Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Implementing WS-Security with Java and WSS4J : Page 3

Many organizations have now implemented solutions based on the promise of Web services, exposing those services over the Internet to enjoy maximum exposure—which then leaves them with the dilemma of securing their services to protect data and other resources. Find out how to use Java and Apache's Web Services Security for Java (WSS4J) framework to secure your Web services.


advertisement
Self-Signing Certificates
Keys are unusable unless they are signed, but you can use the keytool to self-sign them (for testing purposes only), as follows:

%JAVA_HOME%\bin\keytool -selfcert -alias privkey -keystore privkeystore -keypass foobar -storepass foobar

Now, the certificate can be self-signed, as follows:

%JAVA_HOME%\bin\keytool -selfcert -alias pubcert -keystore pubcertkeystore -keypass foobar -storepass foobar

Exporting Certificates with the Keytool Utility
After generating and self-signing the keys/certificates and storing them in the keystores, import each public key into the other key's keystore. This requires two steps: exporting the public key to a certificate file and importing the certificate to the other keystore. To export the public key to a certificate file, use:



%JAVA_HOME%\bin\keytool -export -keystore pubcertkeystore -alias pubcert -storepass foobar -file pubcert

You should see a response that says:

Certificate stored in file <pubcert>

You can also use the keytool utility to display the contents of the certificate file using the -printcert option, as follows:

%JAVA_HOME%\bin\keytool -printcert -file pubcert

The output will look like:

Owner: CN=pubcert Issuer: CN=pubcert Serial number: 42e5b3c4 Valid from: Mon Jul 25 21:53:40 MDT 2005 until: Sun Oct 23 21:53:40 MDT 2005 Certificate fingerprints: MD5: 99:8F:14:C5:BB:21:86:77:D2:CF:56:DE:98:DD:74:62 SHA1: EC:59:92:E9:1F:8A:A6:0A:85:54:EC:76:47:DB:5F:3F:D2:15:78:77

The exported certificate contains the public key and distinguished name given to the certificate (in this case, pubcert).

Importing Certificates into Keystores
To import a public certificate into the keystore of the private key, issue the command:

%JAVA_HOME%\bin\keytool -import -alias pubcert -file pubcert -keystore privkeystore -storepass foobar

The output looks like:

Owner: CN=pubcert Issuer: CN=pubcert Serial number: 42e5b3c4 Valid from: Mon Jul 25 21:53:40 MDT 2005 until: Sun Oct 23 21:53:40 MDT 2005 Certificate fingerprints: MD5: 99:8F:14:C5:BB:21:86:77:D2:CF:56:DE:98:DD:74:62 SHA1: EC:59:92:E9:1F:8A:A6:0A:85:54:EC:76:47:DB:5F:3F:D2:15:78:77

Answer the following question:

Trust this certificate? [no]: yes Certificate was added to keystore

Now that the certificate has been imported into the private key's keystore, you can reexamine the contents of the keystore using the keytool utility with the -list option, as follows:

%JAVA_HOME%\bin\keytool -list -keystore privkeystore Enter keystore password: foobar

After entering your password you'll see the following output:

Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries privkey, Jul 25, 2005, keyEntry, Certificate fingerprint (MD5): E7:4A:D9:D7:67:A6:6D:E7:A5:C4:28:22:3D:C5:C4:30 pubcert, Jul 25, 2005, trustedCertEntry, Certificate fingerprint (MD5): 99:8F:14:C5:BB:21:86:77:D2:CF:56:DE:98:DD:74:62

As the preceding examples illustrated, there are now two entries in the private-key's keystore. The first, with the alias testkey, is identified as a key entry. The second entry is the certificate from the certificate file.

At this point you have performed sufficient key management tasks to use the private-key keystore to perform WS-Security tasks using the Apache Web Services Security for Java framework.



Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap