Using keys and certificates in client code
In your client code, you make use of these keys and certificates for signing and encrypting with X.509 tokens. Before making the call to the actual web service, you must add "interceptors" to handle the X.509 policy.
Example: using interceptors
private void add_interceptors() throws SOAPException, IOException {
Bus b = BusFactory.getDefaultBus();
// Note, remember to remove the interceptor from the bus if you want to make
// another call from the same (running) jvm without using X509 policy
addX509TokenOutInterceptor(b.getOutInterceptors());
// handles outgoing message (i.e. request)
addX509TokenInInterceptor(b.getInInterceptors());
// handles incoming message (i.e. response)
Example: addX509Token... methods
// Add a WSS4JOutInterceptor with X509 Token to given interceptor list
private void addX509TokenOutInterceptor(List<Interceptor> list){
// alias for key the will be used for signing the message, key with that
// alias (private) needs to exist in the client keystore
String user = "myalias";
// alias cert will be used for encryption, must have been imported to the
// client keystore
String encryption_user = "MWSserver";
Map<String, Object> securityProperties = new HashMap<String, Object>();
// Make sure the secClient.properties file and keystore is on the classpath
// OUT (Adds a timestamp and signs and encrypts the outgoing message)
securityProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
+ " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT);
securityProperties.put(WSHandlerConstants.SIG_PROP_FILE, "secClient.properties");
securityProperties.put(WSHandlerConstants.ENC_PROP_FILE, "secClient.properties");
securityProperties.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientCallbackHandler.class.getName());
securityProperties.put(WSHandlerConstants.USER, user);
securityProperties.put(WSHandlerConstants.ENCRYPTION_USER, encryption_user);
list.add(new WSS4JOutInterceptor(securityProperties));
}
// Add a WSS4JInInterceptor with X509 Token to given interceptor list
private void addX509TokenInInterceptor(List<Interceptor> list){
// IN
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
+ " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT);
inProps.put(WSHandlerConstants.SIG_PROP_FILE, "secClient.properties");
inProps.put(WSHandlerConstants.DEC_PROP_FILE, "secClient.properties");
inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientCallbackHandler.class.getName());
inProps.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "false");
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
list.add(wssIn);
}
The ClientCallBackHandler class serves the password for the alias used when signing (the password for the keypair generated by Keytool).
Example: ClientCallbackHandler implementation
public class ClientCallbackHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
// set the password for our message.
if (pc.getIdentifier().equals("myalias")){
pc.setPassword("myaliaspwd");
// return the password for the key for the signing alias in the client keystore
}
else if (pc.getIdentifier().equals("nisse")){
pc.setPassword("efj7an4aa");
}
}
The secClient.properties file contains information about the keystore.
Example: secClient.properties file
org.apache.ws.security.crypto.merlin.keystore.password=secretPWD
org.apache.ws.security.crypto.merlin.keystore.type=JKS
org.apache.ws.security.crypto.merlin.file=keystoreClient.jks
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
After making these modifications, your code should contain all necessary security tokens.