예제 #1
0
 @Override
 public void afterPropertiesSet() throws Exception {
   if (!configuration.containsKey(CRYPTO_PROVIDER_PROPERTY)) {
     configuration.setProperty(CRYPTO_PROVIDER_PROPERTY, Merlin.class.getName());
   }
   this.crypto = CryptoFactory.getInstance(configuration, classLoader);
 }
  private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
    TokenValidatorParameters parameters = new TokenValidatorParameters();

    TokenRequirements tokenRequirements = new TokenRequirements();
    tokenRequirements.setTokenType(STSConstants.STATUS);
    parameters.setTokenRequirements(tokenRequirements);

    KeyRequirements keyRequirements = new KeyRequirements();
    parameters.setKeyRequirements(keyRequirements);

    parameters.setPrincipal(new CustomTokenPrincipal("alice"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
    parameters.setWebServiceContext(webServiceContext);

    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    parameters.setStsProperties(stsProperties);

    return parameters;
  }
  /** Test a valid SAML 1.1 Assertion */
  @org.junit.Test
  public void testValidSAML1Assertion() throws Exception {
    TokenValidator samlTokenValidator = new SAMLTokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();

    // Create a ValidateTarget consisting of a SAML Assertion
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Element samlToken =
        createSAMLAssertion(WSConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler);
    Document doc = samlToken.getOwnerDocument();
    samlToken = (Element) doc.appendChild(samlToken);

    ReceivedToken validateTarget = new ReceivedToken(samlToken);
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);

    assertTrue(samlTokenValidator.canHandleToken(validateTarget));

    TokenValidatorResponse validatorResponse =
        samlTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.VALID);

    Principal principal = validatorResponse.getPrincipal();
    assertTrue(principal != null && principal.getName() != null);
  }
  /** Test a SAML 2 Assertion with an invalid signature */
  @org.junit.Test
  public void testInvalidSignatureSAML2Assertion() throws Exception {
    TokenValidator samlTokenValidator = new SAMLTokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();

    // Create a ValidateTarget consisting of a SAML Assertion
    Crypto crypto = CryptoFactory.getInstance(getEveCryptoProperties());
    CallbackHandler callbackHandler = new EveCallbackHandler();
    Element samlToken =
        createSAMLAssertion(WSConstants.WSS_SAML2_TOKEN_TYPE, crypto, "eve", callbackHandler);
    Document doc = samlToken.getOwnerDocument();
    samlToken = (Element) doc.appendChild(samlToken);

    ReceivedToken validateTarget = new ReceivedToken(samlToken);
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);

    assertTrue(samlTokenValidator.canHandleToken(validateTarget));

    // Set tokenstore to null so that issued token is not found in the cache
    validatorParameters.setTokenStore(null);

    TokenValidatorResponse validatorResponse =
        samlTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
  }
  /** Test a SAML 1.1 Assertion using Certificate Constraints */
  @org.junit.Test
  public void testSAML1AssertionCertConstraints() throws Exception {
    TokenValidator samlTokenValidator = new SAMLTokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    validatorParameters.setTokenStore(null);

    // Create a ValidateTarget consisting of a SAML Assertion
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Element samlToken =
        createSAMLAssertion(WSConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler);
    Document doc = samlToken.getOwnerDocument();
    samlToken = (Element) doc.appendChild(samlToken);

    ReceivedToken validateTarget = new ReceivedToken(samlToken);
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);

    assertTrue(samlTokenValidator.canHandleToken(validateTarget));
    List<String> certConstraints = new ArrayList<String>();
    certConstraints.add("XYZ");
    certConstraints.add(".*CN=www.sts.com.*");
    ((SAMLTokenValidator) samlTokenValidator).setSubjectConstraints(certConstraints);

    TokenValidatorResponse validatorResponse =
        samlTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.VALID);

    certConstraints.clear();
    certConstraints.add("XYZ");
    ((SAMLTokenValidator) samlTokenValidator).setSubjectConstraints(certConstraints);
    validatorResponse = samlTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
  }
예제 #6
0
/**
 * WS-Security Test Case for using the ThumbprintSHA1 key identifier for signature and encryption,
 * and the EncryptedKeySHA1 key identifier for encryption.
 *
 * <p>
 *
 * @author Davanum Srinivas ([email protected])
 */
public class TestWSSecurityNew14 extends TestCase implements CallbackHandler {
  private static final Log LOG = LogFactory.getLog(TestWSSecurityNew14.class);
  private static final String SOAPMSG =
      "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
          + "<SOAP-ENV:Envelope "
          + "xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" "
          + "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" "
          + "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">"
          + "<SOAP-ENV:Body>"
          + "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\">"
          + "<value xmlns=\"\">15</value>"
          + "</add>"
          + "</SOAP-ENV:Body>"
          + "</SOAP-ENV:Envelope>";

