Source code

001/**
002 * Copyright 2005-2017 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.ksb.security.soap;
017
018import org.apache.cxf.binding.soap.SoapMessage;
019import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
020import org.apache.log4j.Logger;
021import org.apache.wss4j.common.crypto.Crypto;
022import org.apache.wss4j.common.crypto.Merlin;
023import org.apache.wss4j.common.crypto.PasswordEncryptor;
024import org.apache.wss4j.common.ext.WSSecurityException;
025import org.apache.wss4j.dom.handler.RequestData;
026import org.apache.wss4j.dom.handler.WSHandlerConstants;
027import org.kuali.rice.core.api.config.ConfigurationException;
028import org.kuali.rice.core.api.config.property.Config;
029import org.kuali.rice.core.api.config.property.ConfigContext;
030import org.kuali.rice.core.api.exception.RiceRuntimeException;
031import org.kuali.rice.core.api.util.ClassLoaderUtils;
032import org.kuali.rice.ksb.config.wss4j.CryptoPasswordCallbackHandler;
033import org.springframework.core.io.DefaultResourceLoader;
034
035import java.io.IOException;
036import java.util.Properties;
037
038//import javax.xml.ws.handler.MessageContext;
039
040
041/**
042 *
043 * @author Kuali Rice Team (rice.collab@kuali.org)
044 */
045
046//TODO: Replace this class with cxf wss4j in interceptor
047public class CXFWSS4JInInterceptor extends WSS4JInInterceptor{
048
049        private static final Logger LOG = Logger.getLogger(CXFWSS4JInInterceptor.class);
050
051        private final boolean busSecurity;
052        
053        public CXFWSS4JInInterceptor(boolean busSecurity) {
054                this.busSecurity = busSecurity;
055        if (busSecurity) {
056                    this.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
057                    this.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, CryptoPasswordCallbackHandler.class.getName());
058                    this.setProperty(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
059                    this.setProperty(WSHandlerConstants.USER, ConfigContext.getCurrentContextConfig().getKeystoreAlias());
060        }
061        }
062
063        @Override
064        public Crypto loadSignatureCrypto(RequestData reqData) throws WSSecurityException {
065                try {
066            PasswordEncryptor passwordEncryptor = new PlainTextPasswordEcryptor();
067            return new Merlin(getMerlinProperties(), ClassLoaderUtils.getDefaultClassLoader(), passwordEncryptor);
068                } catch (Exception e) {
069                        throw new RiceRuntimeException(e);
070                }
071        }
072
073        @Override
074        public Crypto loadDecryptionCrypto(RequestData reqData) throws WSSecurityException {
075                return loadSignatureCrypto(reqData);
076        }
077
078        protected Properties getMerlinProperties() throws IOException {
079                Properties props = new Properties();
080                props.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
081                props.put("org.apache.ws.security.crypto.merlin.keystore.password", ConfigContext.getCurrentContextConfig().getKeystorePassword());
082                props.put("org.apache.ws.security.crypto.merlin.alias.password", ConfigContext.getCurrentContextConfig().getKeystorePassword());
083                props.put("org.apache.ws.security.crypto.merlin.keystore.alias", ConfigContext.getCurrentContextConfig().getKeystoreAlias());
084            props.put("org.apache.ws.security.crypto.merlin.file", ConfigContext.getCurrentContextConfig().getKeystoreFile());
085
086                if (LOG.isDebugEnabled()) {
087                        LOG.debug("Using keystore location " + ConfigContext.getCurrentContextConfig().getKeystoreFile());
088                }
089                return props;
090        }
091
092        /**
093         * This overridden method will not apply security headers if bus security is disabled.
094         * 
095         * @see org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor#handleMessage(org.apache.cxf.binding.soap.SoapMessage)
096         */
097        @Override
098        public void handleMessage(SoapMessage mc)  {
099                if (busSecurity) {
100                        super.handleMessage(mc);
101                }
102        }
103
104}