Hi,
Currently I'm working in a web service client that has to deal with
authentication based on X509 certificates. Unfortunately, we don't
have file-based certificates, i.e. PKCS12 or JKS, but they are
embedded in smart cards.
Taking the Spring-based SSL configuration into account, how can we
configure our custom KeyManager and TrustManager?. It would be enough
with custom keyStore and certStore implementations?. It would be OK a
configuration like this?:
<http:conduit name="{........}Service.http-conduit">
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
<bean class="MyCustomCertStore" />
</sec:trustManagers>
<sec:keyManagers>
<bean class="myCustomKeyStore" />
</sec:keyManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with
export-suitable or null encryption is used,
but exclude anonymous Diffie-Hellman key change as
this is vulnerable to man-in-the-middle attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>
Any suggestions will be appreciate. Thanks in advance,
Juanjo.
