It should be possible to do this. Normally with WS-Security in CXF, you use a crypto properties file that defines a "Merlin" provider. This is a class in WSS4J that wraps a keystore loaded from a file. There is an alternative crypto provider available, MerlinDevice, which allows loading keystores using a null InputStream, which is what is required when you have keys stored on a smartcard:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java?view=markup Colm. On Thu, Mar 5, 2015 at 5:42 PM, Gonzalo Aguilar Delgado < [email protected]> wrote: > Hi > > We are implmenting all our crypto in hardware. One of the requirements of > the client is to do WS-Security. > > I'm experienced about doing it in software with a software based keystore. > But now we need to do it in HSM. > My partners say that if CXF uses JCE (and it does) everything can be done > in hardware. > > Can you point us to the right direction about how to do it? > > We are using safenet solutions for HSMs. > > Best regards, > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
