Package org.apache.wss4j.common.ext

Class WSPasswordCallback

java.lang.Object
org.apache.wss4j.common.ext.WSPasswordCallback
All Implemented Interfaces:
Callback
public class WSPasswordCallback extends Object implements Callback
Simple class to provide a password callback mechanism.

It uses the JAAS authentication mechanisms and callback methods. In addition to the identifier (user name) this class also provides information what type of information the callback handle method shall provide.

The WSPasswordCallback class defines the following usage codes:

  • UNKNOWN - an unknown usage. Never used by the WSS4J implementation and shall be treated as an error by the handle method.
  • DECRYPT - need a password to get the private key of this identifier (username) from the keystore. WSS4J uses this private key to decrypt the session (symmetric) key. Because the encryption method uses the public key to encrypt the session key it needs no password (a public key is usually not protected by a password).
  • USERNAME_TOKEN - need the password to fill in or to verify a UsernameToken.
  • SIGNATURE - need the password to get the private key of this identifier (username) from the keystore. WSS4J uses this private key to produce a signature. The signature verification uses the public key to verify the signature.
  • SECURITY_CONTEXT_TOKEN - need the key to to be associated with a wsc:SecurityContextToken.
  • PASSWORD_ENCRYPTOR_PASSWORD - return the password used with a PasswordEncryptor implementation to decrypt encrypted passwords stored in Crypto properties files

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final int
    CUSTOM_TOKEN
    CUSTOM_TOKEN usage is used for the case that we want the CallbackHandler to supply a token as a DOM Element.
    static final int
    DECRYPT
    DECRYPT usage is used when the calling code needs a password to get the private key of this identifier (alias) from a keystore.
    static final int
    PASSWORD_ENCRYPTOR_PASSWORD
    PASSWORD_ENCRYPTOR_PASSWORD usage is used to return the password used with a PasswordEncryptor implementation to decrypt encrypted passwords stored in Crypto properties files
    static final int
    SECRET_KEY
    SECRET_KEY usage is used for the case that we want to obtain a secret key for encryption or signature on the outbound side, or for decryption or verification on the inbound side.
    static final int
    SECURITY_CONTEXT_TOKEN
    SECURITY_CONTEXT_TOKEN usage is for the case of when we want the CallbackHandler to supply the key associated with a SecurityContextToken.
    static final int
    SIGNATURE
    SIGNATURE usage is used on the outbound side only, to get a password to get the private key of this identifier (alias) from a keystore.
    static final int
    UNKNOWN
    An unknown usage.
    static final int
    USERNAME_TOKEN
    USERNAME_TOKEN usage is used to obtain a password for either creating a Username Token, or for validating it.

  • Constructor Summary

    Constructors
    Constructor
    Description
    WSPasswordCallback(String id, int usage)
    Constructor.
    WSPasswordCallback(String id, String pw, String type, int usage)
    Constructor.

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    getAlgorithm()
    Get the algorithm to be used.
    Element
    getCustomToken()
     
    String
    getIdentifier()
    Get the identifier.
    byte[]
    getKey()
    Get the key.
    Element
    getKeyInfoReference()
     
    Key
    getKeyObject()
     
    String
    getPassword()
    Get the password.
    String
    getType()
     
    int
    getUsage()
    Get the usage.
    void
    setAlgorithm(String algorithm)
    Specify an algorithm to be used.
    void
    setCustomToken(Element customToken)
    Set the custom token
    void
    setIdentifier(String ident)
    Set the identifier
    void
    setKey(byte[] secret)
    Set the Key.
    void
    setKey(Key key)
     
    void
    setKeyInfoReference(Element keyInfoReference)
    This allows the CallbackHandler to specify a custom Element used to reference the key (if for example SECRET_KEY is the usage of the callback)
    void
    setPassword(String passwd)
    Set the password.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • UNKNOWN

      public static final int UNKNOWN
      An unknown usage. Never used by the WSS4J implementation and should be treated as an error.
      See Also:

