org.apache.ws.security.handler

Class WSHandler

java.lang.Object

org.apache.ws.security.handler.WSHandler

Direct Known Subclasses:

WSDoAllHandler, WSS4JHandler

public abstract class WSHandler
extends Object

Extracted from WSDoAllReceiver and WSDoAllSender Extended to all passwordless UsernameTokens and configurable identities.

Author:

Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@t-online.de)., Marcel Ammerlaan (marcel.ammerlaan@gmail.com).

Field Summary

Fields

Modifier and Type	Field and Description
protected static Hashtable	cryptos
static String	DONE
protected static WSSecurityEngine	secEngine

Constructor Summary

Constructors

Constructor and Description
WSHandler()

Method Summary

Methods

Modifier and Type	Method and Description
protected boolean	checkReceiverResults(Vector wsResult, Vector actions)
protected boolean	checkReceiverResultsAnyOrder(Vector wsResult, Vector actions)
protected void	checkSignatureConfirmation(RequestData reqData, Vector wsResult)
protected boolean	decodeCustomPasswordTypes(RequestData reqData)
protected void	decodeDecryptionParameter(RequestData reqData)
protected boolean	decodeEnableSignatureConfirmation(RequestData reqData)
protected void	decodeEncryptionParameter(RequestData reqData)
protected boolean	decodeMustUnderstand(RequestData reqData)
protected boolean	decodeNamespaceQualifiedPasswordTypes(RequestData reqData)
protected void	decodeSignatureParameter(RequestData reqData)
protected void	decodeSignatureParameter2(RequestData reqData)
protected boolean	decodeTimestampPrecision(RequestData reqData)
protected boolean	decodeTimestampStrict(RequestData reqData)
int	decodeTimeToLive(RequestData reqData)
protected boolean	decodeUseEncodedPasswords(RequestData reqData)
protected boolean	decodeUseSingleCertificate(RequestData reqData)
protected void	decodeUTParameter(RequestData reqData)
protected void	doReceiverAction(int doAction, RequestData reqData)
protected void	doSenderAction(int doAction, org.w3c.dom.Document doc, RequestData reqData, Vector actions, boolean isRequest) Performs all defined security actions to set-up the SOAP request.
ClassLoader	getClassLoader(Object msgCtx) Returns the classloader to be used for loading the callback class
abstract Object	getOption(String key)
abstract String	getPassword(Object msgContext)
WSPasswordCallback	getPassword(String username, int doAction, String clsProp, String refProp, RequestData reqData) Get a password to construct a UsernameToken or sign a message.
protected javax.security.auth.callback.CallbackHandler	getPasswordCB(RequestData reqData) Get the password callback class and get an instance
abstract Object	getProperty(Object msgContext, String key)
String	getString(String key, Object mc) Looks up key first via getOption(String) and if not found there, via getProperty(Object, String)
String	getStringOption(String key) Returns the option on name.
protected Crypto	loadDecryptionCrypto(RequestData reqData) Hook to allow subclasses to load their Decryption Crypto however they see fit.
protected Crypto	loadEncryptionCrypto(RequestData reqData) Hook to allow subclasses to load their Encryption Crypto however they see fit.
Crypto	loadSignatureCrypto(RequestData reqData) Hook to allow subclasses to load their Signature Crypto however they see fit.
abstract void	setPassword(Object msgContext, String password)
abstract void	setProperty(Object msgContext, String key, Object value)
protected boolean	verifyTimestamp(Timestamp timestamp, int timeToLive) Evaluate whether a timestamp is considered valid on the receivers' side.
protected boolean	verifyTimestamp(Timestamp timestamp, int timeToLive, int futureTimeToLive) Evaluate whether a timestamp is considered valid on the receivers' side.
protected boolean	verifyTrust(X509Certificate[] certificates, RequestData reqData) Evaluate whether the given certificate chain should be trusted.
protected boolean	verifyTrust(X509Certificate cert, RequestData reqData) Evaluate whether a given certificate should be trusted.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DONE

public static String DONE

secEngine

protected static final WSSecurityEngine secEngine

cryptos

protected static Hashtable cryptos

Constructor Detail

WSHandler

public WSHandler()

Method Detail

doSenderAction

protected void doSenderAction(int doAction,
                  org.w3c.dom.Document doc,
                  RequestData reqData,
                  Vector actions,
                  boolean isRequest)
                       throws WSSecurityException

Performs all defined security actions to set-up the SOAP request.

