Hi Martin, I assume you would like to get client certificate on the service side to use it for encryption of response, correct? If yes, I would first of all evaluate using of "useReqSigCert" constant as value of in "ws-security.encryption.username" property on the server side. In this case service will extract client certificate from request and use it to encrypt the response. This approach is very convenient on the server side to encrypt responses for different clients. In this case you don't need to lookup client certificate on server side at all, service will get certificate and proceed encryption automatically. Is this close to your question? If not, please elaborate your use case a bit more.
Regards, Andrei. > -----Original Message----- > From: Martin Nielsen [mailto:[email protected]] > Sent: Samstag, 7. März 2015 13:32 > To: [email protected] > Subject: RE: Alternative key sources using asymmetric security? > > Great! > > I will get right on that.. > As a bonus question, i was wondering, is it possible to make either the > calling > public key or alias (or anything that uniquely identifies the key) available > to the > method being invoked by CXF when the client calls a service? > Optimally, i would like it defined as a method parameter, but im not picky. > > And thank you :) > On 6 Mar 2015 18:11, "Andrei Shakirin" <[email protected]> wrote: > > > Hi Martin, > > > > Yes, for sure. You need to provide own implementation of WSS4J Crypto > > interface. > > Btw CXF supports XKMS standard to get public keys as alternative to > > keystore. > > You can take this either as example of Crypto implementation: > > https://github.com/apache/cxf/blob/master/services/xkms/xkms-client/sr > > c/main/java/org/apache/cxf/xkms/crypto/provider/XkmsCryptoProvider.jav > > a > > > > or use XKMS service to manage your certificates: > > http://cxf.apache.org/docs/xml-key-management-service-xkms.html > > > > Regards, > > Andrei. > > > > > > > -----Original Message----- > > > From: Martin Nielsen [mailto:[email protected]] > > > Sent: Freitag, 6. März 2015 10:36 > > > To: [email protected] > > > Subject: Alternative key sources using asymmetric security? > > > > > > Looking at WS-Security asymmetric encryption, i was wondering if it > > > is > > possible > > > in some way to configure CXF to look somewhere else than a java > > > keystore > > for > > > the key information. > > > > > > Say that you have a case where you need to add web services to an > > application > > > that already has a public key for all it's users in a database, for > > example. Would > > > it be possible to have CXF look for a public key in the database > > > instead > > of a > > > keystore? > > > > > > -Martin > >
