You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2009/06/18 12:13:07 UTC
[jira] Commented: (WSS-200) Compliance with X.509 Certificate Token
Profile
[ https://issues.apache.org/jira/browse/WSS-200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12721162#action_12721162 ]
Colm O hEigeartaigh commented on WSS-200:
-----------------------------------------
Hi Mattias,
I can't reproduce this issue. See for example the unit tests:
http://svn.apache.org/repos/asf/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java
These produce output along the lines of:
<wsse:SecurityTokenReference wsu:Id="STR-D65376C797639C58E912453196845903"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">2DUoN4ppxJz/RNgcCDsJ4SocPdk=</wsse:KeyIdentifier></wsse:SecurityTokenReference>
Can you attach the complete request message? What configuration are you using?
Colm.
> Compliance with X.509 Certificate Token Profile
> -----------------------------------------------
>
> Key: WSS-200
> URL: https://issues.apache.org/jira/browse/WSS-200
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.7
> Environment: I have been running a Java based tool om Windows that have wss4j-1.5.7.jar in it's lib folder so I quess that WSS4J is used internaly by the tool.
> Reporter: Mattias Sjölén
> Assignee: Ruchith Udayanga Fernando
>
> Chapter "3.2.1 Reference to an X.509 Subject Key Identifier" in the "Certificate Token Profile 1.1" specification states the following - "The <wsse:KeyIdentifier> element MUST have a ValueType attribute with the value #X509SubjectKeyIdentifier and its contents MUST be the value of the certificate's X.509v3 SubjectKeyIdentifier extension, encoded as per the <wsse:KeyIdentifier> element's EncodingType attribute."
> The tool I use signs an outgoing xml according to the specified policy and it will then contain the following tags:
> <wsse:SecurityTokenReference wsu:Id="STRId-14A576A8..." xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
> MIIEFzCCAv+gA...
> </wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> Notice that the ValueType for the KeyIdentifier is #X509v3 instead of #X509SubjectKeyIdentifier
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
> If I perform a Base64Decode on the value inside tha tag it contains a X.509 Certifikate and not a Subject Key Identifier
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org