View Javadoc

1   /* 
2    * Copyright (c) 2007, Fraunhofer-Gesellschaft
3    * All rights reserved.
4    * 
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions are
7    * met:
8    * 
9    * (1) Redistributions of source code must retain the above copyright
10   *     notice, this list of conditions and the disclaimer at the end.
11   *     Redistributions in binary form must reproduce the above copyright
12   *     notice, this list of conditions and the following disclaimer in
13   *     the documentation and/or other materials provided with the
14   *     distribution.
15   * 
16   * (2) Neither the name of Fraunhofer nor the names of its
17   *     contributors may be used to endorse or promote products derived
18   *     from this software without specific prior written permission.
19   * 
20   * DISCLAIMER
21   * 
22   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23   * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24   * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
25   * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26   * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
27   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
28   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29   * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30   * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31   * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
32   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33   *  
34   */
35  package org.ogf.graap.wsag.client.wsrf.security;
36  
37  import java.io.IOException;
38  import java.io.InputStream;
39  import java.math.BigInteger;
40  import java.security.KeyStore;
41  import java.security.PrivateKey;
42  import java.security.cert.Certificate;
43  import java.security.cert.CertificateFactory;
44  import java.security.cert.X509Certificate;
45  import java.util.Properties;
46  
47  import org.apache.axis2.context.MessageContext;
48  import org.apache.ws.security.WSSecurityException;
49  import org.apache.ws.security.components.crypto.CredentialException;
50  import org.apache.ws.security.components.crypto.Crypto;
51  import org.ogf.graap.wsag.api.security.SecurityConstants;
52  
53  /**
54   * WSAG4J Merlin is an implementation of the WSS4J {@link Crypto} interface. It reads a crypto object from the
55   * Axis2 {@link MessageContext} using the {@link SecurityConstants#CRYPTO_SIGN} key. All calls to this
56   * instance are delegated to the signing crypto.
57   * 
58   * @author Oliver Waeldrich
59   * 
60   */
61  public class Merlin
62      implements Crypto
63  {
64  
65      /**
66       * Default constructor used by the WS-Security implementation. In fact, this constructors does nothing.
67       * 
68       * @param properties
69       *            the Merlin properties
70       * 
71       * @throws CredentialException
72       *             indicates an error loading or processing the credentials
73       * @throws IOException
74       *             indicates an error reading from the keystore
75       */
76      public Merlin( Properties properties )
77          throws CredentialException, IOException
78      {
79          this( properties, null );
80      }
81  
82      /**
83       * Default constructor used by the WS-Security implementation.
84       * 
85       * @param properties
86       *            the Merlin properties
87       * @param loader
88       *            the {@link ClassLoader} to use
89       * 
90       * @throws CredentialException
91       *             indicates an error loading or processing the credentials
92       * @throws IOException
93       *             indicates an error reading from the keystore
94       */
95      public Merlin( Properties properties, ClassLoader loader )
96          throws CredentialException, IOException
97      {
98          super();
99      }
100 
101     private Crypto getCryptoFromMessageContext() throws WSSecurityException
102     {
103         Crypto crypto =
104             (Crypto) MessageContext.getCurrentMessageContext().getProperty( SecurityConstants.CRYPTO_SIGN );
105 
106         if ( crypto == null )
107         {
108             String message = "Client crypto is not set in AXIS2 message context.";
109             throw new WSSecurityException( message );
110         }
111 
112         return crypto;
113     }
114 
115     /**
116      * Test
117      * 
118      * {@inheritDoc}
119      * 
120      * Test.
