001/** 002 * Copyright 2005-2017 The Kuali Foundation 003 * 004 * Licensed under the Educational Community License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl2.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.kuali.rice.ksb.security.soap; 017 018import org.apache.cxf.binding.soap.SoapMessage; 019import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; 020import org.apache.log4j.Logger; 021import org.apache.wss4j.common.crypto.Crypto; 022import org.apache.wss4j.common.crypto.Merlin; 023import org.apache.wss4j.common.crypto.PasswordEncryptor; 024import org.apache.wss4j.common.ext.WSSecurityException; 025import org.apache.wss4j.dom.handler.RequestData; 026import org.apache.wss4j.dom.handler.WSHandlerConstants; 027import org.kuali.rice.core.api.config.property.ConfigContext; 028import org.kuali.rice.core.api.exception.RiceRuntimeException; 029import org.kuali.rice.core.api.util.ClassLoaderUtils; 030import org.kuali.rice.ksb.config.wss4j.CryptoPasswordCallbackHandler; 031 032import java.io.IOException; 033import java.util.Properties; 034 035 036/** 037 * 038 * @author Kuali Rice Team (rice.collab@kuali.org) 039 */ 040 041public class CXFWSS4JOutInterceptor extends WSS4JOutInterceptor { 042 043 private static final Logger LOG = Logger.getLogger(CXFWSS4JOutInterceptor.class); 044 045 private final boolean busSecurity; 046 047 public CXFWSS4JOutInterceptor(boolean busSecurity) { 048 this.busSecurity = busSecurity; 049 if (busSecurity) { 050 this.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); 051 this.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, CryptoPasswordCallbackHandler.class.getName()); 052 this.setProperty(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial"); 053 this.setProperty(WSHandlerConstants.USER, ConfigContext.getCurrentContextConfig().getKeystoreAlias()); 054 } 055 } 056 057 @Override 058 public Crypto loadSignatureCrypto(RequestData reqData) throws WSSecurityException { 059 try { 060 PasswordEncryptor passwordEncryptor = new PlainTextPasswordEcryptor(); 061 return new Merlin(getMerlinProperties(), ClassLoaderUtils.getDefaultClassLoader(), passwordEncryptor); 062 } catch (Exception e) { 063 throw new RiceRuntimeException(e); 064 } 065 } 066 067 @Override 068 public Crypto loadDecryptionCrypto(RequestData reqData) throws WSSecurityException { 069 return loadSignatureCrypto(reqData); 070 } 071 072 protected Properties getMerlinProperties() throws IOException { 073 Properties props = new Properties(); 074 props.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks"); 075 props.put("org.apache.ws.security.crypto.merlin.keystore.password", ConfigContext.getCurrentContextConfig().getKeystorePassword()); 076 props.put("org.apache.ws.security.crypto.merlin.alias.password", ConfigContext.getCurrentContextConfig().getKeystorePassword()); 077 props.put("org.apache.ws.security.crypto.merlin.keystore.alias", ConfigContext.getCurrentContextConfig().getKeystoreAlias()); 078 props.put("org.apache.ws.security.crypto.merlin.file", ConfigContext.getCurrentContextConfig().getKeystoreFile()); 079 080 if (LOG.isDebugEnabled()) { 081 LOG.debug("Using keystore location " + ConfigContext.getCurrentContextConfig().getKeystoreFile()); 082 } 083 084 return props; 085 } 086 087 /** 088 * This overridden method will not apply security headers if bus security is disabled. 089 * 090 * @see org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor#handleMessage(org.apache.cxf.binding.soap.SoapMessage) 091 */ 092 @Override 093 public void handleMessage(SoapMessage mc) { 094 if (busSecurity) { 095 super.handleMessage(mc); 096 } 097 } 098 099}