This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 156055 - Saml20HOKCallbackHandler not using keystore entered from NetBeans
Summary: Saml20HOKCallbackHandler not using keystore entered from NetBeans
Status: NEW
Alias: None
Product: webservices
Classification: Unclassified
Component: WSIT (show other bugs)
Version: 6.x
Hardware: All All
: P3 blocker (vote)
Assignee: Martin Grebac
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-12-25 03:06 UTC by gmazza
Modified: 2009-02-19 23:28 UTC (History)
0 users

See Also:
Issue Type: ENHANCEMENT
Exception Reporter:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description gmazza 2008-12-25 03:06:42 UTC 
When configuring a SOAP client using SAML HOK security without an STS, I need to specify three elements from NetBeans:

1.) keystore - to sign message to service provider, also my public key goes into the SAML assertion.
2.) truststore - to encrypt messages to the service provider and verify signature of responses from server
3.) SAML Callback Handler - to create a SAML assertion.

While this information nicely gets added to the client's wsit-config.xml file, (1) above is not finding its way to the
autogenerated Saml20HOKCallbackHandler class--it is relying on some hardcoded default value from the GlassFish server.

For example, with this NetBeans-generated client config:

   <wsp:Policy wsu:Id="DoubleItBindingPolicy">
      <wsp:ExactlyOne>
         <wsp:All>
            <sc1:KeyStore wspp:visibility="private"
location="/work/workspace/DoubleItSAMLHOKMetro/certs/clientstore.jks" type="JKS" storepass="cspass" alias="myclientkey"
keypass="ckpass"/>
            <sc1:TrustStore wspp:visibility="private"
location="/work/workspace/DoubleItSAMLHOKMetro/certs/clientstore.jks" type="JKS" storepass="cspass"
peeralias="myservicekey"/>
            <sc1:CallbackHandlerConfiguration wspp:visibility="private">
               <sc1:CallbackHandler name="samlHandler" classname="samlcb.Saml20HOKCallbackHandler"/>
            </sc1:CallbackHandlerConfiguration>
         </wsp:All>
      </wsp:ExactlyOne>
   </wsp:Policy>

Saml20HOKCallbackHandler is still using a default keystore:

    String glassfish_home = System.getProperty("com.sun.aas.installRoot");
    String client_priv_key_alias="xws-security-client";
    
    public Saml20HOKCallbackHandler() {
        try {            
            this.keyStoreURL = glassfish_home + fileSeparator + "domains" + fileSeparator + "domain1" +
                    fileSeparator + "config" + fileSeparator + "keystore.jks";
            this.keyStoreType = "JKS";
            this.keyStorePassword = "changeit";

I believe the keystore in Saml20HOKCallbackHandler should be what I entered in NetBeans.
Comment 1 Martin Grebac 2009-01-05 16:01:56 UTC 
Understood. Will try to fix it for 7.0.