This sample demonstrates how to register a client-side generated (or server-side generated) key pair, how to send a reissue request to a XKMS server for an issued certificate asking for its credentials to be changed, how to recover a server generated key pair, how to locate a certificate and how to validate a certificate.
XKMS sample is located in the samples directory which is in WSO2WSAS the root directory.
To build the samples you will need the Apache Ant build tool
e.g. cd C:\wso2wsas-2.1\samples\XKMS
e.g. C:\wso2wsas-x.x\samples\XKMS>ant
To configure the XKMS service, follow the following steps
Parameter Name | Value |
org.wso2.xkms2.service.crypto.persistence.enabled | false |
org.wso2.xkms2.service.crypto.authen.code | secret |
org.wso2.xkms2.service.crypto.keystore.password | password |
org.wso2.xkms2.service.crypto.default.expriy.interval | 365 |
org.wso2.xkms2.service.crypto.default.private.key.password | password |
org.wso2.xkms2.service.crypto.keystore.location | C:\wso2wsas.home\samples\XKMS\conf\keystore.jks |
org.wso2.xkms2.service.crypto.issuer.cert.aliase | alice |
org.wso2.xkms2.service.crypto.issuer.key.password | password |
org.wso2.xkms2.service.crypto.server.cert.aliase | bob |
org.wso2.xkms2.service.crypto.server.key.password | password |
The sample clients will access keystore.jks, which is a Java key store, to retrieve any required key information. e.g. The Reissue service demo will use the certificate with the alias ?bob? and send it to the server with new credentials asking it to reissue the certificate.
Run the XKMS service demo application to see how to use client applications to access the XKMS service
[1] Run Registration Servcie Demo (1) [2] Run Registration Servcie Demo (2) [3] Run Reissue Service Demo [4] Run Recovery Service Demo [5] Run Locate Service Demo [6] Run Validate Service Demo [7] Exit Enter your choice : 1