IBM WebSphere Application ServerTM
Release 8

com.ibm.wsspi.wssecurity.auth.token
Class X509BSToken

java.lang.Object
  extended by com.ibm.wsspi.wssecurity.auth.token.WSSToken
      extended by com.ibm.wsspi.wssecurity.auth.token.X509BSToken
All Implemented Interfaces:
PropagationToken, Token, java.lang.Cloneable

public class X509BSToken
extends WSSToken

This class is a token object implementation for X.509 binary security tokens. It extends the WSSToken class, which implements the Token class. It will typically be created by the X509TokenGenerator and process by the X509TokenConsumer. Protected by following Java 2 Security permissions: com.ibm.websphere.security.WebSphereRuntimePermission("wssecurity.X509BSToken.setCert") com.ibm.websphere.security.WebSphereRuntimePermission("wssecurity.X509BSToken.setBytes")

See Also:
WSSToken, Token

Nested Class Summary
 
Nested classes/interfaces inherited from class com.ibm.wsspi.wssecurity.auth.token.WSSToken
WSSToken.AttributesEnumerator
 
Field Summary
static java.lang.String CERT_INFO
           This is the key used when the X509 certificate is passed to from a KeyLocator object to a TokenConsumer object or from a TokenConsumer object to a LoginModule object.
static java.lang.String CERT_STORES
           This is the key used when the CertStore object is passed from a TokenGenerator object to a CallbackHandler object or from a TokenConsumer object to a LoginModule object.
static java.lang.String KEY_LOCATOR
           This is the key used when the object is passed to from a KeyInfoContentConsumer object to a TokenConsumer object.
static java.lang.String PKIX_BUILDERPARAM
           This is the key used when the PkiXBuilderParameter object is passed from a TokenConsumer object to a LoginModule object.
static java.lang.String PROVIDER
           This is the key used when the Provider object is passed from a TokenGenerator object to a CallbackHandler object or from a TokenConsumer object to a LoginModule object.
static java.lang.String TRUST_ANY
           This is the key used when the flag to indicate that any certificates are trusted is passed to from a TokenConsumer object to a LoginModule object.
 
Fields inherited from class com.ibm.wsspi.wssecurity.auth.token.WSSToken
_attributes, _callerChecked, _error, _keyInfoType, _processed, _referenced, _tokenelem, _tokenId, _trusted, _usedTokenConsumer, _usedTokenGenerator, _usedToLogin, _version, _vtype
 
Constructor Summary
X509BSToken(java.lang.String tokenId, java.security.cert.X509Certificate cert, javax.xml.namespace.QName vtype)
          Constructor
 
Method Summary
 boolean equals(java.lang.Object o)
           
 byte[] getBytes()
          Returns the byte array representation of this token if possible.
 java.security.cert.X509Certificate getCert()
          Gets the Certificate from X509 Binary Security Token
 long getExpiration()
           This returns the expiration time in milli-seconds.
 java.lang.String getPrincipal()
           Gets the principal that this Token belongs to.
 java.lang.String getUniqueID()
           Returns a unique identifier of the token based upon information that the provider considers to be unique.
 short getVersion()
          Returns the implementation version
 int hashCode()
           
 boolean isValid()
           Called by the runtime to determine if a token is valid still in terms of expiration, digital signature, etc.
 void setBytes(byte[] binary)
           
 void setCert(java.security.cert.X509Certificate cert)
          Sets a reference to the X509Certificate object.
 void setExpiration(long expiration)
           
 java.lang.String toString()
           
 
Methods inherited from class com.ibm.wsspi.wssecurity.auth.token.WSSToken
addAttribute, clone, getAttributeNames, getAttributes, getCallerChecked, getElement, getError, getId, getKeyInfoType, getName, getType, getUsedTokenConsumer, getUsedTokenGenerator, getUsedToLogin, isForwardable, isProcessed, isReadOnly, isReferenced, isTrusted, setCallerChecked, setElement, setError, setId, setKeyInfoType, setProcessed, setReadOnly, setReferenced, setTrusted, setType, setType, setUsedTokenConsumer, setUsedTokenGenerator, setUsedToLogin
 
Methods inherited from class java.lang.Object
finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

KEY_LOCATOR

public static final java.lang.String KEY_LOCATOR

This is the key used when the object is passed to from a KeyInfoContentConsumer object to a TokenConsumer object.

See Also:
Constant Field Values

CERT_INFO

public static final java.lang.String CERT_INFO

This is the key used when the X509 certificate is passed to from a KeyLocator object to a TokenConsumer object or from a TokenConsumer object to a LoginModule object.

