[CXF-7519] The cxf-rt-transports-http-jetty should not rely on the old blueprint...
[cxf.git] / services / sts / sts-core / src / main / java / org / apache / cxf / sts / StaticSTSProperties.java
1 /**
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19 package org.apache.cxf.sts;
20
21 import java.util.List;
22 import java.util.Properties;
23 import java.util.logging.Level;
24 import java.util.logging.Logger;
25
26 import javax.security.auth.callback.CallbackHandler;
27
28 import org.apache.cxf.Bus;
29 import org.apache.cxf.BusFactory;
30 import org.apache.cxf.common.logging.LogUtils;
31 import org.apache.cxf.resource.ResourceManager;
32 import org.apache.cxf.rt.security.utils.SecurityUtils;
33 import org.apache.cxf.sts.service.EncryptionProperties;
34 import org.apache.cxf.sts.token.realm.Relationship;
35 import org.apache.cxf.sts.token.realm.RelationshipResolver;
36 import org.apache.cxf.sts.token.realm.SAMLRealmCodec;
37 import org.apache.cxf.ws.security.sts.provider.STSException;
38 import org.apache.wss4j.common.crypto.Crypto;
39 import org.apache.wss4j.common.crypto.CryptoFactory;
40 import org.apache.wss4j.common.ext.WSSecurityException;
41 import org.apache.wss4j.dom.engine.WSSConfig;
42
43 /**
44 * A static implementation of the STSPropertiesMBean.
45 */
46 public class StaticSTSProperties implements STSPropertiesMBean {
47
48 private static final Logger LOG = LogUtils.getL7dLogger(StaticSTSProperties.class);
49
50 private CallbackHandler callbackHandler;
51 private String callbackHandlerClass;
52 private Crypto signatureCrypto;
53 private Object signatureCryptoProperties;
54 private String signatureUsername;
55 private Crypto encryptionCrypto;
56 private Object encryptionCryptoProperties;
57 private String encryptionUsername;
58 private String issuer;
59 private SignatureProperties signatureProperties = new SignatureProperties();
60 private EncryptionProperties encryptionProperties = new EncryptionProperties();
61 private RealmParser realmParser;
62 private IdentityMapper identityMapper;
63 private List<Relationship> relationships;
64 private RelationshipResolver relationshipResolver;
65 private SAMLRealmCodec samlRealmCodec;
66 private Bus bus;
67 private boolean validateUseKey = true;
68
69 /**
70 * Load the CallbackHandler, Crypto objects, if necessary.
71 */
72 public void configureProperties() throws STSException {
73 if (signatureCrypto == null && getSignatureCryptoProperties() != null) {
74 ResourceManager resourceManager = getResourceManager();
75 Properties sigProperties = SecurityUtils.loadProperties(resourceManager, getSignatureCryptoProperties());
76 if (sigProperties == null) {
77 LOG.fine("Cannot load signature properties using: " + getSignatureCryptoProperties());
78 throw new STSException("Configuration error: cannot load signature properties");
79 }
80 try {
81 signatureCrypto = CryptoFactory.getInstance(sigProperties);
82 } catch (WSSecurityException ex) {
83 LOG.fine("Error in loading the signature Crypto object: " + ex.getMessage());
84 throw new STSException(ex.getMessage());
85 }
86 }
87
88 if (encryptionCrypto == null && getEncryptionCryptoProperties() != null) {
89 ResourceManager resourceManager = getResourceManager();
90 Properties encrProperties = SecurityUtils.loadProperties(resourceManager, getEncryptionCryptoProperties());
91 if (encrProperties == null) {
92 LOG.fine("Cannot load encryption properties using: " + getEncryptionCryptoProperties());
93 throw new STSException("Configuration error: cannot load encryption properties");
94 }
95 try {
96 encryptionCrypto = CryptoFactory.getInstance(encrProperties);
97 } catch (WSSecurityException ex) {
98 LOG.fine("Error in loading the encryption Crypto object: " + ex.getMessage());
99 throw new STSException(ex.getMessage());
100 }
101 }
102
103 if (callbackHandler == null && getCallbackHandlerClass() != null) {
104 try {
105 callbackHandler = SecurityUtils.getCallbackHandler(getCallbackHandlerClass());
106 if (callbackHandler == null) {
107 LOG.fine("Cannot load CallbackHandler using: " + getCallbackHandlerClass());
108 throw new STSException("Configuration error: cannot load callback handler");
109 }
110 } catch (Exception ex) {
111 LOG.fine("Error in loading the callback handler: " + ex.getMessage());
112 throw new STSException(ex.getMessage());
113 }
114 }
115 WSSConfig.init();
116 }
117
118 private ResourceManager getResourceManager() {
119 Bus b = bus;
120 if (b == null) {
121 b = BusFactory.getThreadDefaultBus();
122 }
123 return b.getExtension(ResourceManager.class);
124 }
125
126 /**
127 * Set the CallbackHandler object.
