How to generate Axis2 XML Signature with distributed certificates

Question

I have somewhat of a problem.

We have a centralized interface engine that will talk to a web service that will provide information complement and allow to submit request to external systems. All this is good and fine until we have to integrate this with the required security from this provider.

They issue certificates distributed through smart cards (usb key) that the end user must use to have the software interact with said system (the web services). They insist that the (sometimes multiple) signature be done against the end-user`s certificate on his usb key. The private key is, of course, password protected.

How do I connect Axis2 that will ultimately handle all this to the certificates that are on the end-user`s computer.

The system is mostly legacy thick client application in Delphi 5, the interface engine interacts mostly with the database. Now we have managed to connect a piece of code that effectively connects the end-user`s station to the interface server via a simple TCP socket.

Answer 1

If you have the certificate residing on the client's USB token, then signing (as cryptographic operation) must be performed on the client side. If you can modify this Delphi application, then you can use SecureBlackbox for signing. I know nothing about Axis2, but if it allows creation and plugging custom cryptographic modules, then you make one that will take a hash (which is what is actually signed) and send it to the client for signing.