1 /*
2 * Copyright (c) 2007, Fraunhofer-Gesellschaft
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are
7 * met:
8 *
9 * (1) Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the disclaimer at the end.
11 * Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * (2) Neither the name of Fraunhofer nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
19 *
20 * DISCLAIMER
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
27 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
28 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 *
34 */
35 package org.ogf.graap.wsag.security.core.client;
36
37 import java.io.IOException;
38 import java.io.InputStream;
39 import java.math.BigInteger;
40 import java.security.KeyStore;
41 import java.security.PrivateKey;
42 import java.security.cert.Certificate;
43 import java.security.cert.CertificateFactory;
44 import java.security.cert.X509Certificate;
45 import java.util.Properties;
46
47 import org.apache.axis2.context.MessageContext;
48 import org.apache.ws.security.WSSecurityException;
49 import org.apache.ws.security.components.crypto.CredentialException;
50 import org.apache.ws.security.components.crypto.Crypto;
51 import org.ogf.graap.wsag.security.core.SecurityConstants;
52
53 /**
54 * WSAG4J Merlin is an implementation of the WSS4J {@link Crypto} interface. It reads a crypto object from the
55 * Axis2 {@link MessageContext} using the {@link SecurityConstants#CRYPTO_SIGN} key. All calls to this
56 * instance are delegated to the signing crypto.
57 *
58 * @author Oliver Waeldrich
59 *
60 */
61 public class Merlin implements Crypto
62 {
63
64 /**
65 * Default constructor used by the WS-Security implementation. In fact, this constructors does nothing.
66 *
67 * @param properties
68 * the Merlin properties
69 *
70 * @throws CredentialException
71 * indicates an error loading or processing the credentials
72 * @throws IOException
73 * indicates an error reading from the keystore
74 */
75 public Merlin( Properties properties )
76 throws CredentialException, IOException
77 {
78 this( properties, null );
79 }
80
81 /**
82 * Default constructor used by the WS-Security implementation.
83 *
84 * @param properties
85 * the Merlin properties
86 * @param loader
87 * the {@link ClassLoader} to use
88 *
89 * @throws CredentialException
90 * indicates an error loading or processing the credentials
91 * @throws IOException
92 * indicates an error reading from the keystore
93 */
94 public Merlin( Properties properties, ClassLoader loader )
95 throws CredentialException, IOException
96 {
97 super();
98 }
99
100 private Crypto getCryptoFromMessageContext() throws WSSecurityException
101 {
102 Crypto crypto =
103 (Crypto) MessageContext.getCurrentMessageContext().getProperty( SecurityConstants.CRYPTO_SIGN );
104
105 if ( crypto == null )
106 {
107 String message = "Client crypto is not set in AXIS2 message context.";
108 throw new WSSecurityException( message );
109 }
110
111 return crypto;
112 }
113
114 /**
115 * Test
116 *
117 * {@inheritDoc}
118 *
119 * Test.
120 */
121 public String[] getAliasesForDN( String arg0 ) throws WSSecurityException
122 {
123 return getCryptoFromMessageContext().getAliasesForDN( arg0 );
124 }
125
126 /**
127 * @param arg0
128 * {@inheritDoc}
129 * @return {@inheritDoc}
130 *
131 * @throws WSSecurityException
132 * {@inheritDoc}
133 *
134 * @see org.apache.ws.security.components.crypto.Crypto#getAliasForX509Cert(byte[])
135 */
136 public String getAliasForX509Cert( byte[] arg0 ) throws WSSecurityException
137 {
138 return getCryptoFromMessageContext().getAliasForX509Cert( arg0 );
139 }
140
141 /**
142 * @param arg0
143 * {@inheritDoc}
144 * @return {@inheritDoc}
145 *
146 * @throws WSSecurityException
147 * {@inheritDoc}
148 *
149 * @see org.apache.ws.security.components.crypto.Crypto#getAliasForX509Cert(java.security.cert.Certificate)
150 */
151 public String getAliasForX509Cert( Certificate arg0 ) throws WSSecurityException
152 {
153 return getCryptoFromMessageContext().getAliasForX509Cert( arg0 );
154 }
155
156 /**
157 * @param arg0
158 * {@inheritDoc}
159 * @param arg1
160 * {@inheritDoc}
161 *
162 * @return {@inheritDoc}
163 *
164 * @throws WSSecurityException
165 * {@inheritDoc}
166 *
167 * @see org.apache.ws.security.components.crypto.Crypto#getAliasForX509Cert(java.lang.String,
168 * java.math.BigInteger)
169 */
170 public String getAliasForX509Cert( String arg0, BigInteger arg1 ) throws WSSecurityException
171 {
172 return getCryptoFromMessageContext().getAliasForX509Cert( arg0, arg1 );
173 }
174
175 /**
176 * {@inheritDoc}
177 *
178 * @see org.apache.ws.security.components.crypto.Merlin#getAliasForX509Cert(String)
179 */
180 public String getAliasForX509Cert( String issuer ) throws WSSecurityException
181 {
182 return getCryptoFromMessageContext().getAliasForX509Cert( issuer );
183 }
184
185 /**
186 * @param arg0
187 * The certificate thumb as byte array.
188 *
189 * @return The alias for the given certificate thumb.
190 *
191 * @throws WSSecurityException
192 * A failure occurred getting the alias from the certificate.
193 *
194 * @see org.apache.ws.security.components.crypto.Crypto#getAliasForX509CertThumb(byte[])
195 */
196 public String getAliasForX509CertThumb( byte[] arg0 ) throws WSSecurityException
197 {
198 return getCryptoFromMessageContext().getAliasForX509CertThumb( arg0 );
199 }
200
201 /**
202 * @param arg0
203 * {@inheritDoc}
204 *
205 * @param certs
206 * The certificate chain to convert.
207 *
208 * @return The certificate data as byte array.
209 *
210 * @throws WSSecurityException
211 * A failure occurred getting the certificate data.
212 *
213 * @see org.apache.ws.security.components.crypto.Crypto#getCertificateData(boolean,
214 * java.security.cert.X509Certificate[])
215 */
216 public byte[] getCertificateData( boolean arg0, X509Certificate[] certs ) throws WSSecurityException
217 {
218 return getCryptoFromMessageContext().getCertificateData( arg0, certs );
219 }
220
221 /**
222 * @return The certificate factory for this user keystore.
223 *
224 * @throws WSSecurityException
225 * A failure occurred getting the certificate factory.
226 *
227 * @see org.apache.ws.security.components.crypto.Crypto#getCertificateFactory()
228 */
229 public CertificateFactory getCertificateFactory() throws WSSecurityException
230 {
231 return getCryptoFromMessageContext().getCertificateFactory();
232 }
233
234 /**
235 * @param alias
236 * The alias for which the certificate chain should be retrieved.
237 *
238 * @return The certificate chain for the given alias.
239 *
240 * @throws WSSecurityException
241 * A failure occurred getting the certificate chain.
242 *
243 * @see org.apache.ws.security.components.crypto.Crypto#getCertificates(java.lang.String)
244 */
245 public X509Certificate[] getCertificates( String alias ) throws WSSecurityException
246 {
247 return getCryptoFromMessageContext().getCertificates( alias );
248 }
249
250 /**
251 * @return Returns the default alias of the user keystore.
252 *
253 * @see org.apache.ws.security.components.crypto.Crypto#getDefaultX509Alias()
254 */
255 public String getDefaultX509Alias()
256 {
257 try
258 {
259 return getCryptoFromMessageContext().getDefaultX509Alias();
260 }
261 catch ( WSSecurityException ex )
262 {
263 throw new RuntimeException( ex );
264 }
265 }
266
267 /**
268 * @return Returns the user crypto's keystore object.
269 *
270 * @see org.apache.ws.security.components.crypto.Crypto#getKeyStore()
271 */
272 public KeyStore getKeyStore()
273 {
274 try
275 {
276 return getCryptoFromMessageContext().getKeyStore();
277 }
278 catch ( WSSecurityException ex )
279 {
280 throw new RuntimeException( ex );
281 }
282 }
283
284 /**
285 * @param alias
286 * The private key alias.
287 *
288 * @param password
289 * The private key password.
290 *
291 * @return The private key loaded from the user crypto.
292 *
293 * @throws Exception
294 * A failure occurred getting the private key.
295 *
296 * @see org.apache.ws.security.components.crypto.Crypto#getPrivateKey(java.lang.String, java.lang.String)
297 */
298 public PrivateKey getPrivateKey( String alias, String password ) throws Exception
299 {
300 return getCryptoFromMessageContext().getPrivateKey( alias, password );
301 }
302
303 /**
304 * @param certificate
305 * The certificate to get the SKI bytes from.
306 *
307 * @return The SKI bytes.
308 *
309 * @throws WSSecurityException
310 * A failure occurred getting the SKI bytes.
311 *
312 * @see org.apache.ws.security.components.crypto.Crypto#getSKIBytesFromCert(java.security.cert.X509Certificate)
313 */
314 public byte[] getSKIBytesFromCert( X509Certificate certificate ) throws WSSecurityException
315 {
316 return getCryptoFromMessageContext().getSKIBytesFromCert( certificate );
317 }
318
319 /**
320 * @param bytes
321 * {@inheritDoc}
322 * @param arg1
323 * {@inheritDoc}
324 *
325 * @return The loaded certificate chain.
326 *
327 * @throws WSSecurityException
328 * A failure occurred during the loading procedure.
329 *
330 * @see org.apache.ws.security.components.crypto.Crypto#getX509Certificates(byte[], boolean)
331 */
332 public X509Certificate[] getX509Certificates( byte[] bytes, boolean arg1 ) throws WSSecurityException
333 {
334 return getCryptoFromMessageContext().getX509Certificates( bytes, arg1 );
335 }
336
337 /**
338 * @param in
339 * The input stream from which the certificate is loaded.
340 *
341 * @return The loaded certificate.
342 *
343 * @throws WSSecurityException
344 * A failure occurred during the loading procedure.
345 *
346 * @see org.apache.ws.security.components.crypto.Crypto#loadCertificate(java.io.InputStream)
347 */
348 public X509Certificate loadCertificate( InputStream in ) throws WSSecurityException
349 {
350 return getCryptoFromMessageContext().loadCertificate( in );
351 }
352
353 /**
354 * @param cert
355 * The certificate path to validate.
356 *
357 * @return true, if the validation succeeded, otherwise false
358 *
359 * @throws WSSecurityException
360 * An exception occurred during the certificate path validation process.
361 *
362 * @see org.apache.ws.security.components.crypto.Crypto#validateCertPath(java.security.cert.X509Certificate[])
363 */
364 public boolean validateCertPath( X509Certificate[] cert ) throws WSSecurityException
365 {
366 return getCryptoFromMessageContext().validateCertPath( cert );
367 }
368
369 }