IBM WebSphere Application ServerTM
Release 8

com.ibm.websphere.wssecurity.wssapi.token
Interface X509Token

All Superinterfaces:
BinarySecurityToken, SecurityToken
All Known Subinterfaces:
X509PKCS7Token, X509PKIPathToken

public interface X509Token
extends BinarySecurityToken

This interface is responsible for token of X509v3 format. It is defined by the specification of OASIS Web Services Security X.509 Certificate Token Profile
Following are the sample code to configure the X509 token.

Sample code of generating X509Token for signature
    X509GenerateCallbackHandler callbackhandler = new X509GenerateCallbackHandler(
        "",                     // reference of key store
        "dsig-sender.ks",       // keystore
        "jks",                  // keystore type
        "client".toCharArray(), // store password
        "soaprequester",        // alias
        "client".toCharArray(), // key password
        "CN=soapRequester, O=IBM, C=US",// subject name
        null                    // cert list
        );
    SecurityToken st = factory.newSecurityToken(callbackhandler,X509Token.class);
     

Sample code of generating X509Token for encryption
    X509GenerateCallbackHandler callbackhandler = new X509GenerateCallbackHandler(
        "",                     // reference of key store
        "enc-sender.jceks",     // keystore name  
        "jceks",                // store type
        "storepass".toCharArray(), // store password
        "bob",                  // alias 
        null,                   // key password
        "CN=Bob, O=IBM, C=US",  // subject name
        null                    // cert list
        );
   SecurityToken st = factory.newSecurityToken(callbackhandler, X509Token.class); 
       

Sample code of verification
   // generate certStore
   String certpath = "intca2.cer";// The location of the X509 certificate file
   X509Certificate x509cert = null;
    try {
        InputStream is = new FileInputStream(certpath);
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        x509cert = (X509Certificate)cf.generateCertificate(is);
    } catch(FileNotFoundException e1){
      e1.printStackTrace();
    } catch (CertificateException e2) {
      e2.printStackTrace();
    }

    Set<Object> eeCerts = new HashSet<Object>();
    eeCerts.add(x509cert);  
    // generate certStore
    java.util.List<CertStore> certList = new java.util.ArrayList<CertStore>();
    CollectionCertStoreParameters certparam = new CollectionCertStoreParameters(eeCerts);
    CertStore cert = null;
    try {
      cert = CertStore.getInstance("Collection", certparam, "IBMCertPath");
    } catch (NoSuchProviderException e1) {
      e1.printStackTrace();
    } catch (InvalidAlgorithmParameterException e2) {
      e2.printStackTrace();
    } catch (NoSuchAlgorithmException e3) {
      e3.printStackTrace();
    }
    if(certList != null ){
      certList.add(cert);
    }

    // generate the callback handler object
    X509ConsumeCallbackHandler callbackhandler = new X509ConsumeCallbackHandler(
      "dsig-receiver.ks",  // keystore
      "jks",               // keystore type
      "server".toCharArray(), // keystore password
      certList,            // certificate list
      java.security.Security.getProvider("IBMCertPath") //provider
      );
    

Sample code of decryption
        X509ConsumeCallbackHandler callbackhandler = new X509ConsumeCallbackHandler(
        "",                      // cert list
        "enc-sender.jceks",      // keystore 
        "jceks",                 // keystore type
        "storepass".toCharArray(), // store password
        "alice",                 // alias
        "keypass".toCharArray(), // key password
        "CN=Alice, O=IBM, C=US"  // subject name
        );

     

See Also:
X509GenerateCallbackHandler, X509ConsumeCallbackHandler

Field Summary
static int REF_ISSUERSERIAL
          Represents the issuer serial reference as a reference type of the security token.
static javax.xml.namespace.QName ValueType
          Represents the value type.
 
Fields inherited from interface com.ibm.websphere.wssecurity.wssapi.token.BinarySecurityToken
TokenQname
 
Fields inherited from interface com.ibm.websphere.wssecurity.wssapi.token.SecurityToken
DECRYPTING_KEY, ENCRYPTING_KEY, REF_EMBEDDED, REF_KEYID, REF_STR, REF_THUMBPRINT, SIGNING_KEY, VERIFING_KEY
 
Method Summary
 java.security.cert.X509Certificate getCertificate()
          Returns the X.509 certificate.
 java.lang.String getIssuerName()
          Returns the distinguished name of issuer.
 java.lang.String getIssuerSerial()
          Returns the serial of issuer.
 
Methods inherited from interface com.ibm.websphere.wssecurity.wssapi.token.BinarySecurityToken
getBinary
 
Methods inherited from interface com.ibm.websphere.wssecurity.wssapi.token.SecurityToken
getId, getKey, getKeyIdentifier, getKeyIdentifierEncodingType, getKeyIdentifierValueType, getKeyName, getPrincipal, getReferenceURI, getThumbprint, getThumbprintEncodingType, getThumbprintValueType, getTokenQname, getValueType, getXML
 

Field Detail

REF_ISSUERSERIAL

static final int REF_ISSUERSERIAL
Represents the issuer serial reference as a reference type of the security token.

See Also:
Constant Field Values

ValueType

static final javax.xml.namespace.QName ValueType
Represents the value type.
ValueType: "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"

Method Detail

getCertificate

java.security.cert.X509Certificate getCertificate()
Returns the X.509 certificate.

Returns:
X.509 certificate

getIssuerName

java.lang.String getIssuerName()
Returns the distinguished name of issuer.

Returns:
issuer name

getIssuerSerial

java.lang.String getIssuerSerial()
Returns the serial of issuer.

Returns:
issuer serial

IBM WebSphere Application ServerTM
Release 8