Thursday, June 25, 2009

Accessing the WS signing certificate from inside a JAX-WS webservice

When I have set up the webservice as in the previous post to require signatures, it's very normal that I would like to know who signed the certificate. Also I probably want to access the credentials of the signature, in this case the certificate.

How do I retrieve the signature certificate of a WS-security signed SOAP message?

I could not find any good post describing this on the Internet...

Well here it is now:

private WebServiceContext wsContext;


MessageContext mctx = wsContext.getMessageContext();
Subject s = (Subject)mctx.get("CLIENT_SUBJECT");
Set cs = s.getPublicCredentials();
for (Iterator iterator = cs.iterator(); iterator.hasNext();) {
Object object = (Object);
System.out.println("Object: "+object.getClass().getName());
if (object instanceof X509Certificate) {
System.out.println("Found a certificate");
X509Certificate cert = (X509Certificate) object;
if (s != null) {
Set ps = s.getPrincipals();
for (Iterator iterator = ps.iterator(); iterator.hasNext();) {
Principal principal = (Principal);
if (principal instanceof X500Principal) {
X500Principal xp = (X500Principal) principal;


No comments: