How can I register webservice through OSGi (karaf) API with custom trustManager

Question

I am working on software which registers WS through the call below:

initiatingBundle.getBundleContext()
    .registerService(
          interfaces,
          serviceObject,
          this.convertMapToDictionary(
                initiatingBundle.getBundleContext(),
                serviceAttributes
          )
    );

This is the help for the OSGi API:

org.osgi.framework.BundleContext
ServiceRegistration<?> registerService(java.lang.String[] clazzes,
                                   java.lang.Object service,
                                   java.util.Dictionary<java.lang.String,?> properties)

Is there any way (example with the properties attribute) to create a webservice with custom TrustManager like below?

TrustManager trustManager = new X509TrustManager() {

                            @Override public void checkClientTrusted( X509Certificate[] x509Certificates, String s ) throws CertificateException {
                                    System.out.println( "=== interception point at checkClientTrusted ===" );
                                    System.out.println( x509Certificates[0].getSubjectDN().getName() );
                                    System.out.println( "================================================" );
                                    throw new CertificateException( "interception point at checkClientTrusted" );
                            }

                            @Override public void checkServerTrusted( X509Certificate[] x509Certificates, String s ) throws CertificateException {
                                    System.out.println( "checkServerTrusted" );
                            }

                            @Override public X509Certificate[] getAcceptedIssuers() {
                                    return new X509Certificate[0];
                            }
                    };

Answer 1

Karaf uses Pax Web for the HttpService implementation, plus a lot more. In general a X509certificate will be needed if a SSL based connection is used. So you just need to configure the HttpService accordingly to the OSGi spec and with special Pax Web properties.

To enable SSL support you must set the following properties:
org.osgi.service.http.secure.enabled to true
org.ops4j.pax.web.ssl.keystore to the path to the keystore to be used. If not set the default path ${user.home}/.keystore is used.
org.ops4j.pax.web.ssl.password to the password used for keystore integrity check. The value can be in plain text or obfuscated ( starting with OBF: ) as described in step 4 of jetty docummentation
org.ops4j.pax.web.ssl.keypassword to the password used for keystore. The value can be in plain text or obfuscated ( starting with OBF: ) as described in step 4 of jetty docummentation
You may also set the following:
org.osgi.service.http.port.secure to change the port. Default is 8443.

Additionally for Certificates you'll need to set the following: org.ops4j.pax.web.ssl.clientauthwanted=wanted
This property specifies, if certificate-based client authentication at the server is "wanted".

org.ops4j.pax.web.ssl.clientauthneeded=required
This property specifies, if certificate-based client authentication at the server is "required".

More details may be found at the Pax Web project. Also there are samples available at the projects GitHub Project.