com.ibm.websphere.wssecurity.callbackhandler

Class X509ConsumeCallbackHandler

  1. java.lang.Object
  2. extended bycom.ibm.websphere.wssecurity.callbackhandler.X509ConsumeCallbackHandler
All implemented interfaces:
java.io.Serializable, javax.security.auth.callback.CallbackHandler

  1. public class X509ConsumeCallbackHandler
  2. extends java.lang.Object
  3. implements javax.security.auth.callback.CallbackHandler, java.io.Serializable
This class is a callback handler for user name token in consumer side. This instance is used to generate WSSVerification object and WSSDecryption object, set into WSSConsumingContext object to validate a X.509 binary security token.
Following are the sample code to configure the X509 token for verification and decryption.
Sample code of verification
   // generate certStore
   String certpath = "intca2.cer";// The location of the X509 certificate file
   X509Certificate x509cert = null;
    try {
        InputStream is = new FileInputStream(certpath);
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        x509cert = (X509Certificate)cf.generateCertificate(is);
    } catch(FileNotFoundException e1){
      e1.printStackTrace();
    } catch (CertificateException e2) {
      e2.printStackTrace();
    }

    Set<Object> eeCerts = new HashSet<Object>();
    eeCerts.add(x509cert);  
    // generate certStore
    java.util.List<CertStore> certList = new java.util.ArrayList<CertStore>();
    CollectionCertStoreParameters certparam = new CollectionCertStoreParameters(eeCerts);
    CertStore cert = null;
    try {
      cert = CertStore.getInstance("Collection", certparam, "IBMCertPath");
    } catch (NoSuchProviderException e1) {
      e1.printStackTrace();
    } catch (InvalidAlgorithmParameterException e2) {
      e2.printStackTrace();
    } catch (NoSuchAlgorithmException e3) {
      e3.printStackTrace();
    }
    if(certList != null ){
      certList.add(cert);
    }

    // generate the callback handler object
    X509ConsumeCallbackHandler callbackhandler = new X509ConsumeCallbackHandler(
      "dsig-receiver.ks",  // keystore
      "jks",               // keystore type
      "server".toCharArray(), // keystore password
      certList,            // certificate list
      java.security.Security.getProvider("IBMCertPath") //provider
      );
    

Sample code of decryption
        X509ConsumeCallbackHandler callbackhandler = new X509ConsumeCallbackHandler(
        "",                      // cert list
        "enc-sender.jceks",      // keystore 
        "jceks",                 // keystore type
        "storepass".toCharArray(), // store password
        "alice",                 // alias
        "keypass".toCharArray(), // key password
        "CN=Alice, O=IBM, C=US"  // subject name
        );

     
See Also:

Constructor Summary

Constructor and Description
X509ConsumeCallbackHandler()
Class constructor.
X509ConsumeCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
Class constructor.
X509ConsumeCallbackHandler(java.lang.String trustAnchorPath,java.lang.String trustAnchorType,char[] trustAnchorPassword,java.util.List certStores,java.security.Provider provider)
Class constructor.
X509ConsumeCallbackHandler(java.lang.String keyStoreRef,java.lang.String keyStorePath,java.lang.String keyStoreType,char[] keyStorePassword,java.lang.String alias,char[] keyPassword,java.lang.String keyName)
Class constructor.
X509ConsumeCallbackHandler(java.lang.String keyStoreRef,java.lang.String keyStorePath,java.lang.String keyStoreType,char[] keyStorePassword,java.lang.String alias,char[] keyPassword,java.lang.String keyName,java.lang.String trustAnchorPath,java.lang.String trustAnchorType,char[] trustAnchorPassword,java.util.List certStores,java.security.Provider provider)
Class constructor.

Method Summary

Modifier and Type Method and Description
  1. void
handle(javax.security.auth.callback.Callback[] callbacks)
Sets necessary information to a X509ConsumeCallback object.
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

X509ConsumeCallbackHandler

  1. public X509ConsumeCallbackHandler( java.util.Map<java.lang.Object,java.lang.Object> properties)
Class constructor.
Parameters:
properties - map including key-value pairs

X509ConsumeCallbackHandler

  1. public X509ConsumeCallbackHandler( java.lang.String keyStoreRef,
  2. java.lang.String keyStorePath,
  3. java.lang.String keyStoreType,
  4. char[] keyStorePassword,
  5. java.lang.String alias,
  6. char[] keyPassword,
  7. java.lang.String keyName,
  8. java.lang.String trustAnchorPath,
  9. java.lang.String trustAnchorType,
  10. char[] trustAnchorPassword,
  11. java.util.List certStores,
  12. java.security.Provider provider)
Class constructor.
Parameters:
keyStoreRef - reference name of the keystore used for key locator
keyStorePath - file path from which the keystore used for key locator is loaded
keyStorePassword - password used to check the integrity of the keystore used for key locator or the password used to unlock the keystore
keyStoreType - type of the keystore used for key locator
alias - alias name
keyPassword - password for recovering the key
keyName - name of the key
trustAnchorPath - file path from which the trust anchor is loaded
trustAnchorType - type of the trust anchor
trustAnchorPassword - password used to check the integrity of the trust anchor or the password used to unlock the keystore
certStores - list of certificate stores
provider - ecurity provider

X509ConsumeCallbackHandler

  1. public X509ConsumeCallbackHandler( java.lang.String keyStoreRef,
  2. java.lang.String keyStorePath,
  3. java.lang.String keyStoreType,
  4. char[] keyStorePassword,
  5. java.lang.String alias,
  6. char[] keyPassword,
  7. java.lang.String keyName)
Class constructor.
Parameters:
keyStoreRef - reference name of the keystore used for key locator
keyStorePath - file path from which the keystore used for key locator is loaded
keyStorePassword - password used to check the integrity of the keystore used for key locator or the password used to unlock the keystore
keyStoreType - type of the keystore used for key locator
alias - alias name
keyPassword - password for recovering the key
keyName - name of the key

X509ConsumeCallbackHandler

  1. public X509ConsumeCallbackHandler( java.lang.String trustAnchorPath,
  2. java.lang.String trustAnchorType,
  3. char[] trustAnchorPassword,
  4. java.util.List certStores,
  5. java.security.Provider provider)
Class constructor.
Parameters:
trustAnchorPath - file path from which the trust anchor is loaded
trustAnchorPassword - password used to check the integrity of the trust anchor or the password used to unlock the keystore
trustAnchorType - type of the trust anchor

X509ConsumeCallbackHandler

  1. public X509ConsumeCallbackHandler( )
Class constructor.

Method Detail

handle

  1. public void handle(javax.security.auth.callback.Callback[] callbacks)
  2. throws java.io.IOException
  3. javax.security.auth.callback.UnsupportedCallbackException
Sets necessary information to a X509ConsumeCallback object.
Specified by:
handle in interface javax.security.auth.callback.CallbackHandler
Parameters:
callbacks - array of Callback objects provided by the underlying security service which contains the information requested to be retrieved or displayed.
Throws:
java.io.IOException - if an input or output error occurs.
javax.security.auth.callback.UnsupportedCallbackException - if the implementation of this method does not support one or more of the Callbacks specified in the callbacks parameter.
See Also:
CallbackHandler.handle(javax.security.auth.callback.Callback[])