121      */
122     public String[] getAliasesForDN( String arg0 ) throws WSSecurityException
123     {
124         return getCryptoFromMessageContext().getAliasesForDN( arg0 );
125     }
126 
127     /**
128      * @param arg0
129      *            {@inheritDoc}
130      * @return {@inheritDoc}
131      * 
132      * @throws WSSecurityException
133      *             {@inheritDoc}
134      * 
135      * @see org.apache.ws.security.components.crypto.Crypto#getAliasForX509Cert(byte[])
136      */
137     public String getAliasForX509Cert( byte[] arg0 ) throws WSSecurityException
138     {
139         return getCryptoFromMessageContext().getAliasForX509Cert( arg0 );
140     }
141 
142     /**
143      * @param arg0
144      *            {@inheritDoc}
145      * @return {@inheritDoc}
146      * 
147      * @throws WSSecurityException
148      *             {@inheritDoc}
149      * 
150      * @see org.apache.ws.security.components.crypto.Crypto#getAliasForX509Cert(java.security.cert.Certificate)
151      */
152     public String getAliasForX509Cert( Certificate arg0 ) throws WSSecurityException
153     {
154         return getCryptoFromMessageContext().getAliasForX509Cert( arg0 );
155     }
156 
157     /**
158      * @param arg0
159      *            {@inheritDoc}
160      * @param arg1
161      *            {@inheritDoc}
162      * 
163      * @return {@inheritDoc}
164      * 
165      * @throws WSSecurityException
166      *             {@inheritDoc}
167      * 
168      * @see org.apache.ws.security.components.crypto.Crypto#getAliasForX509Cert(java.lang.String,
169      *      java.math.BigInteger)
170      */
171     public String getAliasForX509Cert( String arg0, BigInteger arg1 ) throws WSSecurityException
172     {
173         return getCryptoFromMessageContext().getAliasForX509Cert( arg0, arg1 );
174     }
175 
176     /**
177      * {@inheritDoc}
178      * 
179      * @see org.apache.ws.security.components.crypto.Merlin#getAliasForX509Cert(String)
180      */
181     public String getAliasForX509Cert( String issuer ) throws WSSecurityException
182     {
183         return getCryptoFromMessageContext().getAliasForX509Cert( issuer );
184     }
185 
186     /**
187      * @param arg0
188      *            The certificate thumb as byte array.
189      * 
190      * @return The alias for the given certificate thumb.
191      * 
192      * @throws WSSecurityException
193      *             A failure occurred getting the alias from the certificate.
194      * 
195      * @see org.apache.ws.security.components.crypto.Crypto#getAliasForX509CertThumb(byte[])
196      */
197     public String getAliasForX509CertThumb( byte[] arg0 ) throws WSSecurityException
198     {
199         return getCryptoFromMessageContext().getAliasForX509CertThumb( arg0 );
200     }
201 
202     /**
203      * @param arg0
204      *            {@inheritDoc}
205      * 
206      * @param certs
207      *            The certificate chain to convert.
208      * 
209      * @return The certificate data as byte array.
210      * 
211      * @throws WSSecurityException
212      *             A failure occurred getting the certificate data.
213      * 
214      * @see org.apache.ws.security.components.crypto.Crypto#getCertificateData(boolean,
215      *      java.security.cert.X509Certificate[])
216      */
217     public byte[] getCertificateData( boolean arg0, X509Certificate[] certs ) throws WSSecurityException
218     {
219         return getCryptoFromMessageContext().getCertificateData( arg0, certs );
220     }
221 
222     /**
223      * @return The certificate factory for this user keystore.
224      * 
225      * @throws WSSecurityException
226      *             A failure occurred getting the certificate factory.
227      * 
228      * @see org.apache.ws.security.components.crypto.Crypto#getCertificateFactory()
229      */
230     public CertificateFactory getCertificateFactory() throws WSSecurityException
231     {
232         return getCryptoFromMessageContext().getCertificateFactory();
233     }
234 
235     /**
236      * @param alias
237      *            The alias for which the certificate chain should be retrieved.
238      * 
239      * @return The certificate chain for the given alias.
240      * 
241      * @throws WSSecurityException
242      *             A failure occurred getting the certificate chain.
