| java.lang.Object org.springframework.ws.soap.security.xwss.callback.AbstractCallbackHandler org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler
KeyStoreCallbackHandler | public class KeyStoreCallbackHandler extends CryptographyCallbackHandler implements InitializingBean(Code) | | Callback handler that uses Java Security KeyStore s to handle cryptographic callbacks. Allows for
specific key stores to be set for various cryptographic operations.
This handler requires one or more key stores to be set. You can configure them in your application context by using a
KeyStoreFactoryBean . The exact stores to be set depends on the cryptographic operations that are to be
performed by this handler. The table underneath show the key store to be used for each operation:
Cryptographic operation | Key store used |
Certificate validation | first keyStore , then trustStore |
Decryption based on private key | keyStore | Decryption based on symmetric
key | symmetricStore | Encryption based on certificate |
trustStore | Encryption based on symmetric key |
symmetricStore | Signing | keyStore |
Signature verification | trustStore |
Default key stores If the symmetricStore is not set, it will default to the
keyStore . If the key or trust store is not set, this handler will use the standard Java mechanism to
load or create it. See
KeyStoreCallbackHandler.loadDefaultKeyStore() and
KeyStoreCallbackHandler.loadDefaultTrustStore() .
Examples For instance, if you want to use the KeyStoreCallbackHandler to validate incoming
certificates or signatures, you would use a trust store, like so:
<bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
<property name="trustStore" ref="trustStore"/>
</bean>
<bean id="trustStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
<property name="location" value="classpath:truststore.jks"/>
<property name="password" value="changeit"/>
</bean>
If you want to use it to decrypt incoming certificates or sign outgoing messages, you would use a key store, like
so:
<bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
<property name="keyStore" ref="keyStore"/>
<property name="privateKeyPassword" value="changeit"/>
</bean>
<bean id="keyStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
<property name="location" value="classpath:keystore.jks"/>
<property name="password" value="changeit"/>
</bean>
Handled callbacks This class handles CertificateValidationCallback s,
DecryptionKeyCallback s, EncryptionKeyCallback s, SignatureKeyCallback s, and
SignatureVerificationKeyCallback s. It throws an UnsupportedCallbackException for others.
author: Arjen Poutsma See Also: KeyStore See Also: org.springframework.ws.soap.security.support.KeyStoreFactoryBean See Also: CertificateValidationCallback See Also: DecryptionKeyCallback See Also: EncryptionKeyCallback See Also: SignatureKeyCallback See Also: SignatureVerificationKeyCallback See Also: The
* standard Java trust store mechanism |
Method Summary | |
public void | afterPropertiesSet() | protected X509Certificate | getCertificate(String alias) | protected X509Certificate | getCertificate(PublicKey pk) | protected X509Certificate | getCertificateFromTrustStore(String alias) | protected X509Certificate | getCertificateFromTrustStore(byte[] subjectKeyIdentifier) | protected X509Certificate | getCertificateFromTrustStore(PublicKey pk) | protected X509Certificate | getCertificateFromTrustStore(String issuerName, BigInteger serialNumber) | protected PrivateKey | getPrivateKey(String alias) | protected PrivateKey | getPrivateKey(PublicKey publicKey) | protected PrivateKey | getPrivateKey(X509Certificate certificate) | protected PrivateKey | getPrivateKey(byte[] keyIdentifier) | protected PrivateKey | getPrivateKey(String issuerName, BigInteger serialNumber) | final protected byte[] | getSubjectKeyIdentifier(X509Certificate cert) | protected SecretKey | getSymmetricKey(String alias) | final protected void | handleAliasPrivKeyCertRequest(SignatureKeyCallback callback, SignatureKeyCallback.AliasPrivKeyCertRequest request) | final protected void | handleAliasSymmetricKeyRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.AliasSymmetricKeyRequest request) | final protected void | handleAliasSymmetricKeyRequest(EncryptionKeyCallback callback, EncryptionKeyCallback.AliasSymmetricKeyRequest request) | final protected void | handleAliasX509CertificateRequest(EncryptionKeyCallback callback, EncryptionKeyCallback.AliasX509CertificateRequest request) | final protected void | handleCertificateValidationCallback(CertificateValidationCallback callback) | final protected void | handleDefaultPrivKeyCertRequest(SignatureKeyCallback callback, SignatureKeyCallback.DefaultPrivKeyCertRequest request) | final protected void | handleDefaultX509CertificateRequest(EncryptionKeyCallback callback, EncryptionKeyCallback.DefaultX509CertificateRequest request) | final protected void | handlePublicKeyBasedPrivKeyCertRequest(SignatureKeyCallback callback, SignatureKeyCallback.PublicKeyBasedPrivKeyCertRequest request) | final protected void | handlePublicKeyBasedPrivKeyRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest request) | final protected void | handlePublicKeyBasedRequest(EncryptionKeyCallback callback, EncryptionKeyCallback.PublicKeyBasedRequest request) | final protected void | handlePublicKeyBasedRequest(SignatureVerificationKeyCallback callback, SignatureVerificationKeyCallback.PublicKeyBasedRequest request) | final protected void | handleX509CertificateBasedRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.X509CertificateBasedRequest request) | final protected void | handleX509IssuerSerialBasedRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.X509IssuerSerialBasedRequest request) | final protected void | handleX509IssuerSerialBasedRequest(SignatureVerificationKeyCallback callback, SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest request) | final protected void | handleX509SubjectKeyIdentifierBasedRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest request) | final protected void | handleX509SubjectKeyIdentifierBasedRequest(SignatureVerificationKeyCallback callback, SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest request) | protected void | loadDefaultKeyStore() Loads the key store indicated by system properties. | protected void | loadDefaultTrustStore() Loads a default trust store. | public void | setDefaultAlias(String defaultAlias) Sets the key store alias for the default certificate and private key. | public void | setKeyStore(KeyStore keyStore) Sets the default key store. | public void | setPrivateKeyPassword(String privateKeyPassword) Sets the password used to retrieve private keys from the keystore. | public void | setSymmetricKeyPassword(String symmetricKeyPassword) Sets the password used to retrieve keys from the symmetric keystore. | public void | setSymmetricStore(KeyStore symmetricStore) Sets the key store used for encryption and decryption using symmetric keys. | public void | setTrustStore(KeyStore trustStore) Sets the key store used for signature verifications and encryptions. |
handleAliasPrivKeyCertRequest | final protected void handleAliasPrivKeyCertRequest(SignatureKeyCallback callback, SignatureKeyCallback.AliasPrivKeyCertRequest request) throws IOException(Code) | | |
handleAliasSymmetricKeyRequest | final protected void handleAliasSymmetricKeyRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.AliasSymmetricKeyRequest request) throws IOException(Code) | | |
handleAliasSymmetricKeyRequest | final protected void handleAliasSymmetricKeyRequest(EncryptionKeyCallback callback, EncryptionKeyCallback.AliasSymmetricKeyRequest request) throws IOException(Code) | | |
handleAliasX509CertificateRequest | final protected void handleAliasX509CertificateRequest(EncryptionKeyCallback callback, EncryptionKeyCallback.AliasX509CertificateRequest request) throws IOException(Code) | | |
handleCertificateValidationCallback | final protected void handleCertificateValidationCallback(CertificateValidationCallback callback)(Code) | | |
handleDefaultPrivKeyCertRequest | final protected void handleDefaultPrivKeyCertRequest(SignatureKeyCallback callback, SignatureKeyCallback.DefaultPrivKeyCertRequest request) throws IOException(Code) | | |
handleDefaultX509CertificateRequest | final protected void handleDefaultX509CertificateRequest(EncryptionKeyCallback callback, EncryptionKeyCallback.DefaultX509CertificateRequest request) throws IOException(Code) | | |
handlePublicKeyBasedPrivKeyCertRequest | final protected void handlePublicKeyBasedPrivKeyCertRequest(SignatureKeyCallback callback, SignatureKeyCallback.PublicKeyBasedPrivKeyCertRequest request) throws IOException(Code) | | |
handlePublicKeyBasedPrivKeyRequest | final protected void handlePublicKeyBasedPrivKeyRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest request) throws IOException(Code) | | |
handlePublicKeyBasedRequest | final protected void handlePublicKeyBasedRequest(EncryptionKeyCallback callback, EncryptionKeyCallback.PublicKeyBasedRequest request) throws IOException(Code) | | |
handlePublicKeyBasedRequest | final protected void handlePublicKeyBasedRequest(SignatureVerificationKeyCallback callback, SignatureVerificationKeyCallback.PublicKeyBasedRequest request) throws IOException(Code) | | |
handleX509CertificateBasedRequest | final protected void handleX509CertificateBasedRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.X509CertificateBasedRequest request) throws IOException(Code) | | |
handleX509IssuerSerialBasedRequest | final protected void handleX509IssuerSerialBasedRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.X509IssuerSerialBasedRequest request) throws IOException(Code) | | |
handleX509IssuerSerialBasedRequest | final protected void handleX509IssuerSerialBasedRequest(SignatureVerificationKeyCallback callback, SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest request) throws IOException(Code) | | |
handleX509SubjectKeyIdentifierBasedRequest | final protected void handleX509SubjectKeyIdentifierBasedRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest request) throws IOException(Code) | | |
handleX509SubjectKeyIdentifierBasedRequest | final protected void handleX509SubjectKeyIdentifierBasedRequest(SignatureVerificationKeyCallback callback, SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest request) throws IOException(Code) | | |
loadDefaultKeyStore | protected void loadDefaultKeyStore()(Code) | | Loads the key store indicated by system properties. This method tries to load a key store by consulting the
following system properties:javax.net.ssl.keyStore , javax.net.ssl.keyStorePassword , and
javax.net.ssl.keyStoreType .
If these properties specify a file with an appropriate password, the factory uses this file for the key store. If
that file does not exist, then a default, empty keystore is created.
This behavior corresponds to the standard J2SDK behavior for SSL key stores.
