Apache CXF / WSS4J证书验证

Question

Is seem that the only way the certificate (X509) validation performs is: if a request to the server contains a certificate, that is already in the server's keystore, process the request (and the same with the server's response).

Could you, please, suggest a way to validate a certificate by the CRL and the root certificate?

What about using spring security and cxf's <jaxws:inInterceptors> ? Can't find a tutorial yet

PROGRESS Trying to write my own interceptor:

public class MyInInterceptor extends AbstractPhaseInterceptor<Message> {
Logger logger = Logger.getLogger(MyInInterceptor.class);

public MyInInterceptor() {
    super(Phase.PRE_PROTOCOL);

    addAfter(WSS4JInInterceptor.class.getName());
}

private SOAPMessage getSOAPMessage(SoapMessage msg) {
    SAAJInInterceptor.INSTANCE.handleMessage(msg);
    return msg.getContent(SOAPMessage.class);
}

@Override
public void handleMessage(Message message) throws Fault {
    logger.info("custom handleMessage method");

    logger.info("getting a certificate");
    HashMap engine = (HashMap) message.get("wss4j.signature.result");
    X509Certificate certificate = (X509Certificate) engine.get("x509-certificate");

    logger.info("parsing certificate");

}

For now the issue is to validate the certificate with any possible way, say the pure java..

Answer 1

The solution is to develop a custom interceptor:

/** 
 * Constructor
*/ 
public SecurityInInterceptor() {
   super(Phase.PRE_PROTOCOL);
   getAfter().add(SAAJInInterceptor.class.getName());
}

The hard of the solution is this and this answers.