| 1 | package xwss.saml;
|
|---|
| 2 |
|
|---|
| 3 | import com.sun.xml.wss.impl.callback.KeyStoreCallback;
|
|---|
| 4 | import java.io.FileInputStream;
|
|---|
| 5 | import java.io.IOException;
|
|---|
| 6 | import java.io.InputStream;
|
|---|
| 7 | import java.security.KeyStore;
|
|---|
| 8 | import java.security.KeyStoreException;
|
|---|
| 9 | import java.security.NoSuchAlgorithmException;
|
|---|
| 10 | import java.security.cert.CertificateException;
|
|---|
| 11 | import java.util.Iterator;
|
|---|
| 12 | import java.util.Map;
|
|---|
| 13 | import javax.security.auth.callback.Callback;
|
|---|
| 14 | import javax.security.auth.callback.CallbackHandler;
|
|---|
| 15 | import javax.security.auth.callback.UnsupportedCallbackException;
|
|---|
| 16 | import org.apache.commons.logging.Log;
|
|---|
| 17 | import org.apache.commons.logging.LogFactory;
|
|---|
| 18 |
|
|---|
| 19 | /**
|
|---|
| 20 | * This class uses the truststore system properties as established in the
|
|---|
| 21 | * domain.xml file to allow the configuration of the SAML Truststore policy
|
|---|
| 22 | * statements.
|
|---|
| 23 | */
|
|---|
| 24 | public class TrustStoreCallbackHandler implements CallbackHandler {
|
|---|
| 25 |
|
|---|
| 26 | private KeyStore keyStore = null;
|
|---|
| 27 | private String password;
|
|---|
| 28 | private static final String storeType = "JKS";
|
|---|
| 29 | private static Log log = LogFactory.getLog(TrustStoreCallbackHandler.class);
|
|---|
| 30 |
|
|---|
| 31 | /**
|
|---|
| 32 | * Creates the callback handler saving the truststore certificates
|
|---|
| 33 | * information from the truststore file specified by the system properties:
|
|---|
| 34 | * javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword.
|
|---|
| 35 | */
|
|---|
| 36 | public TrustStoreCallbackHandler() {
|
|---|
| 37 | log.debug("Entry TrustStoreCallbackHandler Constructor");
|
|---|
| 38 | InputStream is = null;
|
|---|
| 39 | String storeLoc = System.getProperty("javax.net.ssl.trustStore");
|
|---|
| 40 | if (storeLoc != null) {
|
|---|
| 41 | password = System.getProperty("javax.net.ssl.trustStorePassword");
|
|---|
| 42 | if (password != null) {
|
|---|
| 43 | try {
|
|---|
| 44 | keyStore = KeyStore.getInstance(storeType);
|
|---|
| 45 | is = new FileInputStream(storeLoc);
|
|---|
| 46 | keyStore.load(is, password.toCharArray());
|
|---|
| 47 | } catch (IOException ex) {
|
|---|
| 48 | log.debug("TrustStoreCallbackHandler " + ex);
|
|---|
| 49 | throw new RuntimeException(ex);
|
|---|
| 50 | } catch (NoSuchAlgorithmException ex) {
|
|---|
| 51 | log.debug("TrustStoreCallbackHandler " + ex);
|
|---|
| 52 | throw new RuntimeException(ex);
|
|---|
| 53 | } catch (CertificateException ex) {
|
|---|
| 54 | log.debug("TrustStoreCallbackHandler " + ex);
|
|---|
| 55 | throw new RuntimeException(ex);
|
|---|
| 56 | } catch (KeyStoreException ex) {
|
|---|
| 57 | log.debug("TrustStoreCallbackHandler " + ex);
|
|---|
| 58 | throw new RuntimeException(ex);
|
|---|
| 59 | } finally {
|
|---|
| 60 | try {
|
|---|
| 61 | is.close();
|
|---|
| 62 | } catch (IOException ex) {
|
|---|
| 63 | log.debug("TrustStoreCallbackHandler " + ex);
|
|---|
| 64 | }
|
|---|
| 65 | }
|
|---|
| 66 | } else {
|
|---|
| 67 | log.error("javax.net.ssl.trustStorePassword is not defined in domain.xml");
|
|---|
| 68 | }
|
|---|
| 69 | } else {
|
|---|
| 70 | log.error("javax.net.ssl.trustStore is not defined in domain.xml");
|
|---|
| 71 | }
|
|---|
| 72 | log.debug("Exit TrustStoreCallbackHandler Constructor");
|
|---|
| 73 | }
|
|---|
| 74 |
|
|---|
| 75 | /**
|
|---|
| 76 | * Implementing the callback, this method provides the truststore
|
|---|
| 77 | * information to the input Callback object.
|
|---|
| 78 | * @param callbacks The Callback which needs to have truststore information
|
|---|
| 79 | * set.
|
|---|
| 80 | * @throws java.io.IOException
|
|---|
| 81 | * @throws javax.security.auth.callback.UnsupportedCallbackException
|
|---|
| 82 | */
|
|---|
| 83 | public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
|
|---|
| 84 | log.debug("Entry TrustStoreCallbackHandler handle callback");
|
|---|
| 85 | for (int i = 0; i < callbacks.length; i++) {
|
|---|
| 86 | if (callbacks[i] instanceof KeyStoreCallback) {
|
|---|
| 87 | KeyStoreCallback cb = (KeyStoreCallback) callbacks[i];
|
|---|
| 88 | //print(cb.getRuntimeProperties());
|
|---|
| 89 | cb.setKeystore(keyStore);
|
|---|
| 90 | log.debug("KeyStoreCallback set keystore: " + keyStore);
|
|---|
| 91 | } else {
|
|---|
| 92 | log.error("Unsupported KeyStoreCallbackHandler Callback: " + callbacks[i]);
|
|---|
| 93 | throw new UnsupportedCallbackException(callbacks[i]);
|
|---|
| 94 | }
|
|---|
| 95 | }
|
|---|
| 96 | log.debug("Exit TrustStoreCallbackHandler handle callback");
|
|---|
| 97 | }
|
|---|
| 98 |
|
|---|
| 99 | /*private void print(Map context) {
|
|---|
| 100 | Iterator it = context.keySet().iterator();
|
|---|
| 101 | while (it.hasNext()) {
|
|---|
| 102 | log.debug("Prop " + it.next());
|
|---|
| 103 | }
|
|---|
| 104 | }*/
|
|---|
| 105 | }
|
|---|
| 106 |
|
|---|
