1 | package xwss.saml;
|
---|
2 |
|
---|
3 | import com.sun.xml.wss.impl.callback.KeyStoreCallback;
|
---|
4 | import java.io.FileInputStream;
|
---|
5 | import java.io.IOException;
|
---|
6 | import java.io.InputStream;
|
---|
7 | import java.security.KeyStore;
|
---|
8 | import java.security.KeyStoreException;
|
---|
9 | import java.security.NoSuchAlgorithmException;
|
---|
10 | import java.security.cert.CertificateException;
|
---|
11 | import java.util.Iterator;
|
---|
12 | import java.util.Map;
|
---|
13 | import javax.security.auth.callback.Callback;
|
---|
14 | import javax.security.auth.callback.CallbackHandler;
|
---|
15 | import javax.security.auth.callback.UnsupportedCallbackException;
|
---|
16 | import org.apache.commons.logging.Log;
|
---|
17 | import org.apache.commons.logging.LogFactory;
|
---|
18 |
|
---|
19 | /**
|
---|
20 | * This class uses the truststore system properties as established in the
|
---|
21 | * domain.xml file to allow the configuration of the SAML Truststore policy
|
---|
22 | * statements.
|
---|
23 | */
|
---|
24 | public class TrustStoreCallbackHandler implements CallbackHandler {
|
---|
25 |
|
---|
26 | private KeyStore keyStore = null;
|
---|
27 | private String password;
|
---|
28 | private static final String storeType = "JKS";
|
---|
29 | private static Log log = LogFactory.getLog(TrustStoreCallbackHandler.class);
|
---|
30 |
|
---|
31 | /**
|
---|
32 | * Creates the callback handler saving the truststore certificates
|
---|
33 | * information from the truststore file specified by the system properties:
|
---|
34 | * javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword.
|
---|
35 | */
|
---|
36 | public TrustStoreCallbackHandler() {
|
---|
37 | log.debug("Entry TrustStoreCallbackHandler Constructor");
|
---|
38 | InputStream is = null;
|
---|
39 | String storeLoc = System.getProperty("javax.net.ssl.trustStore");
|
---|
40 | if (storeLoc != null) {
|
---|
41 | password = System.getProperty("javax.net.ssl.trustStorePassword");
|
---|
42 | if (password != null) {
|
---|
43 | try {
|
---|
44 | keyStore = KeyStore.getInstance(storeType);
|
---|
45 | is = new FileInputStream(storeLoc);
|
---|
46 | keyStore.load(is, password.toCharArray());
|
---|
47 | } catch (IOException ex) {
|
---|
48 | log.debug("TrustStoreCallbackHandler " + ex);
|
---|
49 | throw new RuntimeException(ex);
|
---|
50 | } catch (NoSuchAlgorithmException ex) {
|
---|
51 | log.debug("TrustStoreCallbackHandler " + ex);
|
---|
52 | throw new RuntimeException(ex);
|
---|
53 | } catch (CertificateException ex) {
|
---|
54 | log.debug("TrustStoreCallbackHandler " + ex);
|
---|
55 | throw new RuntimeException(ex);
|
---|
56 | } catch (KeyStoreException ex) {
|
---|
57 | log.debug("TrustStoreCallbackHandler " + ex);
|
---|
58 | throw new RuntimeException(ex);
|
---|
59 | } finally {
|
---|
60 | try {
|
---|
61 | is.close();
|
---|
62 | } catch (IOException ex) {
|
---|
63 | log.debug("TrustStoreCallbackHandler " + ex);
|
---|
64 | }
|
---|
65 | }
|
---|
66 | } else {
|
---|
67 | log.error("javax.net.ssl.trustStorePassword is not defined in domain.xml");
|
---|
68 | }
|
---|
69 | } else {
|
---|
70 | log.error("javax.net.ssl.trustStore is not defined in domain.xml");
|
---|
71 | }
|
---|
72 | log.debug("Exit TrustStoreCallbackHandler Constructor");
|
---|
73 | }
|
---|
74 |
|
---|
75 | /**
|
---|
76 | * Implementing the callback, this method provides the truststore
|
---|
77 | * information to the input Callback object.
|
---|
78 | * @param callbacks The Callback which needs to have truststore information
|
---|
79 | * set.
|
---|
80 | * @throws java.io.IOException
|
---|
81 | * @throws javax.security.auth.callback.UnsupportedCallbackException
|
---|
82 | */
|
---|
83 | public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
|
---|
84 | log.debug("Entry TrustStoreCallbackHandler handle callback");
|
---|
85 | for (int i = 0; i < callbacks.length; i++) {
|
---|
86 | if (callbacks[i] instanceof KeyStoreCallback) {
|
---|
87 | KeyStoreCallback cb = (KeyStoreCallback) callbacks[i];
|
---|
88 | //print(cb.getRuntimeProperties());
|
---|
89 | cb.setKeystore(keyStore);
|
---|
90 | log.debug("KeyStoreCallback set keystore: " + keyStore);
|
---|
91 | } else {
|
---|
92 | log.error("Unsupported KeyStoreCallbackHandler Callback: " + callbacks[i]);
|
---|
93 | throw new UnsupportedCallbackException(callbacks[i]);
|
---|
94 | }
|
---|
95 | }
|
---|
96 | log.debug("Exit TrustStoreCallbackHandler handle callback");
|
---|
97 | }
|
---|
98 |
|
---|
99 | /*private void print(Map context) {
|
---|
100 | Iterator it = context.keySet().iterator();
|
---|
101 | while (it.hasNext()) {
|
---|
102 | log.debug("Prop " + it.next());
|
---|
103 | }
|
---|
104 | }*/
|
---|
105 | }
|
---|
106 |
|
---|