com.ibm.websphere.wssecurity.wssapi.token

Interface X509Token

  • All Superinterfaces:
    BinarySecurityToken, SecurityToken
    All Known Subinterfaces:
    X509PKCS7Token, X509PKIPathToken


    public interface X509Token
    extends BinarySecurityToken
    This interface is responsible for token of X509v3 format. It is defined by the specification of OASIS Web Services Security X.509 Certificate Token Profile
    Following are the sample code to configure the X509 token.
    Sample code of generating X509Token for signature
        X509GenerateCallbackHandler callbackhandler = new X509GenerateCallbackHandler(
            "",                     // reference of key store
            "dsig-sender.ks",       // keystore
            "jks",                  // keystore type
            "client".toCharArray(), // store password
            "soaprequester",        // alias
            "client".toCharArray(), // key password
            "CN=soapRequester, O=IBM, C=US",// subject name
            null                    // cert list
            );
        SecurityToken st = factory.newSecurityToken(callbackhandler,X509Token.class);
       

    Sample code of generating X509Token for encryption
        X509GenerateCallbackHandler callbackhandler = new X509GenerateCallbackHandler(
            "",                     // reference of key store
            "enc-sender.jceks",     // keystore name  
            "jceks",                // store type
            "storepass".toCharArray(), // store password
            "bob",                  // alias 
            null,                   // key password
            "CN=Bob, O=IBM, C=US",  // subject name
            null                    // cert list
            );
       SecurityToken st = factory.newSecurityToken(callbackhandler, X509Token.class); 
         

    Sample code of verification
       // generate certStore
       String certpath = "intca2.cer";// The location of the X509 certificate file
       X509Certificate x509cert = null;
        try {
            InputStream is = new FileInputStream(certpath);
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            x509cert = (X509Certificate)cf.generateCertificate(is);
        } catch(FileNotFoundException e1){
          e1.printStackTrace();
        } catch (CertificateException e2) {
          e2.printStackTrace();
        }
    
        Set<Object> eeCerts = new HashSet<Object>();
        eeCerts.add(x509cert);  
        // generate certStore
        java.util.List<CertStore> certList = new java.util.ArrayList<CertStore>();
        CollectionCertStoreParameters certparam = new CollectionCertStoreParameters(eeCerts);
        CertStore cert = null;
        try {
          cert = CertStore.getInstance("Collection", certparam, "IBMCertPath");
        } catch (NoSuchProviderException e1) {
          e1.printStackTrace();
        } catch (InvalidAlgorithmParameterException e2) {
          e2.printStackTrace();
        } catch (NoSuchAlgorithmException e3) {
          e3.printStackTrace();
        }
        if(certList != null ){
          certList.add(cert);
        }
    
        // generate the callback handler object
        X509ConsumeCallbackHandler callbackhandler = new X509ConsumeCallbackHandler(
          "dsig-receiver.ks",  // keystore
          "jks",               // keystore type
          "server".toCharArray(), // keystore password
          certList,            // certificate list
          java.security.Security.getProvider("IBMCertPath") //provider
          );
      

    Sample code of decryption
            X509ConsumeCallbackHandler callbackhandler = new X509ConsumeCallbackHandler(
            "",                      // cert list
            "enc-sender.jceks",      // keystore 
            "jceks",                 // keystore type
            "storepass".toCharArray(), // store password
            "alice",                 // alias
            "keypass".toCharArray(), // key password
            "CN=Alice, O=IBM, C=US"  // subject name
            );
    
       
    See Also:
    X509GenerateCallbackHandler, X509ConsumeCallbackHandler
    • Field Detail

      • REF_ISSUERSERIAL

        static final int REF_ISSUERSERIAL
        Represents the issuer serial reference as a reference type of the security token.
        See Also:
        Constant Field Values
      • ValueType

        static final javax.xml.namespace.QName ValueType
        Represents the value type.
        ValueType:
        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
    • Method Detail

      • getCertificate

        java.security.cert.X509Certificate getCertificate()
        Returns the X.509 certificate.
        Returns:
        X.509 certificate
      • getIssuerName

        java.lang.String getIssuerName()
        Returns the distinguished name of issuer.
        Returns:
        issuer name
      • getIssuerSerial

        java.lang.String getIssuerSerial()
        Returns the serial of issuer.
        Returns:
        issuer serial
IBM WebSphere Application ServerTM
Release 9.0