  private WSSecurityEngine secEngine = new WSSecurityEngine();
  private Crypto crypto = CryptoFactory.getInstance();
  private MessageContext msgContext;
  private SOAPEnvelope unsignedEnvelope;
  private byte[] keyData;
  private SecretKey key;

  /**
   * TestWSSecurity constructor
   *
   * <p>
   *
   * @param name name of the test
   */
  public TestWSSecurityNew14(String name) {
    super(name);
  }

  /**
   * JUnit suite
   *
   * <p>
   *
   * @return a junit test suite
   */
  public static Test suite() {
    return new TestSuite(TestWSSecurityNew14.class);
  }

  /**
   * Setup method
   *
   * <p>
   *
   * @throws java.lang.Exception Thrown when there is a problem in setup
   */
  protected void setUp() throws Exception {
    AxisClient tmpEngine = new AxisClient(new NullProvider());
    msgContext = new MessageContext(tmpEngine);
    unsignedEnvelope = getSOAPEnvelope();

    KeyGenerator keyGen = KeyGenerator.getInstance("AES");
    keyGen.init(128);
    key = keyGen.generateKey();
    keyData = key.getEncoded();
  }

  /**
   * Constructs a soap envelope
   *
   * <p>
   *
   * @return soap envelope
   * @throws java.lang.Exception if there is any problem constructing the soap envelope
   */
  protected SOAPEnvelope getSOAPEnvelope() throws Exception {
    InputStream in = new ByteArrayInputStream(SOAPMSG.getBytes());
    Message msg = new Message(in);
    msg.setMessageContext(msgContext);
    return msg.getSOAPEnvelope();
  }

  /**
   * Test that signs and verifies a WS-Security envelope. The test uses the ThumbprintSHA1 key
   * identifier type.
   *
   * <p>
   *
   * @throws java.lang.Exception Thrown when there is any problem in signing or verification
   */
  public void testX509SignatureThumb() throws Exception {
    WSSecSignature builder = new WSSecSignature();
    builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
    builder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
    // builder.setUserInfo("john", "keypass");
    LOG.info("Before Signing ThumbprintSHA1....");
    Document doc = unsignedEnvelope.getAsDocument();

    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);

    Document signedDoc = builder.build(doc, crypto, secHeader);

    if (LOG.isDebugEnabled()) {
      LOG.debug("Signed message with ThumbprintSHA1 key identifier:");
      String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
      LOG.debug(outputString);
    }
    LOG.info("After Signing ThumbprintSHA1....");
    verify(signedDoc);
  }

  /**
   * Test that signs (twice) and verifies a WS-Security envelope. The test uses the ThumbprintSHA1
   * key identifier type.
   *
   * <p>
   *
   * @throws java.lang.Exception Thrown when there is any problem in signing or verification
   */
  public void testDoubleX509SignatureThumb() throws Exception {
    WSSecSignature builder = new WSSecSignature();
    builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
    // builder.setUserInfo("john", "keypass");
    builder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
    Document doc = unsignedEnvelope.getAsDocument();

    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);

    Document signedDoc = builder.build(doc, crypto, secHeader);
    Document signedDoc1 = builder.build(signedDoc, crypto, secHeader);
    verify(signedDoc1);
  }

  /**
   * Test that encrypts and decrypts a WS-Security envelope. The test uses the ThumbprintSHA1 key
   * identifier type.
   *
   * <p>
   *
   * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
   */
  public void testX509EncryptionThumb() throws Exception {
    WSSecEncrypt builder = new WSSecEncrypt();
    builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
    builder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);

    LOG.info("Before Encrypting ThumbprintSHA1....");
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document encryptedDoc = builder.build(doc, crypto, secHeader);

    String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
    if (LOG.isDebugEnabled()) {
      LOG.debug("Encrypted message with THUMBPRINT_IDENTIFIER:");
      LOG.debug(outputString);
    }
    assertTrue(outputString.indexOf("#ThumbprintSHA1") != -1);