128 * @param callbackHandler the CallbackHandler object.
129 */
130 public void setCallbackHandler(CallbackHandler callbackHandler) {
131 this.callbackHandler = callbackHandler;
132 if (LOG.isLoggable(Level.FINE)) {
133 LOG.fine("Setting callbackHandler: " + callbackHandler);
134 }
135 }
136
137 /**
138 * Set the String corresponding to the CallbackHandler class.
139 * @param callbackHandlerClass the String corresponding to the CallbackHandler class.
140 */
141 public void setCallbackHandlerClass(String callbackHandlerClass) {
142 this.callbackHandlerClass = callbackHandlerClass;
143 if (LOG.isLoggable(Level.FINE)) {
144 LOG.fine("Setting callbackHandlerClass: " + callbackHandlerClass);
145 }
146 }
147
148 public String getCallbackHandlerClass() {
149 return this.callbackHandlerClass;
150 }
151
152 /**
153 * Get the CallbackHandler object.
154 * @return the CallbackHandler object.
155 */
156 public CallbackHandler getCallbackHandler() {
157 return callbackHandler;
158 }
159
160 /**
161 * Set the signature Crypto object
162 * @param signatureCrypto the signature Crypto object
163 */
164 public void setSignatureCrypto(Crypto signatureCrypto) {
165 this.signatureCrypto = signatureCrypto;
166 }
167
168 /**
169 * Set the String corresponding to the signature Properties class
170 * @param signaturePropertiesFile the String corresponding to the signature properties file
171 */
172 @Deprecated
173 public void setSignaturePropertiesFile(String signaturePropertiesFile) {
174 setSignatureCryptoProperties(signaturePropertiesFile);
175 }
176
177 /**
178 * Set the Object corresponding to the signature Properties class. It can be a String
179 * corresponding to a filename, a Properties object, or a URL.
180 * @param signatureCryptoProperties the object corresponding to the signature properties
181 */
182 public void setSignatureCryptoProperties(Object signatureCryptoProperties) {
183 this.signatureCryptoProperties = signatureCryptoProperties;
184 if (LOG.isLoggable(Level.FINE)) {
185 LOG.fine("Setting signature crypto properties: " + signatureCryptoProperties);
186 }
187 }
188
189 public Object getSignatureCryptoProperties() {
190 return this.signatureCryptoProperties;
191 }
192
193 /**
194 * Get the signature Crypto object
195 * @return the signature Crypto object
196 */
197 public Crypto getSignatureCrypto() {
198 return signatureCrypto;
199 }
200
201 /**
202 * Set the username/alias to use to sign any issued tokens
203 * @param signatureUsername the username/alias to use to sign any issued tokens
204 */
205 public void setSignatureUsername(String signatureUsername) {
206 this.signatureUsername = signatureUsername;
207 if (LOG.isLoggable(Level.FINE)) {
208 LOG.fine("Setting signatureUsername: " + signatureUsername);
209 }
210 }
211
212 /**
213 * Get the username/alias to use to sign any issued tokens
214 * @return the username/alias to use to sign any issued tokens
215 */
216 public String getSignatureUsername() {
217 return signatureUsername;
218 }
219
220 /**
221 * Set the encryption Crypto object
222 * @param encryptionCrypto the encryption Crypto object
223 */
224 public void setEncryptionCrypto(Crypto encryptionCrypto) {
225 this.encryptionCrypto = encryptionCrypto;
226 }
227
228 /**
229 * Set the String corresponding to the encryption Properties class
230 * @param signaturePropertiesFile the String corresponding to the encryption properties file
231 */
232 @Deprecated
233 public void setEncryptionPropertiesFile(String encryptionPropertiesFile) {
234 setEncryptionCryptoProperties(encryptionPropertiesFile);
235 }
236
237 /**
238 * Set the Object corresponding to the encryption Properties class. It can be a String
239 * corresponding to a filename, a Properties object, or a URL.
240 * @param encryptionCryptoProperties the object corresponding to the encryption properties
241 */
242 public void setEncryptionCryptoProperties(Object encryptionCryptoProperties) {
243 this.encryptionCryptoProperties = encryptionCryptoProperties;
244 if (LOG.isLoggable(Level.FINE)) {
245 LOG.fine("Setting encryptionProperties: " + encryptionCryptoProperties);
246 }
247 }
248
249 public Object getEncryptionCryptoProperties() {
250 return this.encryptionCryptoProperties;
251 }
252
253 /**
254 * Get the encryption Crypto object
255 * @return the encryption Crypto object
256 */
257 public Crypto getEncryptionCrypto() {
258 return encryptionCrypto;
259 }
260
261 /**
262 * Set the username/alias to use to encrypt any issued tokens. This is a default value - it
263 * can be configured per Service in the ServiceMBean.