See Also: The
* standard J2SDK SSL key store mechanism |
loadDefaultTrustStore | protected void loadDefaultTrustStore()(Code) | | Loads a default trust store. This method uses the following algorithm: - If the system property
javax.net.ssl.trustStore is defined, its value is loaded. If the
javax.net.ssl.trustStorePassword system property is also defined, its value is used as a password.
If the javax.net.ssl.trustStoreType system property is defined, its value is used as a key store
type.
If javax.net.ssl.trustStore is defined but the specified file does not exist, then a default, empty
trust store is created. - If the
javax.net.ssl.trustStore system property was not
specified, but if the file $JAVA_HOME/lib/security/jssecacerts exists, that file is used.
Otherwise, - If the file
$JAVA_HOME/lib/security/cacerts exists, that file is used.
This behavior corresponds to the standard J2SDK behavior for SSL trust stores.
See Also: The
* standard J2SDK SSL trust store mechanism |
setDefaultAlias | public void setDefaultAlias(String defaultAlias)(Code) | | Sets the key store alias for the default certificate and private key.
|
setPrivateKeyPassword | public void setPrivateKeyPassword(String privateKeyPassword)(Code) | | Sets the password used to retrieve private keys from the keystore. This property is required for decription based
on private keys, and signing.
|
Methods inherited from org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler | protected void handleAliasPrivKeyCertRequest(SignatureKeyCallback callback, SignatureKeyCallback.AliasPrivKeyCertRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) protected void handleAliasSymmetricKeyRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.AliasSymmetricKeyRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) protected void handleAliasSymmetricKeyRequest(EncryptionKeyCallback callback, EncryptionKeyCallback.AliasSymmetricKeyRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) protected void handleAliasX509CertificateRequest(EncryptionKeyCallback callback, EncryptionKeyCallback.AliasX509CertificateRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) protected void handleCertificateValidationCallback(CertificateValidationCallback callback) throws IOException, UnsupportedCallbackException(Code)(Java Doc) final protected void handleDecryptionKeyCallback(DecryptionKeyCallback callback) throws IOException, UnsupportedCallbackException(Code)(Java Doc) protected void handleDefaultPrivKeyCertRequest(SignatureKeyCallback callback, SignatureKeyCallback.DefaultPrivKeyCertRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) protected void handleDefaultX509CertificateRequest(EncryptionKeyCallback callback, EncryptionKeyCallback.DefaultX509CertificateRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) final protected void handleEncryptionKeyCallback(EncryptionKeyCallback callback) throws IOException, UnsupportedCallbackException(Code)(Java Doc) final protected void handleInternal(Callback callback) throws IOException, UnsupportedCallbackException(Code)(Java Doc) final protected void handlePrivKeyCertRequest(SignatureKeyCallback cb, SignatureKeyCallback.PrivKeyCertRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) final protected void handlePrivateKeyRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.PrivateKeyRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) protected void handlePublicKeyBasedPrivKeyCertRequest(SignatureKeyCallback callback, SignatureKeyCallback.PublicKeyBasedPrivKeyCertRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) protected void handlePublicKeyBasedPrivKeyRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) protected void handlePublicKeyBasedRequest(EncryptionKeyCallback callback, EncryptionKeyCallback.PublicKeyBasedRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) protected void handlePublicKeyBasedRequest(SignatureVerificationKeyCallback callback, SignatureVerificationKeyCallback.PublicKeyBasedRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) final protected void handleSignatureKeyCallback(SignatureKeyCallback callback) throws IOException, UnsupportedCallbackException(Code)(Java Doc) final protected void handleSignatureVerificationKeyCallback(SignatureVerificationKeyCallback callback) throws UnsupportedCallbackException, IOException(Code)(Java Doc) final protected void handleSymmetricKeyRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.SymmetricKeyRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) final protected void handleSymmetricKeyRequest(EncryptionKeyCallback callback, EncryptionKeyCallback.SymmetricKeyRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) protected void handleX509CertificateBasedRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.X509CertificateBasedRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) final protected void handleX509CertificateRequest(EncryptionKeyCallback callback, EncryptionKeyCallback.X509CertificateRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) final protected void handleX509CertificateRequest(SignatureVerificationKeyCallback callback, SignatureVerificationKeyCallback.X509CertificateRequest request) throws UnsupportedCallbackException, IOException(Code)(Java Doc) protected void handleX509IssuerSerialBasedRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.X509IssuerSerialBasedRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) protected void handleX509IssuerSerialBasedRequest(SignatureVerificationKeyCallback callback, SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) protected void handleX509SubjectKeyIdentifierBasedRequest(DecryptionKeyCallback callback, DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc) protected void handleX509SubjectKeyIdentifierBasedRequest(SignatureVerificationKeyCallback callback, SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest request) throws IOException, UnsupportedCallbackException(Code)(Java Doc)
|
Fields inherited from org.springframework.ws.soap.security.xwss.callback.AbstractCallbackHandler | final protected Log logger(Code)(Java Doc)
|
|
|