Is seem that the only way the certificate (X509) validation performs is: if a request to the server contains a certificate, that is already in the server's keystore, process the request (and the same with the server's response).
Could you, please, suggest a way to validate a certificate by the CRL and the root certificate?
What about using spring security and cxf's <jaxws:inInterceptors> ? Can't find a tutorial yet
PROGRESS Trying to write my own interceptor:
public class MyInInterceptor extends AbstractPhaseInterceptor<Message> {
Logger logger = Logger.getLogger(MyInInterceptor.class);
public MyInInterceptor() {
super(Phase.PRE_PROTOCOL);
addAfter(WSS4JInInterceptor.class.getName());
}
private SOAPMessage getSOAPMessage(SoapMessage msg) {
SAAJInInterceptor.INSTANCE.handleMessage(msg);
return msg.getContent(SOAPMessage.class);
}
@Override
public void handleMessage(Message message) throws Fault {
logger.info("custom handleMessage method");
logger.info("getting a certificate");
HashMap engine = (HashMap) message.get("wss4j.signature.result");
X509Certificate certificate = (X509Certificate) engine.get("x509-certificate");
logger.info("parsing certificate");
}
For now the issue is to validate the certificate with any possible way, say the pure java..
The solution is to develop a custom interceptor:
/**
* Constructor
*/
public SecurityInInterceptor() {
super(Phase.PRE_PROTOCOL);
getAfter().add(SAAJInInterceptor.class.getName());
}