243      * 
244      * @see org.apache.ws.security.components.crypto.Crypto#getCertificates(java.lang.String)
245      */
246     public X509Certificate[] getCertificates( String alias ) throws WSSecurityException
247     {
248         return getCryptoFromMessageContext().getCertificates( alias );
249     }
250 
251     /**
252      * @return Returns the default alias of the user keystore.
253      * 
254      * @see org.apache.ws.security.components.crypto.Crypto#getDefaultX509Alias()
255      */
256     public String getDefaultX509Alias()
257     {
258         try
259         {
260             return getCryptoFromMessageContext().getDefaultX509Alias();
261         }
262         catch ( WSSecurityException ex )
263         {
264             throw new RuntimeException( ex );
265         }
266     }
267 
268     /**
269      * @return Returns the user crypto's keystore object.
270      * 
271      * @see org.apache.ws.security.components.crypto.Crypto#getKeyStore()
272      */
273     public KeyStore getKeyStore()
274     {
275         try
276         {
277             return getCryptoFromMessageContext().getKeyStore();
278         }
279         catch ( WSSecurityException ex )
280         {
281             throw new RuntimeException( ex );
282         }
283     }
284 
285     /**
286      * @param alias
287      *            The private key alias.
288      * 
289      * @param password
290      *            The private key password.
291      * 
292      * @return The private key loaded from the user crypto.
293      * 
294      * @throws Exception
295      *             A failure occurred getting the private key.
296      * 
297      * @see org.apache.ws.security.components.crypto.Crypto#getPrivateKey(java.lang.String, java.lang.String)
298      */
299     public PrivateKey getPrivateKey( String alias, String password ) throws Exception
300     {
301         return getCryptoFromMessageContext().getPrivateKey( alias, password );
302     }
303 
304     /**
305      * @param certificate
306      *            The certificate to get the SKI bytes from.
307      * 
308      * @return The SKI bytes.
309      * 
310      * @throws WSSecurityException
311      *             A failure occurred getting the SKI bytes.
312      * 
313      * @see org.apache.ws.security.components.crypto.Crypto#getSKIBytesFromCert(java.security.cert.X509Certificate)
314      */
315     public byte[] getSKIBytesFromCert( X509Certificate certificate ) throws WSSecurityException
316     {
317         return getCryptoFromMessageContext().getSKIBytesFromCert( certificate );
318     }
319 
320     /**
321      * @param bytes
322      *            {@inheritDoc}
323      * @param arg1
324      *            {@inheritDoc}
325      * 
326      * @return The loaded certificate chain.
327      * 
328      * @throws WSSecurityException
329      *             A failure occurred during the loading procedure.
330      * 
331      * @see org.apache.ws.security.components.crypto.Crypto#getX509Certificates(byte[], boolean)
332      */
333     public X509Certificate[] getX509Certificates( byte[] bytes, boolean arg1 ) throws WSSecurityException
334     {
335         return getCryptoFromMessageContext().getX509Certificates( bytes, arg1 );
336     }
337 
338     /**
339      * @param in
340      *            The input stream from which the certificate is loaded.
341      * 
342      * @return The loaded certificate.
343      * 
344      * @throws WSSecurityException
345      *             A failure occurred during the loading procedure.
346      * 
347      * @see org.apache.ws.security.components.crypto.Crypto#loadCertificate(java.io.InputStream)
348      */
349     public X509Certificate loadCertificate( InputStream in ) throws WSSecurityException
350     {
351         return getCryptoFromMessageContext().loadCertificate( in );
352     }
353 
354     /**
355      * @param cert
356      *            The certificate path to validate.
357      * 
358      * @return true, if the validation succeeded, otherwise false
359      * 
360      * @throws WSSecurityException
361      *             An exception occurred during the certificate path validation process.
362      * 
363      * @see org.apache.ws.security.components.crypto.Crypto#validateCertPath(java.security.cert.X509Certificate[])
364      */
365     public boolean validateCertPath( X509Certificate[] cert ) throws WSSecurityException
366     {
367         return getCryptoFromMessageContext().validateCertPath( cert );
368     }
369 
370 }