Can WSS4J be configured to retrieve private and public keys using XKMS instead of keystores?
This is an example keystore configuration:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepassword
org.apache.ws.security.crypto.merlin.keystore.alias=serverx509v1
org.apache.ws.security.crypto.merlin.keystore.file=keystore/server-keystore.jks
Is there a similar setup for using XKMS, or would I need to create a custom implementation of org.apache.ws.security.components.crypto.Crypto for retrieving keys using XKMS?
For the record, the answer is "yes". Apache CXF ships with a WSS4J Crypto implementation that can be used to perform locate + validate calls to an XKMS service to retrieve + validate X.509 Certificates when used with WS-Security. See here for more information:
http://cxf.apache.org/docs/xml-key-management-service-xkms.html
Colm.