    LOG.info("After Encrypting ThumbprintSHA1....");
    verify(encryptedDoc);
  }

  /**
   * Test that encrypts and decrypts a WS-Security envelope. The test uses the EncryptedKeySHA1 key
   * identifier type.
   *
   * <p>
   *
   * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
   */
  public void testX509EncryptionSHA1() throws Exception {
    WSSecEncrypt builder = new WSSecEncrypt();
    builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
    builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
    builder.setUseKeyIdentifier(true);

    LOG.info("Before Encrypting EncryptedKeySHA1....");
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document encryptedDoc = builder.build(doc, crypto, secHeader);

    String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
    if (LOG.isDebugEnabled()) {
      LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
      LOG.debug(outputString);
    }
    assertTrue(outputString.indexOf("#EncryptedKeySHA1") != -1);

    LOG.info("After Encrypting EncryptedKeySHA1....");
    verify(encryptedDoc);
  }

  /**
   * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key, rather than a
   * generated session key which is then encrypted using a public key.
   *
   * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
   */
  public void testEncryptionSHA1Symmetric() throws Exception {
    WSSecEncrypt builder = new WSSecEncrypt();
    builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
    builder.setSymmetricKey(key);
    builder.setEncryptSymmKey(false);
    builder.setUseKeyIdentifier(true);

    LOG.info("Before Encrypting EncryptedKeySHA1....");
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document encryptedDoc = builder.build(doc, crypto, secHeader);

    String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
    if (LOG.isDebugEnabled()) {
      LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
      LOG.debug(outputString);
    }
    assertTrue(outputString.indexOf("#EncryptedKeySHA1") != -1);

    LOG.info("After Encrypting EncryptedKeySHA1....");
    verify(encryptedDoc);
  }

  /**
   * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key (bytes), rather than a
   * generated session key which is then encrypted using a public key.
   *
   * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
   */
  public void testEncryptionSHA1SymmetricBytes() throws Exception {
    WSSecEncrypt builder = new WSSecEncrypt();
    builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
    builder.setEphemeralKey(keyData);
    builder.setEncryptSymmKey(false);
    builder.setUseKeyIdentifier(true);

    LOG.info("Before Encrypting EncryptedKeySHA1....");
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document encryptedDoc = builder.build(doc, crypto, secHeader);

    String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
    if (LOG.isDebugEnabled()) {
      LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
      LOG.debug(outputString);
    }
    assertTrue(outputString.indexOf("#EncryptedKeySHA1") != -1);

    LOG.info("After Encrypting EncryptedKeySHA1....");
    verify(encryptedDoc);
  }

  /**
   * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key, rather than a
   * generated session key which is then encrypted using a public key. The request is generated
   * using WSHandler, instead of coding it.
   *
   * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
   */
  public void testEncryptionSHA1SymmetricBytesHandler() throws Exception {
    final WSSConfig cfg = WSSConfig.getNewInstance();
    final RequestData reqData = new RequestData();
    reqData.setWssConfig(cfg);
    java.util.Map messageContext = new java.util.TreeMap();
    messageContext.put(WSHandlerConstants.ENC_SYM_ENC_KEY, "false");
    messageContext.put(WSHandlerConstants.ENC_KEY_ID, "EncryptedKeySHA1");
    messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, this);
    reqData.setMsgContext(messageContext);
    reqData.setUsername("");

    final java.util.Vector actions = new java.util.Vector();
    actions.add(new Integer(WSConstants.ENCR));

    Document doc = unsignedEnvelope.getAsDocument();
    MyHandler handler = new MyHandler();
    handler.send(WSConstants.ENCR, doc, reqData, actions, true);

    String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
    if (LOG.isDebugEnabled()) {
      LOG.debug(outputString);
    }

    verify(doc);
  }

  /**
   * Verifies the soap envelope. This method verifies all the signature generated.
   *
   * @param env soap envelope
   * @throws java.lang.Exception Thrown when there is a problem in verification
   */
  private void verify(Document doc) throws Exception {
    secEngine.processSecurityHeader(doc, null, this, crypto);
  }

