Currently we support two CertificateRepositories: file and ldap. These are selected using a config variable. Then a factory class decides which to use.
This has two disadvantages:
1. We have the overhead of the ldap config in the service setup even if the user does not use ldap
2. It is not possible to use an alternative repo impl without changing the cxf code or creating a complete new blueprint context for the wiring
I propose another solution for OSGi:
We still use the property xkms.certificate.repo to set the certifacte repo to use but we use an OSGi service to find it.
The user can then install an OSGi service with interface CertificateRepo and a property name=myreponame. He can then set the above property to myreponame and the XKMS service will wire to this service.
So the repository can be swapped without touching the cxf code.