    • DECRYPT

      public static final int DECRYPT
      DECRYPT usage is used when the calling code needs a password to get the private key of this identifier (alias) from a keystore. This is only used for the inbound case of decrypting a session (symmetric) key, and not for the case of getting a private key to sign the message. The CallbackHandler must set the password via the setPassword(String) method.
      See Also:

    • USERNAME_TOKEN

      public static final int USERNAME_TOKEN
      USERNAME_TOKEN usage is used to obtain a password for either creating a Username Token, or for validating it. It is also used for the case of deriving a key from a Username Token. The CallbackHandler must set the password via the setPassword(String) method.
      See Also:

    • SIGNATURE

      public static final int SIGNATURE
      SIGNATURE usage is used on the outbound side only, to get a password to get the private key of this identifier (alias) from a keystore. The CallbackHandler must set the password via the setPassword(String) method.
      See Also:

    • SECURITY_CONTEXT_TOKEN

      public static final int SECURITY_CONTEXT_TOKEN
      SECURITY_CONTEXT_TOKEN usage is for the case of when we want the CallbackHandler to supply the key associated with a SecurityContextToken. The CallbackHandler must set the key via the setKey(byte[]) method.
      See Also:

    • CUSTOM_TOKEN

      public static final int CUSTOM_TOKEN
      CUSTOM_TOKEN usage is used for the case that we want the CallbackHandler to supply a token as a DOM Element. For example, this is used for the case of a reference to a SAML Assertion or Security Context Token that is not in the message. The CallbackHandler must set the token via the setCustomToken(Element) method.
      See Also:

    • SECRET_KEY

      public static final int SECRET_KEY
      SECRET_KEY usage is used for the case that we want to obtain a secret key for encryption or signature on the outbound side, or for decryption or verification on the inbound side. The CallbackHandler must set the key via the setKey(byte[]) method.
      See Also:

    • PASSWORD_ENCRYPTOR_PASSWORD

      public static final int PASSWORD_ENCRYPTOR_PASSWORD
      PASSWORD_ENCRYPTOR_PASSWORD usage is used to return the password used with a PasswordEncryptor implementation to decrypt encrypted passwords stored in Crypto properties files
      See Also:

  • Constructor Details

    • WSPasswordCallback

      public WSPasswordCallback(String id, int usage)
      Constructor.
      Parameters:
      id - The application called back must supply the password for this identifier.

    • WSPasswordCallback

      public WSPasswordCallback(String id, String pw, String type, int usage)
      Constructor.
      Parameters:
      id - The application called back must supply the password for this identifier.

  • Method Details

    • getIdentifier

      public String getIdentifier()
      Get the identifier.

      Returns:
      The identifier

    • setIdentifier

      public void setIdentifier(String ident)
      Set the identifier
      Parameters:
      ident - The identity.

    • setPassword

      public void setPassword(String passwd)
      Set the password.

      Parameters:
      passwd - is the password associated to the identifier

    • getPassword

      public String getPassword()
      Get the password.

      Returns:
      The password

    • setKey

      public void setKey(byte[] secret)
      Set the Key.

      Parameters:
      secret -

    • setKey

      public void setKey(Key key)

    • getKey

      public byte[] getKey()
      Get the key.

      Returns:
      The key

    • getKeyObject

      public Key getKeyObject()

    • getUsage

      public int getUsage()
      Get the usage.

      Returns:
      The usage for this callback

    • getType

      public String getType()
      Returns:
      Returns the type.

    • getCustomToken

      public Element getCustomToken()
      Returns:
      the custom token

    • setCustomToken

      public void setCustomToken(Element customToken)
      Set the custom token
      Parameters:
      customToken -

    • getAlgorithm

      public String getAlgorithm()
      Get the algorithm to be used. For example, a different secret key might be returned depending on the algorithm.

    • setAlgorithm

      public void setAlgorithm(String algorithm)
      Specify an algorithm to be used. For example, a different secret key might be returned depending on the algorithm.

    • getKeyInfoReference

      public Element getKeyInfoReference()

    • setKeyInfoReference

      public void setKeyInfoReference(Element keyInfoReference)
      This allows the CallbackHandler to specify a custom Element used to reference the key (if for example SECRET_KEY is the usage of the callback)
      Parameters:
      keyInfoReference -