  public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
      if (callbacks[i] instanceof WSPasswordCallback) {
        WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
        /*
         * here call a function/method to lookup the password for
         * the given identifier (e.g. a user name or keystore alias)
         * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
         * for Testing we supply a fixed name here.
         */
        pc.setPassword("security");
        pc.setKey(keyData);
      } else {
        throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
      }
    }
  }
}
예제 #7
0
/**
 * Test signature created using an encrypted key SOAP Body is signed and encrypted. In the
 * encryption, The ReferencesList element is put into the Encrypted Key, as a child of the
 * EncryptedKey. Signature is created using the encrypted key.
 */
public class TestWSSecurityNew16 extends TestCase implements CallbackHandler {
  private static final Log LOG = LogFactory.getLog(TestWSSecurityNew16.class);
  private static final String SOAPMSG =
      "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
          + "<SOAP-ENV:Envelope "
          + "xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" "
          + "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" "
          + "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">"
          + "<SOAP-ENV:Body>"
          + "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\">"
          + "<value xmlns=\"\">15</value>"
          + "</add>"
          + "</SOAP-ENV:Body>"
          + "</SOAP-ENV:Envelope>";

  private WSSecurityEngine secEngine = new WSSecurityEngine();
  private Crypto crypto = CryptoFactory.getInstance();
  private MessageContext msgContext;
  private Message message;

  /**
   * TestWSSecurity constructor
   *
   * <p>
   *
   * @param name name of the test
   */
  public TestWSSecurityNew16(String name) {
    super(name);
  }

  /**
   * JUnit suite
   *
   * <p>
   *
   * @return a junit test suite
   */
  public static Test suite() {
    return new TestSuite(TestWSSecurityNew16.class);
  }

  /**
   * Setup method
   *
   * <p>
   *
   * @throws Exception Thrown when there is a problem in setup
   */
  protected void setUp() throws Exception {
    AxisClient tmpEngine = new AxisClient(new NullProvider());
    msgContext = new MessageContext(tmpEngine);
    message = getSOAPMessage();
  }

  /**
   * Constructs a soap envelope
   *
   * <p>
   *
   * @return soap envelope
   * @throws Exception if there is any problem constructing the soap envelope
   */
  protected Message getSOAPMessage() throws Exception {
    InputStream in = new ByteArrayInputStream(SOAPMSG.getBytes());
    Message msg = new Message(in);
    msg.setMessageContext(msgContext);
    return msg;
  }

  /**
   * Test that first signs, then encrypts a WS-Security envelope.
   *
   * <p>
   *
   * @throws Exception Thrown when there is any problem in signing, encryption, decryption, or
   *     verification
   */
  public void testEncryptedKeySignature() throws Exception {

    SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
    LOG.info("Before Sign/Encryption....");
    Document doc = unsignedEnvelope.getAsDocument();

    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);

    WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
    encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
    encrKey.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
    encrKey.setKeySize(192);
    encrKey.prepare(doc, crypto);

    WSSecEncrypt encrypt = new WSSecEncrypt();
    encrypt.setEncKeyId(encrKey.getId());
    encrypt.setEphemeralKey(encrKey.getEphemeralKey());
    encrypt.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
    encrypt.setEncryptSymmKey(false);
    encrypt.setEncryptedKeyElement(encrKey.getEncryptedKeyElement());

    WSSecSignature sign = new WSSecSignature();
    sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
    sign.setCustomTokenId(encrKey.getId());
    sign.setSecretKey(encrKey.getEphemeralKey());
    sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);

    Document signedDoc = sign.build(doc, crypto, secHeader);
    Document encryptedSignedDoc = encrypt.build(signedDoc, crypto, secHeader);

    if (LOG.isDebugEnabled()) {
      LOG.debug("Signed and encrypted message with IssuerSerial key identifier (both), 3DES:");
      String outputString =
          org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedSignedDoc);
      LOG.debug(outputString);
    }

    LOG.info("After Sign/Encryption....");
    verify(encryptedSignedDoc);
  }

  /**
   * Verifies the soap envelope
   *
   * <p>
   *
   * @param doc
   * @throws Exception Thrown when there is a problem in verification
   */
  private void verify(Document doc) throws Exception {
    secEngine.processSecurityHeader(doc, null, this, crypto);
    if (LOG.isDebugEnabled()) {
      LOG.debug("Verfied and decrypted message:");
      String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
      LOG.debug(outputString);
    }
  }

  public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
      if (callbacks[i] instanceof WSPasswordCallback) {
        WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
        /*
         * here call a function/method to lookup the password for
         * the given identifier (e.g. a user name or keystore alias)
         * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
         * for Testing we supply a fixed name here.
         */
        pc.setPassword("security");
      } else {
        throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
      }
    }
  }
}