Thank you Andrei. I ended up using Spring EL to supply the password. But I have noticed that if the keystore and key passwords are different, I get "Unrecoverable key" exception. Is this some sort of bug with Merlin or am I missing something?
Thanks, Giriraj. On Sat, Jul 12, 2014 at 11:15 AM, Andrei Shakirin <ashaki...@talend.com> wrote: > Hi, > > In spring configuration you can only specify password directly: > <httpj:engine-factory id="port-9001-tls-config"> > <httpj:engine port="9001"> > <httpj:tlsServerParameters> > <sec:keyManagers keyPassword="password"> > <sec:keyStore type="JKS" password="password" > file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/> > </sec:keyManagers> > <sec:trustManagers> > <sec:keyStore type="JKS" password="password" > file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/> > </sec:trustManagers> > </httpj:tlsServerParameters> > </httpj:engine> > </httpj:engine-factory> > > But you can get password from the callback or other store using > programmatic initialization of tlsClientParameters: > TLSClientParameters tlsClientParameters = new TLSClientParameters(); > ... > String alg = KeyManagerFactory.getDefaultAlgorithm(); > char[] keyPass = keyPassword != null > ? keyPassword.toCharArray() > : null; > KeyManagerFactory fac = KeyManagerFactory.getInstance(alg); > fac.init(keyStore, keyPass); > tlsClientParameters.setKeyManagers(fac.getKeyManagers()); > HTTPConduit http = > (HTTPConduit) client.getConduit(); > http.setTlsClientParameters(tlsClientParameters); > ... > > Regards, > Andrei. > > > > -----Original Message----- > > From: Giriraj Bhojak [mailto:girira...@gmail.com] > > Sent: Freitag, 11. Juli 2014 22:16 > > To: users@cxf.apache.org > > Subject: Supplying passwords for key manager and trust manager to > > http:conduit > > > > Hello all, > > > > I am using http-conduit for SSL support in CXF 2.7.11. > > Is there a way I can specify a password callback for <sec:keyManagers> > and > > <sec:trustManagers>? > > > > Thanks, > > Giriraj. >