See Also:
Constant Field Values

TRUST_ANY

public static final java.lang.String TRUST_ANY

This is the key used when the flag to indicate that any certificates are trusted is passed to from a TokenConsumer object to a LoginModule object.

See Also:
Constant Field Values

PROVIDER

public static final java.lang.String PROVIDER

This is the key used when the Provider object is passed from a TokenGenerator object to a CallbackHandler object or from a TokenConsumer object to a LoginModule object.

See Also:
Constant Field Values

PKIX_BUILDERPARAM

public static final java.lang.String PKIX_BUILDERPARAM

This is the key used when the PkiXBuilderParameter object is passed from a TokenConsumer object to a LoginModule object.

See Also:
Constant Field Values

CERT_STORES

public static final java.lang.String CERT_STORES

This is the key used when the CertStore object is passed from a TokenGenerator object to a CallbackHandler object or from a TokenConsumer object to a LoginModule object.

See Also:
Constant Field Values
Constructor Detail

X509BSToken

public X509BSToken(java.lang.String tokenId,
                   java.security.cert.X509Certificate cert,
                   javax.xml.namespace.QName vtype)
Constructor

Parameters:
tokenId -
cert -
vtype -
Method Detail

getCert

public java.security.cert.X509Certificate getCert()
                                           throws SoapSecurityException
Gets the Certificate from X509 Binary Security Token

Returns:
X509Certificate
Throws:
SoapSecurityException

setCert

public void setCert(java.security.cert.X509Certificate cert)
Sets a reference to the X509Certificate object.

Parameters:
cert - X509Certificate object Protected by Java 2 Security permission com.ibm.websphere.security.WebSphereRuntimePermission("wssecurity.X509BSToken.setCert")

getBytes

public byte[] getBytes()
Description copied from class: WSSToken
Returns the byte array representation of this token if possible.

Specified by:
getBytes in interface Token
Overrides:
getBytes in class WSSToken
Returns:
The byte array representation of this token

setBytes

public void setBytes(byte[] binary)
Parameters:
binary - Protected by Java 2 Security permission com.ibm.websphere.security.WebSphereRuntimePermission("wssecurity.X509BSToken.setBytes")

getExpiration

public long getExpiration()
Description copied from interface: Token

This returns the expiration time in milli-seconds.

Returns:
long

setExpiration

public void setExpiration(long expiration)

getPrincipal

public java.lang.String getPrincipal()
Description copied from interface: Token

Gets the principal that this Token belongs to. If this is an authorization token, this principal string must match the authentication token principal string or the message will be rejected. CSIv2 has stringent rules about validating authorization tokens using either the Identity Token or Authentication Token principal.

Returns:
String

getUniqueID

public java.lang.String getUniqueID()
Description copied from interface: Token

Returns a unique identifier of the token based upon information that the provider considers to be unique. This will be used for caching purposes and may be used in combination with other token unique IDs that are part of the same Subject to form a Subject unique identifier.

An implementation of this method should be careful to only change the token uniqueness when required. Any login which generates a new unique ID will create a Subject entry in the cache, which will increase memory requirements.

This method should return null if the token does not need to affect the cache uniqueness. Typically, if using only static registry attributes, this should return null. However, if dynamic attributes are used including strength of authentication, time of day, etc. you may affect the cache uniqueness by returning a non-null value that reflects how you want the cache key too look. Typically, the token implementation will know what is most unique about the dynamic data, however, an alternative is to return a UUID. The values of getUniqueID() from all custom tokens present in the Subject will be added together and used in the SSO token for lookup. A one-way hash of this string will be created as the unique ID. When altering a token to contain a non-null value here, the token must be added to the Subject prior to the commit phase or before the wsMap module commit is called.

Returns:
String

hashCode

public int hashCode()
Overrides:
hashCode in class java.lang.Object

equals

public boolean equals(java.lang.Object o)
Overrides:
equals in class java.lang.Object

isValid

public boolean isValid()
Description copied from interface: Token

Called by the runtime to determine if a token is valid still in terms of expiration, digital signature, etc. The implementation determines what valid means. If this returns false to the WebSphere runtime, an exception will be thrown (appropriate to where the call was made, e.g., NO_PERMISSION, WSLoginFailedException, etc.) and the request will be rejected.

Returns:
boolean

getVersion

public short getVersion()
Description copied from class: WSSToken
Returns the implementation version

Specified by:
getVersion in interface Token
Overrides:
getVersion in class WSSToken
Returns:
The implementation version

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object

IBM WebSphere Application ServerTM
Release 8