Im not sure if is correct or incorrect, maybe is that i have not understand well the keystore truststore thing...
Checking the sourcecode, adding "loggin debug lines", and compiling it, i have seen that the problem is that using as
tokenReference:
x509IssuerSerial
or
keyIdentifier
it goes process it in
org.jboss.ws.extensions.security.SecurityStore
and there it looks inside keystore, not truststore, for the certificates to check the signature.
Maybe is a problem that come with the encryption thing. (im only using signature)
(post about it: http://community.jboss.org/index.html?module=bb&op=viewtopic&t=94406)
I am no expert in this so i am welcome to any explanation.
Looking forward for any feedback.
Salutes all jboss stuff and other guys that collaborate doing this great project.