Hi I am trying to use wss4j 1.6.2 to sign a webservices communication. Using a keystore with my keypair, and the different org.apache.ws.security.crypto.merlin.keystore.* properties, I can successfully sign the message (and the receiver successfully verifies it).
However in my setting it would be much more convenient if I could just specify the raw key pair to be used for every request. Looking for a possibility to do this, I came across the following API: WSSecSignature#setSecretKey(byte[]) WSSecSignature#setX509Certificate(X509Certificate) What is the intention with this API? Is it supposed to be an alternative to specifying a keystore (via properties above)? Or is the recommended way to go via specifying a keystore (even if this means writing out the key pair to a temp file upon every request)? Would be great if anyone could shed some light on this! Gruäss, stefan.