Parameters:

doAction - a set defining the actions to do

doc - the request as DOM document

reqData - a data storage to pass values around between methods

actions - a vector holding the actions to do in the order defined in the deployment file or property

Throws:

WSSecurityException

doReceiverAction

protected void doReceiverAction(int doAction,
                    RequestData reqData)
                         throws WSSecurityException

Throws:

WSSecurityException

checkReceiverResults

protected boolean checkReceiverResults(Vector wsResult,
                           Vector actions)

checkReceiverResultsAnyOrder

protected boolean checkReceiverResultsAnyOrder(Vector wsResult,
                                   Vector actions)

checkSignatureConfirmation

protected void checkSignatureConfirmation(RequestData reqData,
                              Vector wsResult)
                                   throws WSSecurityException

Throws:

WSSecurityException

loadSignatureCrypto

public Crypto loadSignatureCrypto(RequestData reqData)
                           throws WSSecurityException

Hook to allow subclasses to load their Signature Crypto however they see fit.

Throws:

WSSecurityException

loadEncryptionCrypto

protected Crypto loadEncryptionCrypto(RequestData reqData)
                               throws WSSecurityException

Hook to allow subclasses to load their Encryption Crypto however they see fit.

Throws:

WSSecurityException

decodeUTParameter

protected void decodeUTParameter(RequestData reqData)
                          throws WSSecurityException

Throws:

WSSecurityException

decodeSignatureParameter

protected void decodeSignatureParameter(RequestData reqData)
                                 throws WSSecurityException

Throws:

WSSecurityException

decodeEncryptionParameter

protected void decodeEncryptionParameter(RequestData reqData)
                                  throws WSSecurityException

Throws:

WSSecurityException

decodeMustUnderstand

protected boolean decodeMustUnderstand(RequestData reqData)
                                throws WSSecurityException

Throws:

WSSecurityException

decodeTimeToLive

public int decodeTimeToLive(RequestData reqData)

decodeEnableSignatureConfirmation

protected boolean decodeEnableSignatureConfirmation(RequestData reqData)
                                             throws WSSecurityException

Throws:

WSSecurityException

decodeTimestampPrecision

protected boolean decodeTimestampPrecision(RequestData reqData)
                                    throws WSSecurityException

Throws:

WSSecurityException

decodeCustomPasswordTypes

protected boolean decodeCustomPasswordTypes(RequestData reqData)
                                     throws WSSecurityException

Throws:

WSSecurityException

decodeUseEncodedPasswords

protected boolean decodeUseEncodedPasswords(RequestData reqData)
                                     throws WSSecurityException

Throws:

WSSecurityException

decodeNamespaceQualifiedPasswordTypes

protected boolean decodeNamespaceQualifiedPasswordTypes(RequestData reqData)
                                                 throws WSSecurityException

Throws:

WSSecurityException

decodeTimestampStrict

protected boolean decodeTimestampStrict(RequestData reqData)
                                 throws WSSecurityException

Throws:

WSSecurityException

decodeUseSingleCertificate

protected boolean decodeUseSingleCertificate(RequestData reqData)
                                      throws WSSecurityException

Throws:

WSSecurityException

getPassword

public WSPasswordCallback getPassword(String username,
                             int doAction,
                             String clsProp,
                             String refProp,
                             RequestData reqData)
                               throws WSSecurityException

Get a password to construct a UsernameToken or sign a message.

Try all possible sources to get a password.

Throws:

WSSecurityException

loadDecryptionCrypto

protected Crypto loadDecryptionCrypto(RequestData reqData)
                               throws WSSecurityException

Hook to allow subclasses to load their Decryption Crypto however they see fit.

