[prev in list] [next in list] [prev in thread] [next in thread]
List: webservices-general
Subject: [jira] [Commented] (WSS-277) can't get all certificates from Crypto
From: "Marcin Markiewicz (JIRA)" <jira () apache ! org>
Date: 2011-04-29 15:36:03
Message-ID: 386656109.11869.1304091363214.JavaMail.tomcat () hel ! zones ! apache ! org
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/WSS-277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13027031#comment-13027031 \
]
Marcin Markiewicz commented on WSS-277:
---------------------------------------
Hello,
I can understand your doubts.
Number 3 would work for me, but what happasn if wss4j won't use Merlin
anymore ad it would be replaced by something different? Then my cast
won't work anymore. But until then I don't see any Problems doing so.
But anyway - if there are 5 ways to get the certificates specifying the
proper CryptoType - this way one can get certificates matching given
alias or issuer serial or ski bytes or subject DN or thumbprint - why
can't there be a CryptoType for getting them all? Now I can get all
certificates with the alias "xyz" (OK, usually the Array will carry just
one certificate...). There are no keystores or certificate chains. And I
would like to have the same, but just with the possibility of getting
all certificates.
I think the change in the API is trivial - one more CryptoType.TYPE
value (i.e. "ALL").
In case of Merlin, it would get all certificates from the keystore and
return it.
I have no idea how to solve your first point. I have no idea how xkms
works. Is it really not possible to get all certificates from it?
Well, anyways - I will try to subcast to Merlin for the beginning.
Unfortunately I don't have any time to work on this project now - But in
a month or so the work will go on...
Greeetings,
Marcin Markiewicz
> can't get all certificates from Crypto
> --------------------------------------
>
> Key: WSS-277
> URL: https://issues.apache.org/jira/browse/WSS-277
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.6, 1.6.1
> Environment: all
> Reporter: Marcin Markiewicz
> Assignee: Colm O hEigeartaigh
>
> In wss4j 1.5.x you could get all certificates via keystore. Getting the KeyStore is \
> not possible anymore since 1.6 (for good reasons). Now you can get the certificates \
> for given alias, DN, hash an so on.But if you want to get all certificates, it \
> isn't possible. The method getX509Certificates(CryptoType) in Crypto should be \
> changed. I.e. by specifying a new Type in CryptoType - something like "ALL" - and \
> then delivering all certificates. By the way - CryptoType is used only in Crypto \
> for specifying the way the certificates are choosen. Wouldn't it be better to \
> provide separate methods without the CryptoType parameter - something like \
> getX509CertificatesByAlias(String alias), getX509CertificatesBySubjectDN(String \
> subjectDN) and so on? There are private methods for it anyway. We could make them \
> public... But both ways are kind of equals. The problem with the CryptoType is, you \
> have to set the proper Type AND the proper parameter (like String Alias, or String \
> subjectDN). if you set the alias, and the Type THUMBPRINT_SHA1 then you find \
> nothing. By getting the certificates by the proper method there is no possibility \
> to pass wrong parameters...
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic