View Javadoc

1   /* 
2    * Copyright (c) 2007, Fraunhofer-Gesellschaft
3    * All rights reserved.
4    * 
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions are
7    * met:
8    * 
9    * (1) Redistributions of source code must retain the above copyright
10   *     notice, this list of conditions and the disclaimer at the end.
11   *     Redistributions in binary form must reproduce the above copyright
12   *     notice, this list of conditions and the following disclaimer in
13   *     the documentation and/or other materials provided with the
14   *     distribution.
15   * 
16   * (2) Neither the name of Fraunhofer nor the names of its
17   *     contributors may be used to endorse or promote products derived
18   *     from this software without specific prior written permission.
19   * 
20   * DISCLAIMER
21   * 
22   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23   * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24   * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
25   * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26   * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
27   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
28   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29   * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30   * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31   * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
32   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33   *  
34   */
35  package org.ogf.graap.wsag.security.core.client;
36  
37  import java.io.IOException;
38  import java.io.InputStream;
39  import java.math.BigInteger;
40  import java.security.KeyStore;
41  import java.security.PrivateKey;
42  import java.security.cert.Certificate;
43  import java.security.cert.CertificateFactory;
44  import java.security.cert.X509Certificate;
45  import java.util.Properties;
46  
47  import org.apache.axis2.context.MessageContext;
48  import org.apache.ws.security.WSSecurityException;
49  import org.apache.ws.security.components.crypto.CredentialException;
50  import org.apache.ws.security.components.crypto.Crypto;
51  import org.ogf.graap.wsag.security.core.SecurityConstants;
52  
53  /**
54   * WSAG4J Merlin is an implementation of the WSS4J {@link Crypto} interface. It reads a crypto object from the
55   * Axis2 {@link MessageContext} using the {@link SecurityConstants#CRYPTO_SIGN} key. All calls to this
56   * instance are delegated to the signing crypto.
57   * 
58   * @author Oliver Waeldrich
59   * 
60   */
61  public class Merlin implements Crypto
62  {
63  
64      /**
65       * Default constructor used by the WS-Security implementation. In fact, this constructors does nothing.
66       * 
67       * @param properties
68       *            the Merlin properties
69       * 
70       * @throws CredentialException
71       *             indicates an error loading or processing the credentials
72       * @throws IOException
73       *             indicates an error reading from the keystore
74       */
75      public Merlin( Properties properties )
76          throws CredentialException, IOException
77      {
78          this( properties, null );
79      }
80  
81      /**
82       * Default constructor used by the WS-Security implementation.
83       * 
84       * @param properties
85       *            the Merlin properties
86       * @param loader
87       *            the {@link ClassLoader} to use
88       * 
89       * @throws CredentialException
90       *             indicates an error loading or processing the credentials
91       * @throws IOException
92       *             indicates an error reading from the keystore
93       */
94      public Merlin( Properties properties, ClassLoader loader )
95          throws CredentialException, IOException
96      {
97          super();
98      }
99  
100     private Crypto getCryptoFromMessageContext() throws WSSecurityException
101     {
102         Crypto crypto =
103             (Crypto) MessageContext.getCurrentMessageContext().getProperty( SecurityConstants.CRYPTO_SIGN );
104 
105         if ( crypto == null )
106         {
107             String message = "Client crypto is not set in AXIS2 message context.";
108             throw new WSSecurityException( message );
109         }
110 
111         return crypto;
112     }
113 
114     /**
115      * Test
116      * 
117      * {@inheritDoc}
118      * 
119      * Test.
120      */
121     public String[] getAliasesForDN( String arg0 ) throws WSSecurityException
122     {
123         return getCryptoFromMessageContext().getAliasesForDN( arg0 );
124     }
125 
126     /**
127      * @param arg0
128      *            {@inheritDoc}
129      * @return {@inheritDoc}
130      * 
131      * @throws WSSecurityException
132      *             {@inheritDoc}
133      * 
134      * @see org.apache.ws.security.components.crypto.Crypto#getAliasForX509Cert(byte[])
135      */
136     public String getAliasForX509Cert( byte[] arg0 ) throws WSSecurityException
137     {
138         return getCryptoFromMessageContext().getAliasForX509Cert( arg0 );
139     }
140 
141     /**
142      * @param arg0
143      *            {@inheritDoc}
144      * @return {@inheritDoc}
145      * 
146      * @throws WSSecurityException
147      *             {@inheritDoc}
148      * 
149      * @see org.apache.ws.security.components.crypto.Crypto#getAliasForX509Cert(java.security.cert.Certificate)
150      */
151     public String getAliasForX509Cert( Certificate arg0 ) throws WSSecurityException
152     {
153         return getCryptoFromMessageContext().getAliasForX509Cert( arg0 );
154     }
155 
156     /**
157      * @param arg0
158      *            {@inheritDoc}
159      * @param arg1
160      *            {@inheritDoc}
161      * 
162      * @return {@inheritDoc}
163      * 
164      * @throws WSSecurityException
165      *             {@inheritDoc}
166      * 
167      * @see org.apache.ws.security.components.crypto.Crypto#getAliasForX509Cert(java.lang.String,
168      *      java.math.BigInteger)
169      */
170     public String getAliasForX509Cert( String arg0, BigInteger arg1 ) throws WSSecurityException
171     {
172         return getCryptoFromMessageContext().getAliasForX509Cert( arg0, arg1 );
173     }
174 
175     /**
176      * {@inheritDoc}
177      * 
178      * @see org.apache.ws.security.components.crypto.Merlin#getAliasForX509Cert(String)
179      */
180     public String getAliasForX509Cert( String issuer ) throws WSSecurityException
181     {
182         return getCryptoFromMessageContext().getAliasForX509Cert( issuer );
183     }
184 
185     /**
186      * @param arg0
187      *            The certificate thumb as byte array.
188      * 
189      * @return The alias for the given certificate thumb.
190      * 
191      * @throws WSSecurityException
192      *             A failure occurred getting the alias from the certificate.
193      * 
194      * @see org.apache.ws.security.components.crypto.Crypto#getAliasForX509CertThumb(byte[])
195      */
196     public String getAliasForX509CertThumb( byte[] arg0 ) throws WSSecurityException
197     {
198         return getCryptoFromMessageContext().getAliasForX509CertThumb( arg0 );
199     }
200 
201     /**
202      * @param arg0
203      *            {@inheritDoc}
204      * 
205      * @param certs
206      *            The certificate chain to convert.
207      * 
208      * @return The certificate data as byte array.
209      * 
210      * @throws WSSecurityException
211      *             A failure occurred getting the certificate data.
212      * 
213      * @see org.apache.ws.security.components.crypto.Crypto#getCertificateData(boolean,
214      *      java.security.cert.X509Certificate[])
215      */
216     public byte[] getCertificateData( boolean arg0, X509Certificate[] certs ) throws WSSecurityException
217     {
218         return getCryptoFromMessageContext().getCertificateData( arg0, certs );
219     }
220 
221     /**
222      * @return The certificate factory for this user keystore.
223      * 
224      * @throws WSSecurityException
225      *             A failure occurred getting the certificate factory.
226      * 
227      * @see org.apache.ws.security.components.crypto.Crypto#getCertificateFactory()
228      */
229     public CertificateFactory getCertificateFactory() throws WSSecurityException
230     {
231         return getCryptoFromMessageContext().getCertificateFactory();
232     }
233 
234     /**
235      * @param alias
236      *            The alias for which the certificate chain should be retrieved.
237      * 
238      * @return The certificate chain for the given alias.
239      * 
240      * @throws WSSecurityException
241      *             A failure occurred getting the certificate chain.
