[CONF] Apache CXF Documentation > XML Key Management Service (XKMS)

[Andrei Shakirin (Confluence)]

Andrei Shakirin edited the page: XML Key Management Service (XKMS) ... Administrator can update, renew and revoke certificates, manage certification authorities and revocation lists. Integrating the XKMS client into the CXF runtime The XKMS client can be integrated into CXF and WSS4J in pretty elegant way using a custom Crypto provider implementation. In this case, the XKMS service will be automatically invoked when WSS4J asks for the certificates or validates them. Details are described in this blog. A basic XKMS implementation of WSS4J Crypto interface is available in XKMS Client component (XKMSCryptoProvider and XKMSCryptoProviderFactory). Implementation uses Ehcache to cache certificates received from XKMS service. XKMS Service Design Internal structure of XKMS service is represented in the following figure: ... Code Block xml <bean id="xkmsProviderBean" class="org.apache.cxf.xkms.service.XKMSService"> <property name="validators"> <list> <ref bean="dateValidator" /> <ref bean="trustedAuthorityValidator" /> </list> </property> <property name="locators"> <list> <ref bean="x509Locator" /> </list> </property> <property name="keyRegisterHandlers"> <list> <ref bean="x509Register" /> </list> </property> </bean> <jaxws:endpoint id="XKMSService" xmlns:serviceNamespace="http://www.w3.org/2002/03/xkms#wsdl" serviceName="serviceNamespace:XKMSService" endpointName="serviceNamespace:XKMSPort" implementor="#xkmsProviderBean" address="/XKMS"> </jaxws:endpoint> Integrating the XKMS client into the CXF runtime. The XKMS client can be integrated into CXF and WSS4J in pretty elegant way using a custom Crypto provider implementation. In this case, the XKMS service will be automatically invoked when WSS4J asks for the certificates or validates them. Details are described in this blog. A basic XKMS implementation of WSS4J Crypto interface is available in XKMS Client component (XKMSCryptoProvider and XKMSCryptoProviderFactory). Implementation uses Ehcache to cache certificates received from XKMS service. Data Formats Input and output data formats are specified in XML Key Management Service Specification Version 2.0 (see XKMS 2.0). The XKMS service supports only a subset of the specified requests and responses. Restrictions of formats for request and responses are described in the following table: ... View Online · Like · View Changes Stop watching space · Manage Notifications This message was sent by Atlassian Confluence 5.0.3, Team Collaboration Software