Throws:

WSSecurityException

decodeSignatureParameter2

protected void decodeSignatureParameter2(RequestData reqData)
                                  throws WSSecurityException

Throws:

WSSecurityException

decodeDecryptionParameter

protected void decodeDecryptionParameter(RequestData reqData)
                                  throws WSSecurityException

Throws:

WSSecurityException

getPasswordCB

protected javax.security.auth.callback.CallbackHandler getPasswordCB(RequestData reqData)
                                                              throws WSSecurityException

Get the password callback class and get an instance

Throws:

WSSecurityException

verifyTrust

protected boolean verifyTrust(X509Certificate cert,
                  RequestData reqData)
                       throws WSSecurityException

Evaluate whether a given certificate should be trusted. Hook to allow subclasses to implement custom validation methods however they see fit.

Policy used in this implementation: 1. Search the keystore for the transmitted certificate 2. Search the keystore for a connection to the transmitted certificate (that is, search for certificate(s) of the issuer of the transmitted certificate 3. Verify the trust path for those certificates found because the search for the issuer might be fooled by a phony DN (String!)

Parameters:

cert - the certificate that should be validated against the keystore

Returns:

true if the certificate is trusted, false if not (AxisFault is thrown for exceptions during CertPathValidation)

Throws:

WSSecurityException

verifyTrust

protected boolean verifyTrust(X509Certificate[] certificates,
                  RequestData reqData)
                       throws WSSecurityException

Evaluate whether the given certificate chain should be trusted.

Parameters:

certificates - the certificate chain that should be validated against the keystore

Returns:

true if the certificate chain is trusted, false if not

Throws:

WSSecurityException

verifyTimestamp

protected boolean verifyTimestamp(Timestamp timestamp,
                      int timeToLive)
                           throws WSSecurityException

Evaluate whether a timestamp is considered valid on the receivers' side. Hook to allow subclasses to implement custom validation methods however they see fit. Policy used in this implementation: 1. The receiver can set its own time to live (besides from that set on sender side) 2. If the message was created before (now-ttl) the message is rejected

Parameters:

timestamp - the timestamp that is validated

timeToLive - the limit on the receivers' side, that the timestamp is validated against

Returns:

true if the timestamp is before (now-timeToLive), false otherwise

Throws:

WSSecurityException

verifyTimestamp

protected boolean verifyTimestamp(Timestamp timestamp,
                      int timeToLive,
                      int futureTimeToLive)
                           throws WSSecurityException

Evaluate whether a timestamp is considered valid on the receivers' side. Hook to allow subclasses to implement custom validation methods however they see fit. Policy used in this implementation: 1. The receiver can set its own time to live (besides from that set on sender side) 2. If the message was created before (now-ttl) the message is rejected

Parameters:

timestamp - the timestamp that is validated

timeToLive - the limit on the receivers' side, that the timestamp is validated against

futureTimeToLive - the value in seconds for the future validity of the Created time

Returns:

true if the timestamp is before (now-timeToLive), false otherwise

Throws:

WSSecurityException

getString

public String getString(String key,
               Object mc)

Looks up key first via getOption(String) and if not found there, via getProperty(Object, String)

Parameters:

key - the key to search for. May not be null.

mc - the message context to search.

Returns:

the value found.

Throws:

IllegalArgumentException - if key is null.

getStringOption

public String getStringOption(String key)

Returns the option on name.

Parameters:

key - the non-null key of the option.

Returns:

the option on key if key exists and is of type java.lang.String; otherwise null.

getClassLoader

public ClassLoader getClassLoader(Object msgCtx)

Returns the classloader to be used for loading the callback class

Parameters:

msgCtx - The MessageContext

Returns:

class loader

getOption

public abstract Object getOption(String key)

getProperty

public abstract Object getProperty(Object msgContext,
                 String key)

setProperty

public abstract void setProperty(Object msgContext,
               String key,
               Object value)

getPassword

public abstract String getPassword(Object msgContext)

setPassword

public abstract void setPassword(Object msgContext,
               String password)