'[jira] [Updated] (RAMPART-335) X509V3 KeyIdentifier cannot be set'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       axis-user-ja
Subject:    [jira] [Updated] (RAMPART-335) X509V3 KeyIdentifier cannot be set
From:       "Gergan Dimitrov (JIRA)" <jira () apache ! org>
Date:       2011-07-25 12:39:11
Message-ID: 880428016.3657.1311597551288.JavaMail.tomcat () hel ! zones ! apache ! org
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/RAMPART-335?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Gergan Dimitrov updated RAMPART-335:
------------------------------------

    Attachment: patch.txt

Patch fixing this issue, SVN revision 1150660

> X509V3 KeyIdentifier cannot be set dynmaically
> ----------------------------------------------
> 
> Key: RAMPART-335
> URL: https://issues.apache.org/jira/browse/RAMPART-335
> Project: Rampart
> Issue Type: Improvement
> Affects Versions: 1.6.0
> Reporter: Gergan Dimitrov
> Attachments: patch.txt
> 
> Original Estimate: 1h
> Remaining Estimate: 1h
> 
> Hi all,
> for our SOA solution, we use AXIS2 and Rampart for security. But we configure the \
> rampart policy at runtime, because we support different users with different \
> security settings and preferences. Therefore, we use classes from the Rampart api \
> as AsymmetricBinding, X509Token, etc. to configure. So, we need to support \
> <wsse:KeyIdentifier> with \
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3". \
> Unfortunately, we are not able to do so through the api, because we use the \
> X509Token.require* methods to specify how the certificate is referenced. And we \
> have only the option setRequireKeyIdentifierReference(), which by default uses \
> SubjectKeyIdentifer, which is implemented in the RampartUitl class. Therefore, I \
> think the API can be extended with method such as \
> setRequireX509V3KeyIdentifierReference, and the RampartUtil.setKeyIdentifierType \
> method to be extended, so that it can set the WSConstants.X509_KEY_IDENTIFIER. The \
> code changes are really small, and I am ready to provide patch for this. Of course, \
> it could be better to extend the api to support providing the ValueType as \
> parameter, rather than using boolean flags, but I leave this decision up to you.  \
> Thank for your time and attention. Regards,
> Gergan Dimitrov.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic