FYI: We looked into dynamic keystore loading, it is quite difficult to
do at well defined intervals .
IMHO, reloading the keystore before each query is algorithmically
expensive.
--andy
Ruchith Fernando wrote:
Hi,
I'm not sure whether we can integrate this as a part of the standard
impl. If we try to do this we will have to keep reloading the keystore
each time before we query it.
You can always extend Merlin to create your own implementation with
the additional functionality. :-)
Thanks,
Ruchith
On 1/20/07, José Ventura <[EMAIL PROTECTED]> wrote:
I got wss4j to work with encryption and signatures. My client knows the
server's public certificate. My server knows the client's public
certificate, and will reject requests originating from non-trusted
clients.
However I want to dynamically add more clients -- I was thinking of
using
the Java keystore API to read the keystore file, insert a new
certificate
programatically, and then write it back. This way I'd be able to accept
requests from other clients as long as I add their certificates
"pseudo-manually" (upload the certificate through an html form, so
that the
operator does not need shell access to the server).
I didn't want to have to restart the server for that, though... and,
looking
at the Merlin and AbstractCrypto code, it seems they only ever read the
keystore file upon instantiation. Has anyone thought of a "reload"
method
that would cause them to read the file again?
Any suggestions are welcome!
[]'s
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
