com.ibm.websphere.wssecurity.wssapi.token

Interface X509Token

All Superinterfaces:
BinarySecurityToken, SecurityToken
All known subinterfaces:
X509PKCS7Token, X509PKIPathToken

  1. public interface X509Token
  2. extends BinarySecurityToken
This interface is responsible for token of X509v3 format. It is defined by the specification of OASIS Web Services Security X.509 Certificate Token Profile
Following are the sample code to configure the X509 token.
Sample code of generating X509Token for signature
    X509GenerateCallbackHandler callbackhandler = new X509GenerateCallbackHandler(
        "",                     // reference of key store
        "dsig-sender.ks",       // keystore
        "jks",                  // keystore type
        "client".toCharArray(), // store password
        "soaprequester",        // alias
        "client".toCharArray(), // key password
        "CN=soapRequester, O=IBM, C=US",// subject name
        null                    // cert list
        );
    SecurityToken st = factory.newSecurityToken(callbackhandler,X509Token.class);
     

Sample code of generating X509Token for encryption
    X509GenerateCallbackHandler callbackhandler = new X509GenerateCallbackHandler(
        "",                     // reference of key store
        "enc-sender.jceks",     // keystore name  
        "jceks",                // store type
        "storepass".toCharArray(), // store password
        "bob",                  // alias 
        null,                   // key password
        "CN=Bob, O=IBM, C=US",  // subject name
        null                    // cert list
        );
   SecurityToken st = factory.newSecurityToken(callbackhandler, X509Token.class); 
       

Sample code of verification
   // generate certStore
   String certpath = "intca2.cer";// The location of the X509 certificate file
   X509Certificate x509cert = null;
    try {
        InputStream is = new FileInputStream(certpath);
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        x509cert = (X509Certificate)cf.generateCertificate(is);
    } catch(FileNotFoundException e1){
      e1.printStackTrace();
    } catch (CertificateException e2) {
      e2.printStackTrace();
    }

    Set<Object> eeCerts = new HashSet<Object>();
    eeCerts.add(x509cert);  
    // generate certStore
    java.util.List<CertStore> certList = new java.util.ArrayList<CertStore>();
    CollectionCertStoreParameters certparam = new CollectionCertStoreParameters(eeCerts);
    CertStore cert = null;
    try {
      cert = CertStore.getInstance("Collection", certparam, "IBMCertPath");
    } catch (NoSuchProviderException e1) {
      e1.printStackTrace();
    } catch (InvalidAlgorithmParameterException e2) {
      e2.printStackTrace();
    } catch (NoSuchAlgorithmException e3) {
      e3.printStackTrace();
    }
    if(certList != null ){
      certList.add(cert);
    }

    // generate the callback handler object
    X509ConsumeCallbackHandler callbackhandler = new X509ConsumeCallbackHandler(
      "dsig-receiver.ks",  // keystore
      "jks",               // keystore type
      "server".toCharArray(), // keystore password
      certList,            // certificate list
      java.security.Security.getProvider("IBMCertPath") //provider
      );
    

Sample code of decryption
        X509ConsumeCallbackHandler callbackhandler = new X509ConsumeCallbackHandler(
        "",                      // cert list
        "enc-sender.jceks",      // keystore 
        "jceks",                 // keystore type
        "storepass".toCharArray(), // store password
        "alice",                 // alias
        "keypass".toCharArray(), // key password
        "CN=Alice, O=IBM, C=US"  // subject name
        );

     
See Also:
X509GenerateCallbackHandler, X509ConsumeCallbackHandler

Field Summary

Modifier and Type Field and Description
  1. static
  2. int
REF_ISSUERSERIAL
Represents the issuer serial reference as a reference type of the security token.
  1. static
  2. javax.xml.namespace.QName
ValueType
Represents the value type.
Fields inherited from interface com.ibm.websphere.wssecurity.wssapi.token.BinarySecurityToken
TokenQname
Fields inherited from interface com.ibm.websphere.wssecurity.wssapi.token.SecurityToken
DECRYPTING_KEY, ENCRYPTING_KEY, REF_EMBEDDED, REF_KEYID, REF_STR, REF_THUMBPRINT, SIGNING_KEY, VERIFING_KEY

Method Summary

Modifier and Type Method and Description
  1. java.security.cert.X509Certificate
getCertificate()
Returns the X.509 certificate.
  1. java.lang.String
getIssuerName()
Returns the distinguished name of issuer.
  1. java.lang.String
getIssuerSerial()
Returns the serial of issuer.
Methods inherited from interface com.ibm.websphere.wssecurity.wssapi.token.BinarySecurityToken
getBinary
Methods inherited from interface com.ibm.websphere.wssecurity.wssapi.token.SecurityToken
getId, getKey, getKeyIdentifier, getKeyIdentifierEncodingType, getKeyIdentifierValueType, getKeyName, getPrincipal, getReferenceURI, getThumbprint, getThumbprintEncodingType, getThumbprintValueType, getTokenQname, getValueType, getXML

Field Detail

REF_ISSUERSERIAL

  1. static final int REF_ISSUERSERIAL
Represents the issuer serial reference as a reference type of the security token.
See Also:

ValueType

  1. static final javax.xml.namespace.QName ValueType
Represents the value type.
ValueType: "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"

Method Detail

getCertificate

  1. java.security.cert.X509Certificate getCertificate( )
Returns the X.509 certificate.
Returns:
X.509 certificate

getIssuerName

  1. java.lang.String getIssuerName( )
Returns the distinguished name of issuer.
Returns:
issuer name

getIssuerSerial

  1. java.lang.String getIssuerSerial( )
Returns the serial of issuer.
Returns:
issuer serial