/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2016 ForgeRock AS. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt.
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file at legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
*/
package com.forgerock.openam.functionaltest.sts.frmwk.soap;
/**
* Encapsulates the Crypto state for a published soap-sts instance. An instance of this class will be passed to the
* SoapSTSIntegrationTestModule to guide the SoapSTSKeystoreConfig created for published soap-sts instances in the
* SoapSTSInstanceConfigFactory. This class is an analogue to the SoapSTSClientCryptoState class. Both ultimately inform
* the CallbackHandler passed to the CXF runtime, which will be asked to provide the crypto context necessary to satisfy
* the SecurityPolicy bindings regulating access to published soap-sts instances.
*/
public class SoapSTSServerCryptoState {
public static class SoapSTSServerCryptoStateBuilder {
private String keystoreLocation;
private String keystorePassword;
private String decryptionKeyAlias;
private String decryptionKeyPassword;
private String signatureKeyAlias;
private String signatureKeyPassword;
private SoapSTSServerCryptoStateBuilder() {}
/**
*
* @param keystoreLocation location of keystore, in classpath or filesystem
* @return builder
*/
public SoapSTSServerCryptoStateBuilder keystoreLocation(String keystoreLocation) {
this.keystoreLocation = keystoreLocation;
return this;
}
/**
*
* @param keystorePassword keystore password. Note for two-way TLS, the server's private key entry password,
* and the keystore password must be the same
* @return builder
*/
public SoapSTSServerCryptoStateBuilder keystorePassword(String keystorePassword) {
this.keystorePassword = keystorePassword;
return this;
}
/**
* In a asymmetric binding, messages from server to client will be encrypted with the server's public key, and thus
* he alias to the server's private key entry must be specified.
* @param decryptionKeyAlias alias of server's private key
* @return builder
*/
public SoapSTSServerCryptoStateBuilder decryptionKeyAlias(String decryptionKeyAlias) {
this.decryptionKeyAlias = decryptionKeyAlias;
return this;
}
/**
* In a asymmetric binding, messages from server to client will be encrypted with the server's public key, and thus
*the password to the server's private key entry must be specified.
* @param decryptionKeyPassword password to server's private key
* @return builder
*/
public SoapSTSServerCryptoStateBuilder decryptionKeyPassword(String decryptionKeyPassword) {
this.decryptionKeyPassword = decryptionKeyPassword;
return this;
}
/**
* In a asymmetric binding, messages from server to client must be signed by the server's private key as identified
* by this alias.
* @param signatureKeyAlias alias to server's private key
* @return builder
*/
public SoapSTSServerCryptoStateBuilder signatureKeyAlias(String signatureKeyAlias) {
this.signatureKeyAlias = signatureKeyAlias;
return this;
}
/**
* In a asymmetric binding, messages from server to client must be signed by the server's private key - this is the
* password for the key alias immediately above
* @param signatureKeyPassword password for server's private key
* @return builder
*/
public SoapSTSServerCryptoStateBuilder signatureKeyPassword(String signatureKeyPassword) {
this.signatureKeyPassword = signatureKeyPassword;
return this;
}
public SoapSTSServerCryptoState build() {
return new SoapSTSServerCryptoState(this);
}
}
private final String keystoreLocation;
private final String keystorePassword;
private final String decryptionKeyAlias;
private final String decryptionKeyPassword;
private final String signatureKeyAlias;
private final String signatureKeyPassword;
private SoapSTSServerCryptoState(SoapSTSServerCryptoStateBuilder builder) {
this.keystoreLocation = builder.keystoreLocation;
this.keystorePassword = builder.keystorePassword;
this.decryptionKeyAlias = builder.decryptionKeyAlias;
this.decryptionKeyPassword = builder.decryptionKeyPassword;
this.signatureKeyAlias = builder.signatureKeyAlias;
this.signatureKeyPassword = builder.signatureKeyPassword;
}
public static SoapSTSServerCryptoStateBuilder builder() {
return new SoapSTSServerCryptoStateBuilder();
}
public String getKeystoreLocation() {
return keystoreLocation;
}
public String getKeystorePassword() {
return keystorePassword;
}
public String getDecryptionKeyAlias() {
return decryptionKeyAlias;
}
public String getDecryptionKeyPassword() {
return decryptionKeyPassword;
}
public String getSignatureKeyAlias() {
return signatureKeyAlias;
}
public String getSignatureKeyPassword() {
return signatureKeyPassword;
}
public static SoapSTSServerCryptoState defaultSoapSTSServerCryptoState() {
// the deployable soap-sts .war file will be created with the sts-example-server .jks packaged at root of
// classpath in .war file
return SoapSTSServerCryptoState.builder()
.keystoreLocation("sts-example-server.jks")
.keystorePassword("password")
.decryptionKeyAlias("sts-example-server")
.decryptionKeyPassword("password")
.signatureKeyAlias("sts-example-server")
.signatureKeyPassword("password")
.build();
}
}