com.ibm.websphere.wssecurity.callbackhandler
Class X509ConsumeCallbackHandler
- java.lang.Object
-
- com.ibm.websphere.wssecurity.callbackhandler.X509ConsumeCallbackHandler
-
- All Implemented Interfaces:
- java.io.Serializable, javax.security.auth.callback.CallbackHandler
public class X509ConsumeCallbackHandler extends java.lang.Object implements javax.security.auth.callback.CallbackHandler, java.io.Serializable
This class is a callback handler for user name token in consumer side. This instance is used to generate WSSVerification object and WSSDecryption object, set into WSSConsumingContext object to validate a X.509 binary security token.
Following are the sample code to configure the X509 token for verification and decryption.
- Sample code of verification
-
// generate certStore String certpath = "intca2.cer";// The location of the X509 certificate file X509Certificate x509cert = null; try { InputStream is = new FileInputStream(certpath); CertificateFactory cf = CertificateFactory.getInstance("X.509"); x509cert = (X509Certificate)cf.generateCertificate(is); } catch(FileNotFoundException e1){ e1.printStackTrace(); } catch (CertificateException e2) { e2.printStackTrace(); } Set<Object> eeCerts = new HashSet<Object>(); eeCerts.add(x509cert); // generate certStore java.util.List<CertStore> certList = new java.util.ArrayList<CertStore>(); CollectionCertStoreParameters certparam = new CollectionCertStoreParameters(eeCerts); CertStore cert = null; try { cert = CertStore.getInstance("Collection", certparam, "IBMCertPath"); } catch (NoSuchProviderException e1) { e1.printStackTrace(); } catch (InvalidAlgorithmParameterException e2) { e2.printStackTrace(); } catch (NoSuchAlgorithmException e3) { e3.printStackTrace(); } if(certList != null ){ certList.add(cert); } // generate the callback handler object X509ConsumeCallbackHandler callbackhandler = new X509ConsumeCallbackHandler( "dsig-receiver.ks", // keystore "jks", // keystore type "server".toCharArray(), // keystore password certList, // certificate list java.security.Security.getProvider("IBMCertPath") //provider );
- Sample code of decryption
-
X509ConsumeCallbackHandler callbackhandler = new X509ConsumeCallbackHandler( "", // cert list "enc-sender.jceks", // keystore "jceks", // keystore type "storepass".toCharArray(), // store password "alice", // alias "keypass".toCharArray(), // key password "CN=Alice, O=IBM, C=US" // subject name );
-
-
Constructor Summary
Constructors Constructor and Description X509ConsumeCallbackHandler()
Class constructor.X509ConsumeCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
Class constructor.X509ConsumeCallbackHandler(java.lang.String trustAnchorPath, java.lang.String trustAnchorType, char[] trustAnchorPassword, java.util.List certStores, java.security.Provider provider)
Class constructor.X509ConsumeCallbackHandler(java.lang.String keyStoreRef, java.lang.String keyStorePath, java.lang.String keyStoreType, char[] keyStorePassword, java.lang.String alias, char[] keyPassword, java.lang.String keyName)
Class constructor.X509ConsumeCallbackHandler(java.lang.String keyStoreRef, java.lang.String keyStorePath, java.lang.String keyStoreType, char[] keyStorePassword, java.lang.String alias, char[] keyPassword, java.lang.String keyName, java.lang.String trustAnchorPath, java.lang.String trustAnchorType, char[] trustAnchorPassword, java.util.List certStores, java.security.Provider provider)
Class constructor.
-
Method Summary
Methods Modifier and Type Method and Description void
handle(javax.security.auth.callback.Callback[] callbacks)
Sets necessary information to aX509ConsumeCallback
object.
-
-
-
Constructor Detail
-
X509ConsumeCallbackHandler
public X509ConsumeCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
Class constructor.- Parameters:
properties
- map including key-value pairs
-
X509ConsumeCallbackHandler
public X509ConsumeCallbackHandler(java.lang.String keyStoreRef, java.lang.String keyStorePath, java.lang.String keyStoreType, char[] keyStorePassword, java.lang.String alias, char[] keyPassword, java.lang.String keyName, java.lang.String trustAnchorPath, java.lang.String trustAnchorType, char[] trustAnchorPassword, java.util.List certStores, java.security.Provider provider)
Class constructor.- Parameters:
keyStoreRef
- reference name of the keystore used for key locatorkeyStorePath
- file path from which the keystore used for key locator is loadedkeyStorePassword
- password used to check the integrity of the keystore used for key locator or the password used to unlock the keystorekeyStoreType
- type of the keystore used for key locatoralias
- alias namekeyPassword
- password for recovering the keykeyName
- name of the keytrustAnchorPath
- file path from which the trust anchor is loadedtrustAnchorType
- type of the trust anchortrustAnchorPassword
- password used to check the integrity of the trust anchor or the password used to unlock the keystorecertStores
- list of certificate storesprovider
- ecurity provider
-
X509ConsumeCallbackHandler
public X509ConsumeCallbackHandler(java.lang.String keyStoreRef, java.lang.String keyStorePath, java.lang.String keyStoreType, char[] keyStorePassword, java.lang.String alias, char[] keyPassword, java.lang.String keyName)
Class constructor.- Parameters:
keyStoreRef
- reference name of the keystore used for key locatorkeyStorePath
- file path from which the keystore used for key locator is loadedkeyStorePassword
- password used to check the integrity of the keystore used for key locator or the password used to unlock the keystorekeyStoreType
- type of the keystore used for key locatoralias
- alias namekeyPassword
- password for recovering the keykeyName
- name of the key
-
X509ConsumeCallbackHandler
public X509ConsumeCallbackHandler(java.lang.String trustAnchorPath, java.lang.String trustAnchorType, char[] trustAnchorPassword, java.util.List certStores, java.security.Provider provider)
Class constructor.- Parameters:
trustAnchorPath
- file path from which the trust anchor is loadedtrustAnchorPassword
- password used to check the integrity of the trust anchor or the password used to unlock the keystoretrustAnchorType
- type of the trust anchor
-
X509ConsumeCallbackHandler
public X509ConsumeCallbackHandler()
Class constructor.
-
-
Method Detail
-
handle
public void handle(javax.security.auth.callback.Callback[] callbacks) throws java.io.IOException, javax.security.auth.callback.UnsupportedCallbackException
Sets necessary information to aX509ConsumeCallback
object.- Specified by:
handle
in interfacejavax.security.auth.callback.CallbackHandler
- Parameters:
callbacks
- array ofCallback
objects provided by the underlying security service which contains the information requested to be retrieved or displayed.- Throws:
java.io.IOException
- if an input or output error occurs.javax.security.auth.callback.UnsupportedCallbackException
- if the implementation of this method does not support one or more of theCallback
s specified in the callbacks parameter.- See Also:
CallbackHandler.handle(javax.security.auth.callback.Callback[])
-
-