242      * 
243      * @see org.apache.ws.security.components.crypto.Crypto#getCertificates(java.lang.String)
244      */
245     public X509Certificate[] getCertificates( String alias ) throws WSSecurityException
246     {
247         return getCryptoFromMessageContext().getCertificates( alias );
248     }
249 
250     /**
251      * @return Returns the default alias of the user keystore.
252      * 
253      * @see org.apache.ws.security.components.crypto.Crypto#getDefaultX509Alias()
254      */
255     public String getDefaultX509Alias()
256     {
257         try
258         {
259             return getCryptoFromMessageContext().getDefaultX509Alias();
260         }
261         catch ( WSSecurityException ex )
262         {
263             throw new RuntimeException( ex );
264         }
265     }
266 
267     /**
268      * @return Returns the user crypto's keystore object.
269      * 
270      * @see org.apache.ws.security.components.crypto.Crypto#getKeyStore()
271      */
272     public KeyStore getKeyStore()
273     {
274         try
275         {
276             return getCryptoFromMessageContext().getKeyStore();
277         }
278         catch ( WSSecurityException ex )
279         {
280             throw new RuntimeException( ex );
281         }
282     }
283 
284     /**
285      * @param alias
286      *            The private key alias.
287      * 
288      * @param password
289      *            The private key password.
290      * 
291      * @return The private key loaded from the user crypto.
292      * 
293      * @throws Exception
294      *             A failure occurred getting the private key.
295      * 
296      * @see org.apache.ws.security.components.crypto.Crypto#getPrivateKey(java.lang.String, java.lang.String)
297      */
298     public PrivateKey getPrivateKey( String alias, String password ) throws Exception
299     {
300         return getCryptoFromMessageContext().getPrivateKey( alias, password );
301     }
302 
303     /**
304      * @param certificate
305      *            The certificate to get the SKI bytes from.
306      * 
307      * @return The SKI bytes.
308      * 
309      * @throws WSSecurityException
310      *             A failure occurred getting the SKI bytes.
311      * 
312      * @see org.apache.ws.security.components.crypto.Crypto#getSKIBytesFromCert(java.security.cert.X509Certificate)
313      */
314     public byte[] getSKIBytesFromCert( X509Certificate certificate ) throws WSSecurityException
315     {
316         return getCryptoFromMessageContext().getSKIBytesFromCert( certificate );
317     }
318 
319     /**
320      * @param bytes
321      *            {@inheritDoc}
322      * @param arg1
323      *            {@inheritDoc}
324      * 
325      * @return The loaded certificate chain.
326      * 
327      * @throws WSSecurityException
328      *             A failure occurred during the loading procedure.
329      * 
330      * @see org.apache.ws.security.components.crypto.Crypto#getX509Certificates(byte[], boolean)
331      */
332     public X509Certificate[] getX509Certificates( byte[] bytes, boolean arg1 ) throws WSSecurityException
333     {
334         return getCryptoFromMessageContext().getX509Certificates( bytes, arg1 );
335     }
336 
337     /**
338      * @param in
339      *            The input stream from which the certificate is loaded.
340      * 
341      * @return The loaded certificate.
342      * 
343      * @throws WSSecurityException
344      *             A failure occurred during the loading procedure.
345      * 
346      * @see org.apache.ws.security.components.crypto.Crypto#loadCertificate(java.io.InputStream)
347      */
348     public X509Certificate loadCertificate( InputStream in ) throws WSSecurityException
349     {
350         return getCryptoFromMessageContext().loadCertificate( in );
351     }
352 
353     /**
354      * @param cert
355      *            The certificate path to validate.
356      * 
357      * @return true, if the validation succeeded, otherwise false
358      * 
359      * @throws WSSecurityException
360      *             An exception occurred during the certificate path validation process.
361      * 
362      * @see org.apache.ws.security.components.crypto.Crypto#validateCertPath(java.security.cert.X509Certificate[])
363      */
364     public boolean validateCertPath( X509Certificate[] cert ) throws WSSecurityException
365     {
366         return getCryptoFromMessageContext().validateCertPath( cert );
367     }
368 
369 }