Oracle® Retail Service Backbone Oracle Retail Service Backbone Security Guide Release 16.0.030 E99919-01 |
|
Previous |
package com.test; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.net.UnknownHostException; import java.security.InvalidKeyException; import java.security.Key; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SignatureException; import java.security.UnrecoverableKeyException; import java.security.cert.CertPath; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import java.util.Map; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.namespace.QName; import javax.xml.ws.BindingProvider; import oracle.security.jps.JpsContext; import oracle.security.jps.JpsContextFactory; import oracle.security.jps.JpsException; import oracle.security.jps.service.keystore.KeyStoreService; import weblogic.jws.jaxws.ClientPolicyFeature; import weblogic.jws.jaxws.policy.InputStreamPolicySource; import weblogic.security.SSL.TrustManager; import weblogic.wsee.jws.jaxws.owsm.SecurityPoliciesFeature; import weblogic.wsee.security.bst.ClientBSTCredentialProvider; import weblogic.wsee.security.unt.ClientUNTCredentialProvider; import weblogic.xml.crypto.wss.WSSecurityContext; import weblogic.xml.crypto.wss.provider.CredentialProvider; import com.oracle.retail.cm.integration.services.customerservice.v1.CustomerPortType; import com.oracle.retail.cm.integration.services.customerservice.v1.CustomerService; import com.oracle.retail.cm.integration.services.customerservice.v1.IllegalArgumentWSFaultException; import com.oracle.retail.cm.integration.services.customerservice.v1.IllegalStateWSFaultException; import com.oracle.retail.cm.integration.services.customerservice.v1.ValidationWSFaultException; import com.oracle.retail.integration.base.bo.customerref.v1.CustomerRef; import com.oracle.retail.integration.base.bo.invocationsuccess.v1.InvocationSuccess; /** * Servlet implementation class PolicyBJRFServlet */ @WebServlet("/PolicyBJRFServlet") public class PolicyBJRFServlet extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public PolicyBJRFServlet() { super(); // TODO Auto-generated constructor stub } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub doPost(request, response); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub response.getWriter().write("<html><body> Policy B testing with WebLogic policy </body></html>"); try { // Key store information String hostName = getHostName(); //Point to consumer weblogic domain config String str = "/home/newfolder/Weblogic12.2./user_projects/domains/domain/config/"; String clientKeyAlias = hostName+"-public-private-key-alias"; // Hostname for remote host alias can be found from the URL of the OSB service String remoteHostAlias = hostName+"-remote-host-public-key-alias"; JpsContext ctx = JpsContextFactory.getContextFactory().getContext(); KeyStoreService kss = ctx.getServiceInstance(KeyStoreService.class); java.security.KeyStore keystore = kss.getKeyStore("owsm", "keystore",null); Key key = keystore.getKey(clientKeyAlias, null); // Get the certificate associated with this alias final X509Certificate serverCert = (X509Certificate) keystore.getCertificate(remoteHostAlias); System.out.println("serverCert----------------"+serverCert.toString()); PublicKey publicKey = serverCert.getPublicKey(); // Set security policies SecurityPoliciesFeature securityFeatures = new SecurityPoliciesFeature( new String[] { "oracle/wss11_username_token_with_message_protection_client_policy" }); // Prepare credential providers List<CredentialProvider> credProviders = new ArrayList<CredentialProvider>(); PrivateKey pk = (PrivateKey)key; String fileName = str+hostName+"-certificate.der"; CredentialProvider messageProtectionProvider = new ClientBSTCredentialProvider(serverCert, CertPathMeth("X.509", fileName), pk); credProviders.add(messageProtectionProvider); ClientUNTCredentialProvider userNameTokenProvider = new ClientUNTCredentialProvider("rsbuser".getBytes(), "rsbuser1".getBytes()); credProviders.add(userNameTokenProvider); //point to osb proxy url with cluster port String wsdlUrl = "http://<hostname>:49004/cm-Customer-AppServiceDecorator/ProxyService/CustomerAppServiceProxy?wsdl"; //pass namespace and service name of the proxy service CustomerService service = new CustomerService( new URL(wsdlUrl), new QName( "http://www.oracle.com/retail/cm/integration/services/CustomerService/v1", "CustomerService")); CustomerPortType servicePort = service.getCustomerPort(securityFeatures); Map<String, Object> reqContext = ((BindingProvider) servicePort).getRequestContext(); reqContext.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders); reqContext.put(WSSecurityContext.TRUST_MANAGER, new TrustManager() { public boolean certificateCallback(X509Certificate[] chain, int validateErr) { // Check that the server cert matches boolean result = chain[0].equals(serverCert); return result; } }); // Invoke the service CustomerRef customerRef = new CustomerRef(); customerRef.setCustomerId("3451"); InvocationSuccess invSuccess = servicePort.deleteCustomer(customerRef); response.getWriter().write(""); response.getWriter().write("<html><body>Got Response : " + invSuccess.getSuccessMessage() + "</body></html>"); }catch (JpsException e2) { e2.printStackTrace(); } catch (UnrecoverableKeyException | KeyStoreException | NoSuchAlgorithmException e2) { e2.printStackTrace(); } catch (IllegalArgumentWSFaultException | IllegalStateWSFaultException | ValidationWSFaultException e) { e.printStackTrace(); } response.getWriter().flush(); response.getWriter().close(); } private CertPath CertPathMeth(String string, String fileName) { CertPath cp = null; try { CertificateFactory cf = CertificateFactory.getInstance(string); List<java.security.cert.Certificate> list = new ArrayList<java.security.cert.Certificate>(); InputStream in = new FileInputStream(fileName); java.security.cert.Certificate c = cf.generateCertificate(in); list.add(c); cp = cf.generateCertPath(list); System.out.println("Clientcert==============="+cp.getCertificates().get(0).toString()); } catch (java.io.FileNotFoundException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } return cp; } // This method returns the hostname of the server where application is running private String getHostName(){ String wlsHostName = null; try { String hostName = java.net.InetAddress.getLocalHost().getHostName(); wlsHostName = hostName.split("\\.")[0]; } catch (UnknownHostException e) { throw new RuntimeException(e); } return wlsHostName; } }
Note: retail-public-payload-java-beans-base-<version>.jar , retail-public-payload-java-beans-<version>.jar , <service>ServiceConsumer.jar and javax.servlet-api-3.0.1.jar should be present in the classpath. |