You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Martin Nielsen <mn...@gmail.com> on 2015/06/26 15:32:19 UTC
Creating a crypto provider for something else than a keystore
Hello all.
I am considering implementing a number of SOAP webservices using CXF for an
existing application. The application already has a large number of x509
certificates and corresponding keys in a store that is NOT a java keystore.
Is it possible to implement another crypto provider like Merlin:
http://people.apache.org/~coheigea/stage/wss4j/1.5.5/site/apidocs/org/apache/ws/security/components/crypto/Merlin.html
?
The provider should not take data from a Java keystore but another source.
I was looking into implementing my own version of Crypto:
http://people.apache.org/~coheigea/stage/wss4j/1.5.10/site/apidocs/org/apache/ws/security/components/crypto/Crypto.html
but i am confused. The method *getKeyStore
<http://people.apache.org/~coheigea/stage/wss4j/1.5.10/site/apidocs/org/apache/ws/security/components/crypto/Crypto.html#getKeyStore()>*
() returns the backing keystore. This doesn't seem like its independent of
the Keystore backend.
Is it possible to implement a Crypto provider that is not dependent on a
Java keystore for use in CXF authentication and encryption?
And am i correct in assuming that
org.apache.ws.security.components.crypto.Crypto
is the correct interface to implement if i want to substitute Merlin as a
crypto provider?
Thank you in advance.
-Martin
RE: Creating a crypto provider for something else than a keystore
Posted by Andrei Shakirin <as...@talend.com>.
Hi Martin,
New Crypto interface in new WSS4J (1.6.X, 2.X.X) is keystore independent, just take a newer Version.
http://people.apache.org/~coheigea/stage/wss4j/1.6.0/site/apidocs/org/apache/ws/security/components/crypto/Crypto.html#getKeyStore%28%29 https://ws.apache.org/wss4j/apidocs/org/apache/wss4j/common/crypto/Crypto.html.
You can take XKMS Crypto provider as a basis. The provider loads public certificates from XKMS Service:
https://github.com/apache/cxf/blob/master/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/XkmsCryptoProvider.java
Regards,
Andrei.
> -----Original Message-----
> From: Martin Nielsen [mailto:mnybon@gmail.com]
> Sent: Freitag, 26. Juni 2015 15:32
> To: users@cxf.apache.org
> Subject: Creating a crypto provider for something else than a keystore
>
> Hello all.
>
> I am considering implementing a number of SOAP webservices using CXF for an
> existing application. The application already has a large number of x509
> certificates and corresponding keys in a store that is NOT a java keystore.
>
> Is it possible to implement another crypto provider like Merlin:
> http://people.apache.org/~coheigea/stage/wss4j/1.5.5/site/apidocs/org/apach
> e/ws/security/components/crypto/Merlin.html
> ?
> The provider should not take data from a Java keystore but another source.
>
> I was looking into implementing my own version of Crypto:
> http://people.apache.org/~coheigea/stage/wss4j/1.5.10/site/apidocs/org/apac
> he/ws/security/components/crypto/Crypto.html
>
> but i am confused. The method *getKeyStore
> <http://people.apache.org/~coheigea/stage/wss4j/1.5.10/site/apidocs/org/apa
> che/ws/security/components/crypto/Crypto.html#getKeyStore()>*
> () returns the backing keystore. This doesn't seem like its independent of the
> Keystore backend.
>
> Is it possible to implement a Crypto provider that is not dependent on a Java
> keystore for use in CXF authentication and encryption?
> And am i correct in assuming that
> org.apache.ws.security.components.crypto.Crypto
> is the correct interface to implement if i want to substitute Merlin as a crypto
> provider?
>
> Thank you in advance.
>
> -Martin