com.ibm.websphere.wssecurity.callbackhandler

Class X509ConsumeCallbackHandler

java.lang.Object

com.ibm.websphere.wssecurity.callbackhandler.X509ConsumeCallbackHandler

All Implemented Interfaces:

java.io.Serializable, javax.security.auth.callback.CallbackHandler

public class X509ConsumeCallbackHandler
extends java.lang.Object
implements javax.security.auth.callback.CallbackHandler, java.io.Serializable

This class is a callback handler for user name token in consumer side. This instance is used to generate WSSVerification object and WSSDecryption object, set into WSSConsumingContext object to validate a X.509 binary security token.
Following are the sample code to configure the X509 token for verification and decryption.

Sample code of verification

   // generate certStore
   String certpath = "intca2.cer";// The location of the X509 certificate file
   X509Certificate x509cert = null;
    try {
        InputStream is = new FileInputStream(certpath);
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        x509cert = (X509Certificate)cf.generateCertificate(is);
    } catch(FileNotFoundException e1){
      e1.printStackTrace();
    } catch (CertificateException e2) {
      e2.printStackTrace();
    }

    Set<Object> eeCerts = new HashSet<Object>();
    eeCerts.add(x509cert);  
    // generate certStore
    java.util.List<CertStore> certList = new java.util.ArrayList<CertStore>();
    CollectionCertStoreParameters certparam = new CollectionCertStoreParameters(eeCerts);
    CertStore cert = null;
    try {
      cert = CertStore.getInstance("Collection", certparam, "IBMCertPath");
    } catch (NoSuchProviderException e1) {
      e1.printStackTrace();
    } catch (InvalidAlgorithmParameterException e2) {
      e2.printStackTrace();
    } catch (NoSuchAlgorithmException e3) {
      e3.printStackTrace();
    }
    if(certList != null ){
      certList.add(cert);
    }

    // generate the callback handler object
    X509ConsumeCallbackHandler callbackhandler = new X509ConsumeCallbackHandler(
      "dsig-receiver.ks",  // keystore
      "jks",               // keystore type
      "server".toCharArray(), // keystore password
      certList,            // certificate list
      java.security.Security.getProvider("IBMCertPath") //provider
      );
    

Sample code of decryption

        X509ConsumeCallbackHandler callbackhandler = new X509ConsumeCallbackHandler(
        "",                      // cert list
        "enc-sender.jceks",      // keystore 
        "jceks",                 // keystore type
        "storepass".toCharArray(), // store password
        "alice",                 // alias
        "keypass".toCharArray(), // key password
        "CN=Alice, O=IBM, C=US"  // subject name
        );

   

See Also:

X509Token, X509PKCS7Token, X509PKIPathToken, X509ConsumeCallback, Serialized Form

Constructor Summary

Constructors

Constructor and Description
X509ConsumeCallbackHandler() Class constructor.
X509ConsumeCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties) Class constructor.
X509ConsumeCallbackHandler(java.lang.String trustAnchorPath, java.lang.String trustAnchorType, char[] trustAnchorPassword, java.util.List certStores, java.security.Provider provider) Class constructor.
X509ConsumeCallbackHandler(java.lang.String keyStoreRef, java.lang.String keyStorePath, java.lang.String keyStoreType, char[] keyStorePassword, java.lang.String alias, char[] keyPassword, java.lang.String keyName) Class constructor.
X509ConsumeCallbackHandler(java.lang.String keyStoreRef, java.lang.String keyStorePath, java.lang.String keyStoreType, char[] keyStorePassword, java.lang.String alias, char[] keyPassword, java.lang.String keyName, java.lang.String trustAnchorPath, java.lang.String trustAnchorType, char[] trustAnchorPassword, java.util.List certStores, java.security.Provider provider) Class constructor.

Method Summary

Methods

Modifier and Type	Method and Description
void	handle(javax.security.auth.callback.Callback[] callbacks) Sets necessary information to a X509ConsumeCallback object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

X509ConsumeCallbackHandler

public X509ConsumeCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)

Class constructor.

Parameters:

properties - map including key-value pairs

X509ConsumeCallbackHandler

public X509ConsumeCallbackHandler(java.lang.String keyStoreRef,
                          java.lang.String keyStorePath,
                          java.lang.String keyStoreType,
                          char[] keyStorePassword,
                          java.lang.String alias,
                          char[] keyPassword,
                          java.lang.String keyName,
                          java.lang.String trustAnchorPath,
                          java.lang.String trustAnchorType,
                          char[] trustAnchorPassword,
                          java.util.List certStores,
                          java.security.Provider provider)

Class constructor.

Parameters:

keyStoreRef - reference name of the keystore used for key locator

keyStorePath - file path from which the keystore used for key locator is loaded

keyStorePassword - password used to check the integrity of the keystore used for key locator or the password used to unlock the keystore

keyStoreType - type of the keystore used for key locator

alias - alias name

keyPassword - password for recovering the key

keyName - name of the key

trustAnchorPath - file path from which the trust anchor is loaded

trustAnchorType - type of the trust anchor

trustAnchorPassword - password used to check the integrity of the trust anchor or the password used to unlock the keystore

certStores - list of certificate stores

provider - ecurity provider

X509ConsumeCallbackHandler

public X509ConsumeCallbackHandler(java.lang.String keyStoreRef,
                          java.lang.String keyStorePath,
                          java.lang.String keyStoreType,
                          char[] keyStorePassword,
                          java.lang.String alias,
                          char[] keyPassword,
                          java.lang.String keyName)

Class constructor.

Parameters:

keyStoreRef - reference name of the keystore used for key locator

keyStorePath - file path from which the keystore used for key locator is loaded

keyStorePassword - password used to check the integrity of the keystore used for key locator or the password used to unlock the keystore

keyStoreType - type of the keystore used for key locator

alias - alias name

keyPassword - password for recovering the key

keyName - name of the key

X509ConsumeCallbackHandler

public X509ConsumeCallbackHandler(java.lang.String trustAnchorPath,
                          java.lang.String trustAnchorType,
                          char[] trustAnchorPassword,
                          java.util.List certStores,
                          java.security.Provider provider)

Class constructor.

Parameters:

trustAnchorPath - file path from which the trust anchor is loaded

trustAnchorPassword - password used to check the integrity of the trust anchor or the password used to unlock the keystore

trustAnchorType - type of the trust anchor

X509ConsumeCallbackHandler

public X509ConsumeCallbackHandler()

Class constructor.

Method Detail

handle

public void handle(javax.security.auth.callback.Callback[] callbacks)
            throws java.io.IOException,
                   javax.security.auth.callback.UnsupportedCallbackException

Sets necessary information to a X509ConsumeCallback object.

Specified by:

handle in interface javax.security.auth.callback.CallbackHandler

Parameters:

callbacks - array of Callback objects provided by the underlying security service which contains the information requested to be retrieved or displayed.

Throws:

java.io.IOException - if an input or output error occurs.

javax.security.auth.callback.UnsupportedCallbackException - if the implementation of this method does not support one or more of the Callbacks specified in the callbacks parameter.

See Also:

CallbackHandler.handle(javax.security.auth.callback.Callback[])