You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Hans G Knudsen (JIRA)" <ji...@apache.org> on 2007/12/13 16:02:43 UTC
[jira] Commented: (RAMPART-25) Abilty to dynamically set Encryption
certificate on client
[ https://issues.apache.org/jira/browse/RAMPART-25?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12551529 ]
Hans G Knudsen commented on RAMPART-25:
---------------------------------------
Hi!
I just had another look at this issue - as I encountered a problem when the receiver(encryption certificate) is not present in keystore when validating the response.
The policy has InitiatorToken == AlwaysToRecipient - and therefor the certificate is not present in response - only the reference. As a consequence the certificate can not be found and certificate path not validated.
As a temporary workaround I cache the certificate in a custom 'Merlin' when sending - and injects it into the keystore before validating.
But I would like to see a better solution - eg saving it in the MessageContext/AxisService as mentioned in :
https://issues.apache.org/jira/browse/RAMPART-121
> Abilty to dynamically set Encryption certificate on client
> ----------------------------------------------------------
>
> Key: RAMPART-25
> URL: https://issues.apache.org/jira/browse/RAMPART-25
> Project: Rampart
> Issue Type: Improvement
> Components: rampart-core
> Affects Versions: 1.1
> Reporter: Hans G Knudsen
>
> Hi!
> I was looking for a way to dynamically specify the encryption certificate in a client, instead of specifying it statically in the RampartConfig by defining the 'encryptionUser'.
> Looking at RampartUtil.setEncryptionUser it looked like the only way to do it, was to resemble the 'useReqSigCert' option which makes the server use the received signature certificate for encryption on a reply..
> This would look something like this...
> X509Certificate cert = fetchFromLdap( recipient );
> Vector results = new Vector();
> WSSecurityEngineResult wsser = new WSSecurityEngineResult(WSConstants.SIGN, null, cert, null, new byte[0]);
> results.add( wsser );
>
> WSHandlerResult wshr = new WSHandlerResult("STRING", results);
> Vector resultObj = new Vector();
> resultObj.add( wshr );
>
> clientOptions.setProperty( WSHandlerConstants.RECV_RESULTS, resultObj );
> Would It be usefull to be able to specify the certificate as a Rampart parameter/property - something like :
> clientOptions.serProperty( RampartMessageData.ENCRYPTION_CERTIFICATE, cert );
> and have RampartUtil check 'encryptionUser' for eg 'useParamCert' and use the transfered certificate for outgoing encryption.
> Should I supply a proposal as a diff ??
> /hans
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.