264 * @param encryptionUsername the username/alias to use to encrypt any issued tokens
265 */
266 public void setEncryptionUsername(String encryptionUsername) {
267 this.encryptionUsername = encryptionUsername;
268 if (LOG.isLoggable(Level.FINE)) {
269 LOG.fine("Setting encryptionUsername: " + encryptionUsername);
270 }
271 }
272
273 /**
274 * Get the username/alias to use to encrypt any issued tokens. This is a default value - it
275 * can be configured per Service in the ServiceMBean
276 * @return the username/alias to use to encrypt any issued tokens
277 */
278 public String getEncryptionUsername() {
279 return encryptionUsername;
280 }
281
282 /**
283 * Set the EncryptionProperties to use.
284 * @param encryptionProperties the EncryptionProperties to use.
285 */
286 public void setEncryptionProperties(EncryptionProperties encryptionProperties) {
287 this.encryptionProperties = encryptionProperties;
288 }
289
290 /**
291 * Get the EncryptionProperties to use.
292 * @return the EncryptionProperties to use.
293 */
294 public EncryptionProperties getEncryptionProperties() {
295 return encryptionProperties;
296 }
297
298 /**
299 * Set the STS issuer name
300 * @param issuer the STS issuer name
301 */
302 public void setIssuer(String issuer) {
303 this.issuer = issuer;
304 if (LOG.isLoggable(Level.FINE)) {
305 LOG.fine("Setting issuer: " + issuer);
306 }
307 }
308
309 /**
310 * Get the STS issuer name
311 * @return the STS issuer name
312 */
313 public String getIssuer() {
314 return issuer;
315 }
316
317 /**
318 * Set the SignatureProperties to use.
319 * @param signatureProperties the SignatureProperties to use.
320 */
321 public void setSignatureProperties(SignatureProperties signatureProperties) {
322 this.signatureProperties = signatureProperties;
323 }
324
325 /**
326 * Get the SignatureProperties to use.
327 * @return the SignatureProperties to use.
328 */
329 public SignatureProperties getSignatureProperties() {
330 return signatureProperties;
331 }
332
333 /**
334 * Set the RealmParser object to use.
335 * @param realmParser the RealmParser object to use.
336 */
337 public void setRealmParser(RealmParser realmParser) {
338 this.realmParser = realmParser;
339 }
340
341 /**
342 * Get the RealmParser object to use.
343 * @return the RealmParser object to use.
344 */
345 public RealmParser getRealmParser() {
346 return realmParser;
347 }
348
349 /**
350 * Set the IdentityMapper object to use.
351 * @param identityMapper the IdentityMapper object to use.
352 */
353 public void setIdentityMapper(IdentityMapper identityMapper) {
354 this.identityMapper = identityMapper;
355 }
356
357 /**
358 * Get the IdentityMapper object to use.
359 * @return the IdentityMapper object to use.
360 */
361 public IdentityMapper getIdentityMapper() {
362 return identityMapper;
363 }
364
365 public void setRelationships(List<Relationship> relationships) {
366 this.relationships = relationships;
367 this.relationshipResolver = new RelationshipResolver(this.relationships);
368 }
369
370 public List<Relationship> getRelationships() {
371 return relationships;
372 }
373
374 public RelationshipResolver getRelationshipResolver() {
375 return relationshipResolver;
376 }
377
378 public SAMLRealmCodec getSamlRealmCodec() {
379 return samlRealmCodec;
380 }
381
382 public void setSamlRealmCodec(SAMLRealmCodec samlRealmCodec) {
383 this.samlRealmCodec = samlRealmCodec;
384 }
385
386 public Bus getBus() {
387 return bus;
388 }
389
390 public void setBus(Bus bus) {
391 this.bus = bus;
392 }
393
394 /**
395 * Get whether to validate a client Public Key or Certificate presented as part of a
396 * UseKey element. This is true by default.
397 */
398 public boolean isValidateUseKey() {
399 return validateUseKey;
400 }
401
402 /**
403 * Set whether to validate a client Public Key or Certificate presented as part of a
404 * UseKey element. If this is set to true (the default), the public key must be trusted
405 * by the Signature Crypto of the STS.
406 *
407 * @param validateUseKey whether to validate a client UseKey or not.
408 */
409 public void setValidateUseKey(boolean validateUseKey) {
410 this.validateUseKey = validateUseKey;
411 }
412 }