IBM WebSphere Application ServerTM
Release 7

com.ibm.websphere.wssecurity.callbackhandler
Class X509ConsumeCallbackHandler

java.lang.Object
  extended by com.ibm.websphere.wssecurity.callbackhandler.X509ConsumeCallbackHandler
All Implemented Interfaces:
java.io.Serializable, javax.security.auth.callback.CallbackHandler

public class X509ConsumeCallbackHandler
extends java.lang.Object
implements javax.security.auth.callback.CallbackHandler, java.io.Serializable

This class is a callback handler for user name token in consumer side. This instance is used to generate WSSVerification object and WSSDecryption object, set into WSSConsumingContext object to validate a X.509 binary security token.
Following are the sample code to configure the X509 token for verification and decryption.

Sample code of verification
   // generate certStore
   String certpath = "intca2.cer";// The location of the X509 certificate file
   X509Certificate x509cert = null;
    try {
        InputStream is = new FileInputStream(certpath);
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        x509cert = (X509Certificate)cf.generateCertificate(is);
    } catch(FileNotFoundException e1){
      e1.printStackTrace();
    } catch (CertificateException e2) {
      e2.printStackTrace();
    }

    Set<Object> eeCerts = new HashSet<Object>();
    eeCerts.add(x509cert);  
    // generate certStore
    java.util.List<CertStore> certList = new java.util.ArrayList<CertStore>();
    CollectionCertStoreParameters certparam = new CollectionCertStoreParameters(eeCerts);
    CertStore cert = null;
    try {
      cert = CertStore.getInstance("Collection", certparam, "IBMCertPath");
    } catch (NoSuchProviderException e1) {
      e1.printStackTrace();
    } catch (InvalidAlgorithmParameterException e2) {
      e2.printStackTrace();
    } catch (NoSuchAlgorithmException e3) {
      e3.printStackTrace();
    }
    if(certList != null ){
      certList.add(cert);
    }

    // generate the callback handler object
    X509ConsumeCallbackHandler callbackhandler = new X509ConsumeCallbackHandler(
      "dsig-receiver.ks",  // keystore
      "jks",               // keystore type
      "server".toCharArray(), // keystore password
      certList,            // certificate list
      java.security.Security.getProvider("IBMCertPath") //provider
      );
    

Sample code of decryption
        X509ConsumeCallbackHandler callbackhandler = new X509ConsumeCallbackHandler(
        "",                      // cert list
        "enc-sender.jceks",      // keystore 
        "jceks",                 // keystore type
        "storepass".toCharArray(), // store password
        "alice",                 // alias
        "keypass".toCharArray(), // key password
        "CN=Alice, O=IBM, C=US"  // subject name
        );

     

See Also:
X509Token, X509PKCS7Token, X509PKIPathToken, X509ConsumeCallback, Serialized Form

Constructor Summary
X509ConsumeCallbackHandler()
          Class constructor.
X509ConsumeCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
          Class constructor.
X509ConsumeCallbackHandler(java.lang.String trustAnchorPath, java.lang.String trustAnchorType, char[] trustAnchorPassword, java.util.List certStores, java.security.Provider provider)
          Class constructor.
X509ConsumeCallbackHandler(java.lang.String keyStoreRef, java.lang.String keyStorePath, java.lang.String keyStoreType, char[] keyStorePassword, java.lang.String alias, char[] keyPassword, java.lang.String keyName)
          Class constructor.
X509ConsumeCallbackHandler(java.lang.String keyStoreRef, java.lang.String keyStorePath, java.lang.String keyStoreType, char[] keyStorePassword, java.lang.String alias, char[] keyPassword, java.lang.String keyName, java.lang.String trustAnchorPath, java.lang.String trustAnchorType, char[] trustAnchorPassword, java.util.List certStores, java.security.Provider provider)
          Class constructor.
 
Method Summary
 void handle(javax.security.auth.callback.Callback[] callbacks)
          Sets necessary information to a X509ConsumeCallback object.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

X509ConsumeCallbackHandler

public X509ConsumeCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
Class constructor.

Parameters:
properties - map including key-value pairs

X509ConsumeCallbackHandler

public X509ConsumeCallbackHandler(java.lang.String keyStoreRef,
                                  java.lang.String keyStorePath,
                                  java.lang.String keyStoreType,
                                  char[] keyStorePassword,
                                  java.lang.String alias,
                                  char[] keyPassword,
                                  java.lang.String keyName,
                                  java.lang.String trustAnchorPath,
                                  java.lang.String trustAnchorType,
                                  char[] trustAnchorPassword,
                                  java.util.List certStores,
                                  java.security.Provider provider)
Class constructor.

Parameters:
keyStoreRef - reference name of the keystore used for key locator
keyStorePath - file path from which the keystore used for key locator is loaded
keyStorePassword - password used to check the integrity of the keystore used for key locator or the password used to unlock the keystore
keyStoreType - type of the keystore used for key locator
alias - alias name
keyPassword - password for recovering the key
keyName - name of the key
trustAnchorPath - file path from which the trust anchor is loaded
trustAnchorType - type of the trust anchor
trustAnchorPassword - password used to check the integrity of the trust anchor or the password used to unlock the keystore
certStores - list of certificate stores
provider - ecurity provider

X509ConsumeCallbackHandler

public X509ConsumeCallbackHandler(java.lang.String keyStoreRef,
                                  java.lang.String keyStorePath,
                                  java.lang.String keyStoreType,
                                  char[] keyStorePassword,
                                  java.lang.String alias,
                                  char[] keyPassword,
                                  java.lang.String keyName)
Class constructor.

Parameters:
keyStoreRef - reference name of the keystore used for key locator
keyStorePath - file path from which the keystore used for key locator is loaded
keyStorePassword - password used to check the integrity of the keystore used for key locator or the password used to unlock the keystore
keyStoreType - type of the keystore used for key locator
alias - alias name
keyPassword - password for recovering the key
keyName - name of the key

X509ConsumeCallbackHandler

public X509ConsumeCallbackHandler(java.lang.String trustAnchorPath,
                                  java.lang.String trustAnchorType,
                                  char[] trustAnchorPassword,
                                  java.util.List certStores,
                                  java.security.Provider provider)
Class constructor.

Parameters:
trustAnchorPath - file path from which the trust anchor is loaded
trustAnchorPassword - password used to check the integrity of the trust anchor or the password used to unlock the keystore
trustAnchorType - type of the trust anchor

X509ConsumeCallbackHandler

public X509ConsumeCallbackHandler()
Class constructor.

Method Detail

handle

public void handle(javax.security.auth.callback.Callback[] callbacks)
            throws java.io.IOException,
                   javax.security.auth.callback.UnsupportedCallbackException
Sets necessary information to a X509ConsumeCallback object.

Specified by:
handle in interface javax.security.auth.callback.CallbackHandler
Parameters:
callbacks - array of Callback objects provided by the underlying security service which contains the information requested to be retrieved or displayed.
Throws:
java.io.IOException - if an input or output error occurs.
javax.security.auth.callback.UnsupportedCallbackException - if the implementation of this method does not support one or more of the Callbacks specified in the callbacks parameter.
See Also:
CallbackHandler.handle(javax.security.auth.callback.Callback[])

IBM WebSphere Application ServerTM
Release 7