X509TokenValidator

[janb <jb...@talend.com>]

Hi I think I found a bug in X509TokenValidator class, but before posting a
new jira entry I would like to get your confirmation in this behalf.

As far as I understand this matter and please correct me if I'm wrong: 
There are two crypto handler I can configure:
<entry key="ws-security.signature.crypto" value-ref="..."/>
<entry key="ws-security.encryption.crypto" value-ref="..."/>

ws-security.signature.crypto is for my own signature, when sending messages,
and to decrypt messages, which have been send to me. (here is my private
key)
ws-security.encryption.crypto is for encrypting messages before sending and
validating of signatures in received messages. (here are all my trusted
public keys/CAs)

If this is correct, I assume that the following line (101) in cxf Version
2.5.0 needs to be updated:

Crypto sigCrypto = stsProperties.getSignatureCrypto();

Because here the signature of a received message should be verified, but the
crypto provider for my own signature is called/used.

((I want to store my private key in a local keystore and get public keys via
an XKMS CryptoProvider. As far as I understud this would not word with this
X509TokenValidator...))

Best regards
Jan

--
View this message in context: http://cxf.547215.n5.nabble.com/X509TokenValidator-tp5139681p5139681.html
Sent from the cxf-dev mailing list archive at Nabble.com.

Re: X509TokenValidator

[janb <jb...@talend.com>]

Done.

https://issues.apache.org/jira/browse/CXF-4028

--
View this message in context: http://cxf.547215.n5.nabble.com/X509TokenValidator-tp5139681p5140142.html
Sent from the cxf-dev mailing list archive at Nabble.com.

Re: X509TokenValidator

[Colm O hEigeartaigh <co...@apache.org>]

Hi Jan,

Yes I think you are correct - go ahead and file a JIRA. I think it
should fall back to the signature Crypto object if the encryption
Crypto object is not specified.

Colm.

On Thu, Jan 12, 2012 at 11:15 AM, janb <jb...@talend.com> wrote:
> Hi I think I found a bug in X509TokenValidator class, but before posting a
> new jira entry I would like to get your confirmation in this behalf.
>
> As far as I understand this matter and please correct me if I'm wrong:
> There are two crypto handler I can configure:
> <entry key="ws-security.signature.crypto" value-ref="..."/>
> <entry key="ws-security.encryption.crypto" value-ref="..."/>
>
> ws-security.signature.crypto is for my own signature, when sending messages,
> and to decrypt messages, which have been send to me. (here is my private
> key)
> ws-security.encryption.crypto is for encrypting messages before sending and
> validating of signatures in received messages. (here are all my trusted
> public keys/CAs)
>
> If this is correct, I assume that the following line (101) in cxf Version
> 2.5.0 needs to be updated:
>
> Crypto sigCrypto = stsProperties.getSignatureCrypto();
>
> Because here the signature of a received message should be verified, but the
> crypto provider for my own signature is called/used.
>
> ((I want to store my private key in a local keystore and get public keys via
> an XKMS CryptoProvider. As far as I understud this would not word with this
> X509TokenValidator...))
>
> Best regards
> Jan
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/X509TokenValidator-tp5139681p5139681.html
> Sent from the cxf-dev mailing list archive at Nabble.com.



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com