Hi Martin, New Crypto interface in new WSS4J (1.6.X, 2.X.X) is keystore independent, just take a newer Version.
http://people.apache.org/~coheigea/stage/wss4j/1.6.0/site/apidocs/org/apache/ws/security/components/crypto/Crypto.html#getKeyStore%28%29 https://ws.apache.org/wss4j/apidocs/org/apache/wss4j/common/crypto/Crypto.html. You can take XKMS Crypto provider as a basis. The provider loads public certificates from XKMS Service: https://github.com/apache/cxf/blob/master/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/XkmsCryptoProvider.java Regards, Andrei. > -----Original Message----- > From: Martin Nielsen [mailto:[email protected]] > Sent: Freitag, 26. Juni 2015 15:32 > To: [email protected] > Subject: Creating a crypto provider for something else than a keystore > > Hello all. > > I am considering implementing a number of SOAP webservices using CXF for an > existing application. The application already has a large number of x509 > certificates and corresponding keys in a store that is NOT a java keystore. > > Is it possible to implement another crypto provider like Merlin: > http://people.apache.org/~coheigea/stage/wss4j/1.5.5/site/apidocs/org/apach > e/ws/security/components/crypto/Merlin.html > ? > The provider should not take data from a Java keystore but another source. > > I was looking into implementing my own version of Crypto: > http://people.apache.org/~coheigea/stage/wss4j/1.5.10/site/apidocs/org/apac > he/ws/security/components/crypto/Crypto.html > > but i am confused. The method *getKeyStore > <http://people.apache.org/~coheigea/stage/wss4j/1.5.10/site/apidocs/org/apa > che/ws/security/components/crypto/Crypto.html#getKeyStore()>* > () returns the backing keystore. This doesn't seem like its independent of > the > Keystore backend. > > Is it possible to implement a Crypto provider that is not dependent on a Java > keystore for use in CXF authentication and encryption? > And am i correct in assuming that > org.apache.ws.security.components.crypto.Crypto > is the correct interface to implement if i want to substitute Merlin as a > crypto > provider? > > Thank you in advance. > > -Martin
