I got wss4j to work with encryption and signatures. My client knows the server's public certificate. My server knows the client's public certificate, and will reject requests originating from non-trusted clients.
However I want to dynamically add more clients -- I was thinking of using the Java keystore API to read the keystore file, insert a new certificate programatically, and then write it back. This way I'd be able to accept requests from other clients as long as I add their certificates "pseudo-manually" (upload the certificate through an html form, so that the operator does not need shell access to the server). I didn't want to have to restart the server for that, though... and, looking at the Merlin and AbstractCrypto code, it seems they only ever read the keystore file upon instantiation. Has anyone thought of a "reload" method that would cause them to read the file again? Any suggestions are welcome! []'s
