IBM WebSphere Application ServerTM
Release 8

com.ibm.wsspi.wssecurity.keyinfo
Interface KeyLocator

All Superinterfaces:
Initializable, com.ibm.ws.webservices.wssecurity.WSSComponent

public interface KeyLocator
extends com.ibm.ws.webservices.wssecurity.WSSComponent

A KeyLocator interface for retrieving keys.

See Also:
KeyStoreKeyLocator, SignerCertKeyLocator, X509TokenKeyLocator

Method Summary
 java.security.Key getKey(java.util.Map type, java.util.Map context)
          Gets the Key object.
 
Methods inherited from interface com.ibm.ws.webservices.wssecurity.WSSComponent
init
 

Method Detail

getKey

java.security.Key getKey(java.util.Map type,
                         java.util.Map context)
                         throws SoapSecurityException
Gets the Key object.

Parameters:
type - The Map object which specifies the type of key to get
context - A Map object which contains name-value pairs. The following list shows the only supported names (keys) and their meaning. The keys shown are fields from the com.ibm.wsspi.wssecurity.Constants, com.ibm.wsspi.wssecurity.config.TokenConsumerConfig and com.ibm.wsspi.wssecurity.config.TokenGeneratorConfig classes.
  • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_MESSAGE_CONTEXT - This is used to get the message context from the context in the WS-Security handler.
  • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_SUBJECT - This is used to get the Subject from the context in the WS-Security handler.
  • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_ENCODING - This is used to get a key identifier encoding type. Supported values are:
    • "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
    • "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary"
  • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_VALUETYPE - This is used to get the value type of the referenced token. The value types are specified in the OASIS token profile standards.
  • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_IDTYPE - This is used to get the key identitier type. supported values are:
    • "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#ITSHA1"
    • "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#IT60SHA1"
  • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_ID - This is used to get the key corresponding to the specified key identifier. The format of the key identifier value is specified in the OASIS token profile standards.
  • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_ISSUERNAME - This is used to get the key corresponding to the specified issuer name and serial number. It must be used together with WSSECURITY_KEY_ISSUERSERIAL.
  • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_ISSUERSERIAL - This is used to get the key corresponding to the specified issuer name and serial number. It must be used together with WSSECURITY_KEY_ISSUERNAME.
  • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_TYPE - This is used to indicate the type of operation. The value must be one of the following:
    • "DecryptingKey" - when getting a key for decryption
    • "EncryptingKey" - when getting a key for encryption
    • "SigningKey" - when getting a key for signing
    • "VerifyingKey" - when getting a key for signature verification
  • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_NAME - This is used to get the key corresponding to the specified name. It is used when the key name or the subject name of an X509 certificate is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoContentConsumer or KeyInfoContentGenerator object to a KeyLocator object.
  • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_NAMEREF - This is used to get a key name reference which is specified in the WS-Security binding configuration. It is used when key name is passed to a KeyLocator object. The value of this key must be specified as the name attribute of <Key> in the WS-Security configuration.
  • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_REFERENCE - This is used to get the key referenced by a URI in the SOAP message. It is used when a reference URI is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoContentConsumer or KeyInfoContentGenerator object to a KeyLocator object. The value of this key must be a reference URI included in the secure SOAP message.
  • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEYINFO_TYPE - This is used to specify the type of key information. It is used when the type of key information is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoContentConsumer or KeyInfoContentGenerator object to a KeyLocator object. The value of this key must be one of the following:
    • "STRREF" - when ds:KeyInfo/wsse:STRReference/wsse:Reference is used
    • "KEYID" - when ds:KeyInfo/wsse:STRReference/wsse:KeyIdentifier is used
    • "EMB" - when ds:KeyInfo/wsse:STRReference/wsse:Embedded is used
    • "KEYNAME" - when ds:KeyInfo/ds:KeyName is used
    • "X509ISSUER" - when ds:KeyInfo/wsse:STRReference/ds:X509Data is used
  • com.ibm.wsspi.wssecurity.config.TokenConsumerConfig.CONFIG_KEY - This is used to store the TokenConsumerConfig object.
  • com.ibm.wsspi.wssecurity.config.TokenGeneratorConfig.CONFIG_KEY - This is used to store the TokenGeneratorConfig object.
  • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_WSSCONSUMER_CONFIG_KEY - This is used to store the WSSConsumerConfig object.
  • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_WSSGENERATOR_CONFIG_KEY - This is used to store the WSSGeneratorConfig object.
Returns:
The Key object
Throws:
SoapSecurityException - When there is a problem during getting the Key object
See Also:
Constants, TokenConsumerConfig, TokenGeneratorConfig

IBM WebSphere Application ServerTM
Release 8