl.callback.PrivateKeyCallback;
|
---|
| 5 | import java.io.FileInputStream;
|
---|
| 6 | import java.io.IOException;
|
---|
| 7 | import java.io.InputStream;
|
---|
| 8 | import java.security.Key;
|
---|
| 9 | import java.security.KeyStore;
|
---|
| 10 | import java.security.KeyStoreException;
|
---|
| 11 | import java.security.NoSuchAlgorithmException;
|
---|
| 12 | import java.security.PrivateKey;
|
---|
| 13 | import java.security.UnrecoverableKeyException;
|
---|
| 14 | import java.security.cert.CertificateException;
|
---|
| 15 | import javax.security.auth.callback.Callback;
|
---|
| 16 | import javax.security.auth.callback.CallbackHandler;
|
---|
| 17 | import javax.security.auth.callback.UnsupportedCallbackException;
|
---|
| 18 | import org.apache.commons.logging.Log;
|
---|
| 19 | import org.apache.commons.logging.LogFactory;
|
---|
| 20 |
|
---|
| 21 | /**
|
---|
| 22 | * This class uses the keystore system properties as established in the
|
---|
| 23 | * domain.xml file to allow the configuration of the SAML Keystore policy
|
---|
| 24 | * statements.
|
---|
| 25 | */
|
---|
| 26 | public class KeyStoreCallbackHandler implements CallbackHandler {
|
---|
| 27 |
|
---|
| 28 | private KeyStore keyStore = null;
|
---|
| 29 | private String password;
|
---|
| 30 | private static final String storeType = "JKS";
|
---|
| 31 | private static Log log = LogFactory.getLog(KeyStoreCallbackHandler.class);
|
---|
| 32 |
|
---|
| 33 | /**
|
---|
| 34 | * Creates the callback handler saving the keystore certificates information
|
---|
| 35 | * from the keystore file specified by the system properties:
|
---|
| 36 | * javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword.
|
---|
| 37 | */
|
---|
| 38 | public KeyStoreCallbackHandler() {
|
---|
| 39 | log.debug("Entry KeyStoreCallbackHandler Constructor");
|
---|
| 40 | InputStream is = null;
|
---|
| 41 | String storeLoc = System.getProperty("javax.net.ssl.keyStore");
|
---|
| 42 | if (storeLoc != null) {
|
---|
| 43 | password = System.getProperty("javax.net.ssl.keyStorePassword");
|
---|
| 44 | if (password != null) {
|
---|
| 45 | try {
|
---|
| 46 | keyStore = KeyStore.getInstance(storeType);
|
---|
| 47 | is = new FileInputStream(storeLoc);
|
---|
| 48 | keyStore.load(is, password.toCharArray());
|
---|
| 49 | } catch (IOException ex) {
|
---|
| 50 | log.debug("KeyStoreCallbackHandler " + ex);
|
---|
| 51 | throw new RuntimeException(ex);
|
---|
| 52 | } catch (NoSuchAlgorithmException ex) {
|
---|
| 53 | log.debug("KeyStoreCallbackHandler " + ex);
|
---|
| 54 | throw new RuntimeException(ex);
|
---|
| 55 | } catch (CertificateException ex) {
|
---|
| 56 | log.debug("KeyStoreCallbackHandler " + ex);
|
---|
| 57 | throw new RuntimeException(ex);
|
---|
| 58 | } catch (KeyStoreException ex) {
|
---|
| 59 | log.debug("KeyStoreCallbackHandler " + ex);
|
---|
| 60 | throw new RuntimeException(ex);
|
---|
| 61 | } finally {
|
---|
| 62 | try {
|
---|
| 63 | is.close();
|
---|
| 64 | } catch (IOException ex) {
|
---|
| 65 | log.debug("KeyStoreCallbackHandler " + ex);
|
---|
| 66 | }
|
---|
| 67 | }
|
---|
| 68 | } else {
|
---|
| 69 | log.error("javax.net.ssl.keyStorePassword is not defined in domain.xml");
|
---|
| 70 | }
|
---|
| 71 | } else {
|
---|
| 72 | log.error("javax.net.ssl.keyStore is not defined in domain.xml");
|
---|
| 73 | }
|
---|
| 74 | log.debug("Exit KeyStoreCallbackHandler Constructor");
|
---|
| 75 | }
|
---|
| 76 |
|
---|
| 77 | /**
|
---|
| 78 | * Implementing the callback, this method provides the keystore information
|
---|
| 79 | * or the private key information depending on the type of callback desired
|
---|
| 80 | * to the input Callback object.
|
---|
| 81 | * @param callbacks The Callback which needs to have keystore information
|
---|
| 82 | * set, should be either a KeyStoreCallback or a PrivateKeyCallback
|
---|
| 83 | * @throws java.io.IOException
|
---|
| 84 | * @throws javax.security.auth.callback.UnsupportedCallbackException
|
---|
| 85 | */
|
---|
| 86 | public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
|
---|
| 87 | log.debug("Entry KeyStoreCallbackHandler handle callback");
|
---|
| 88 | for (int i = 0; i < callbacks.length; i++) {
|
---|
| 89 | if (callbacks[i] instanceof KeyStoreCallback) {
|
---|
| 90 | KeyStoreCallback cb = (KeyStoreCallback) callbacks[i];
|
---|
| 91 | //print(cb.getRuntimeProperties());
|
---|
| 92 | cb.setKeystore(keyStore);
|
---|
| 93 | log.debug("KeyStoreCallback set keystore");
|
---|
| 94 | } else if (callbacks[i] instanceof PrivateKeyCallback) {
|
---|
| 95 | try {
|
---|
| 96 | PrivateKeyCallback cb = (PrivateKeyCallback) callbacks[i];
|
---|
| 97 | //print(cb.getRuntimeProperties());
|
---|
| 98 | Key privkey = keyStore.getKey(cb.getAlias(), password.toCharArray());
|
---|
| 99 | cb.setKey((PrivateKey) privkey);
|
---|
| 100 | log.debug("PrivateKeyCallback set private key");
|
---|
| 101 | } catch (KeyStoreException ex) {
|
---|
| 102 | log.error("KeyStoreCallbackHandler " + ex);
|
---|
| 103 | throw new RuntimeException(ex);
|
---|
| 104 | } catch (NoSuchAlgorithmException ex) {
|
---|
| 105 | log.error("KeyStoreCallbackHandler " + ex);
|
---|
| 106 | throw new RuntimeException(ex);
|
---|
| 107 | } catch (UnrecoverableKeyException ex) {
|
---|
| 108 | log.error("KeyStoreCallbackHandler " + ex);
|
---|
| 109 | throw new RuntimeException(ex);
|
---|
| 110 | }
|
---|
| 111 | } else {
|
---|
| 112 | log.error("Unsupported KeyStoreCallbackHandler Callback: " + callbacks[i]);
|
---|
| 113 | throw new UnsupportedCallbackException(callbacks[i]);
|
---|
| 114 | }
|
---|
| 115 | }
|
---|
| 116 | log.debug("Exit KeyStoreCallbackHandler handle callback");
|
---|
| 117 | }
|
---|
| 118 |
|
---|
| 119 | /*private void print(Map context) {
|
---|
| 120 | Iterator it = context.keySet().iterator();
|
---|
| 121 | while (it.hasNext()) {
|
---|
| 122 | log.debug("Prop " + it.next());
|
---|
| 123 | }
|
---|
| 124 | }*/
|
---|
| 125 | }
|
---|
| 126 |
|
---|