1 | package xwss.saml;
|
---|
2 |
|
---|
3 | import com.sun.xml.wss.impl.callback.KeyStoreCallback;
|
---|
4 | import com.sun.xml.wss.impl.callback.PrivateKeyCallback;
|
---|
5 | import java.io.FileInputStream;
|
---|
6 | import java.io.IOException;
|
---|
7 | import java.io.InputStream;
|
---|
8 | import java.security.Key;
|
---|
9 | import java.security.KeyStore;
|
---|
10 | import java.security.KeyStoreException;
|
---|
11 | import java.security.NoSuchAlgorithmException;
|
---|
12 | import java.security.PrivateKey;
|
---|
13 | import java.security.UnrecoverableKeyException;
|
---|
14 | import java.security.cert.CertificateException;
|
---|
15 | import javax.security.auth.callback.Callback;
|
---|
16 | import javax.security.auth.callback.CallbackHandler;
|
---|
17 | import javax.security.auth.callback.UnsupportedCallbackException;
|
---|
18 | import org.apache.commons.logging.Log;
|
---|
19 | import org.apache.commons.logging.LogFactory;
|
---|
20 |
|
---|
21 | /**
|
---|
22 | * This class uses the keystore system properties as established in the
|
---|
23 | * domain.xml file to allow the configuration of the SAML Keystore policy
|
---|
24 | * statements.
|
---|
25 | */
|
---|
26 | public class KeyStoreCallbackHandler implements CallbackHandler {
|
---|
27 |
|
---|
28 | private KeyStore keyStore = null;
|
---|
29 | private String password;
|
---|
30 | private static final String storeType = "JKS";
|
---|
31 | private static Log log = LogFactory.getLog(KeyStoreCallbackHandler.class);
|
---|
32 |
|
---|
33 | /**
|
---|
34 | * Creates the callback handler saving the keystore certificates information
|
---|
35 | * from the keystore file specified by the system properties:
|
---|
36 | * javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword.
|
---|
37 | */
|
---|
38 | public KeyStoreCallbackHandler() {
|
---|
39 | log.debug("Entry KeyStoreCallbackHandler Constructor");
|
---|
40 | InputStream is = null;
|
---|
41 | String storeLoc = System.getProperty("javax.net.ssl.keyStore");
|
---|
42 | if (storeLoc != null) {
|
---|
43 | password = System.getProperty("javax.net.ssl.keyStorePassword");
|
---|
44 | if (password != null) {
|
---|
45 | try {
|
---|
46 | keyStore = KeyStore.getInstance(storeType);
|
---|
47 | is = new FileInputStream(storeLoc);
|
---|
48 | keyStore.load(is, password.toCharArray());
|
---|
49 | } catch (IOException ex) {
|
---|
50 | log.debug("KeyStoreCallbackHandler " + ex);
|
---|
51 | throw new RuntimeException(ex);
|
---|
52 | } catch (NoSuchAlgorithmException ex) {
|
---|
53 | log.debug("KeyStoreCallbackHandler " + ex);
|
---|
54 | throw new RuntimeException(ex);
|
---|
55 | } catch (CertificateException ex) {
|
---|
56 | log.debug("KeyStoreCallbackHandler " + ex);
|
---|
57 | throw new RuntimeException(ex);
|
---|
58 | } catch (KeyStoreException ex) {
|
---|
59 | log.debug("KeyStoreCallbackHandler " + ex);
|
---|
60 | throw new RuntimeException(ex);
|
---|
61 | } finally {
|
---|
62 | try {
|
---|
63 | is.close();
|
---|
64 | } catch (IOException ex) {
|
---|
65 | log.debug("KeyStoreCallbackHandler " + ex);
|
---|
66 | }
|
---|
67 | }
|
---|
68 | } else {
|
---|
69 | log.error("javax.net.ssl.keyStorePassword is not defined in domain.xml");
|
---|
70 | }
|
---|
71 | } else {
|
---|
72 | log.error("javax.net.ssl.keyStore is not defined in domain.xml");
|
---|
73 | }
|
---|
74 | log.debug("Exit KeyStoreCallbackHandler Constructor");
|
---|
75 | }
|
---|
76 |
|
---|
77 | /**
|
---|
78 | * Implementing the callback, this method provides the keystore information
|
---|
79 | * or the private key information depending on the type of callback desired
|
---|
80 | * to the input Callback object.
|
---|
81 | * @param callbacks The Callback which needs to have keystore information
|
---|
82 | * set, should be either a KeyStoreCallback or a PrivateKeyCallback
|
---|
83 | * @throws java.io.IOException
|
---|
84 | * @throws javax.security.auth.callback.UnsupportedCallbackException
|
---|
85 | */
|
---|
86 | public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
|
---|
87 | log.debug("Entry KeyStoreCallbackHandler handle callback");
|
---|
88 | for (int i = 0; i < callbacks.length; i++) {
|
---|
89 | if (callbacks[i] instanceof KeyStoreCallback) {
|
---|
90 | KeyStoreCallback cb = (KeyStoreCallback) callbacks[i];
|
---|
91 | //print(cb.getRuntimeProperties());
|
---|
92 | cb.setKeystore(keyStore);
|
---|
93 | log.debug("KeyStoreCallback set keystore");
|
---|
94 | } else if (callbacks[i] instanceof PrivateKeyCallback) {
|
---|
95 | try {
|
---|
96 | PrivateKeyCallback cb = (PrivateKeyCallback) callbacks[i];
|
---|
97 | //print(cb.getRuntimeProperties());
|
---|
98 | Key privkey = keyStore.getKey(cb.getAlias(), password.toCharArray());
|
---|
99 | cb.setKey((PrivateKey) privkey);
|
---|
100 | log.debug("PrivateKeyCallback set private key");
|
---|
101 | } catch (KeyStoreException ex) {
|
---|
102 | log.error("KeyStoreCallbackHandler " + ex);
|
---|
103 | throw new RuntimeException(ex);
|
---|
104 | } catch (NoSuchAlgorithmException ex) {
|
---|
105 | log.error("KeyStoreCallbackHandler " + ex);
|
---|
106 | throw new RuntimeException(ex);
|
---|
107 | } catch (UnrecoverableKeyException ex) {
|
---|
108 | log.error("KeyStoreCallbackHandler " + ex);
|
---|
109 | throw new RuntimeException(ex);
|
---|
110 | }
|
---|
111 | } else {
|
---|
112 | log.error("Unsupported KeyStoreCallbackHandler Callback: " + callbacks[i]);
|
---|
113 | throw new UnsupportedCallbackException(callbacks[i]);
|
---|
114 | }
|
---|
115 | }
|
---|
116 | log.debug("Exit KeyStoreCallbackHandler handle callback");
|
---|
117 | }
|
---|
118 |
|
---|
119 | /*private void print(Map context) {
|
---|
120 | Iterator it = context.keySet().iterator();
|
---|
121 | while (it.hasNext()) {
|
---|
122 | log.debug("Prop " + it.next());
|
---|
123 | }
|
---|
124 | }*/
|
---|
125 | }
|
---|
126 |
|
---|