This change gives the crypto factory the ability to manage multiple keys. The example use case would be separate Signature and Decryption Keys on Inbound. WSS4j attempts to find the key using the name of the key that encrypted the data and Phase4 uses the primary key of the crypto factory to sign the receipt signal message, however, these keys need to be the same due to the password handling logic in Phase4KeyStoreCallbackHandler.java.
This change allows implementers to provide separate keys for both operations, by simply overriding the getKeyPassword (String) method in the IAS4CryptoFactory. The existing logic is maintained through the default implementation in the interface.
Example:
public class MyCryptoFactory implements IAS4CryptoFactory {
/* Existing Crypto Getters */
public String getKeyPassword (String keyAlias) {
String password = super.getKeyPassword (keyAlias);
if (password == null) {
// Lookup the other key password, possibly in a Map
}
return password;
}
Change Description
This change gives the crypto factory the ability to manage multiple keys. The example use case would be separate Signature and Decryption Keys on Inbound. WSS4j attempts to find the key using the name of the key that encrypted the data and Phase4 uses the primary key of the crypto factory to sign the receipt signal message, however, these keys need to be the same due to the password handling logic in Phase4KeyStoreCallbackHandler.java.
This change allows implementers to provide separate keys for both operations, by simply overriding the
getKeyPassword (String)method in theIAS4CryptoFactory. The existing logic is maintained through the default implementation in the interface.Example: