c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * Copyright (c) 2016 ForgeRock AS. All Rights Reserved
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * The contents of this file are subject to the terms
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * of the Common Development and Distribution License
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * (the License). You may not use this file except in
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * compliance with the License.
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * You can obtain a copy of the License at legal/CDDLv1.0.txt.
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * See the License for the specific language governing
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * permission and limitations under the License.
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * When distributing Covered Code, include this CDDL
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * Header Notice in each file and include the License file at legal/CDDLv1.0.txt.
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * If applicable, add the following below the CDDL Header,
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * with the fields enclosed by brackets [] replaced by
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * your own identifying information:
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * "Portions Copyrighted [year] [name of copyright owner]"
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmithpackage com.forgerock.openam.functionaltest.sts.frmwk.soap;
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * Encapsulates the Crypto state for a published soap-sts instance. An instance of this class will be passed to the
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * SoapSTSIntegrationTestModule to guide the SoapSTSKeystoreConfig created for published soap-sts instances in the
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * SoapSTSInstanceConfigFactory. This class is an analogue to the SoapSTSClientCryptoState class. Both ultimately inform
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * the CallbackHandler passed to the CXF runtime, which will be asked to provide the crypto context necessary to satisfy
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * the SecurityPolicy bindings regulating access to published soap-sts instances.
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith public static class SoapSTSServerCryptoStateBuilder {
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith private SoapSTSServerCryptoStateBuilder() {}
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * @param keystoreLocation location of keystore, in classpath or filesystem
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * @return builder
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith public SoapSTSServerCryptoStateBuilder keystoreLocation(String keystoreLocation) {
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * @param keystorePassword keystore password. Note for two-way TLS, the server's private key entry password,
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * and the keystore password must be the same
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * @return builder
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith public SoapSTSServerCryptoStateBuilder keystorePassword(String keystorePassword) {
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * In a asymmetric binding, messages from server to client will be encrypted with the server's public key, and thus
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * he alias to the server's private key entry must be specified.
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * @param decryptionKeyAlias alias of server's private key
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * @return builder
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith public SoapSTSServerCryptoStateBuilder decryptionKeyAlias(String decryptionKeyAlias) {
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith this.decryptionKeyAlias = decryptionKeyAlias;
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * In a asymmetric binding, messages from server to client will be encrypted with the server's public key, and thus
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith *the password to the server's private key entry must be specified.
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * @param decryptionKeyPassword password to server's private key
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * @return builder
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith public SoapSTSServerCryptoStateBuilder decryptionKeyPassword(String decryptionKeyPassword) {
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith this.decryptionKeyPassword = decryptionKeyPassword;
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * In a asymmetric binding, messages from server to client must be signed by the server's private key as identified
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * by this alias.
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * @param signatureKeyAlias alias to server's private key
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * @return builder
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith public SoapSTSServerCryptoStateBuilder signatureKeyAlias(String signatureKeyAlias) {
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * In a asymmetric binding, messages from server to client must be signed by the server's private key - this is the
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * password for the key alias immediately above
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * @param signatureKeyPassword password for server's private key
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith * @return builder
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith public SoapSTSServerCryptoStateBuilder signatureKeyPassword(String signatureKeyPassword) {
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith this.signatureKeyPassword = signatureKeyPassword;
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith private SoapSTSServerCryptoState(SoapSTSServerCryptoStateBuilder builder) {
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith this.keystoreLocation = builder.keystoreLocation;
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith this.keystorePassword = builder.keystorePassword;
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith this.decryptionKeyAlias = builder.decryptionKeyAlias;
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith this.decryptionKeyPassword = builder.decryptionKeyPassword;
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith this.signatureKeyAlias = builder.signatureKeyAlias;
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith this.signatureKeyPassword = builder.signatureKeyPassword;
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith public static SoapSTSServerCryptoStateBuilder builder() {
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith return new SoapSTSServerCryptoStateBuilder();
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith public static SoapSTSServerCryptoState defaultSoapSTSServerCryptoState() {
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith // the deployable soap-sts .war file will be created with the sts-example-server .jks packaged at root of
c1bef59b02d89a84c23d29663cc4e6d46148ebd2David Goldsmith // classpath in .war file