You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Gergan Dimitrov (JIRA)" <ji...@apache.org> on 2011/07/25 14:33:10 UTC
[jira] [Created] (RAMPART-335) X509V3 KeyIdentifier cannot be set
dynmaically
X509V3 KeyIdentifier cannot be set dynmaically
----------------------------------------------
Key: RAMPART-335
URL: https://issues.apache.org/jira/browse/RAMPART-335
Project: Rampart
Issue Type: Improvement
Affects Versions: 1.6.0
Reporter: Gergan Dimitrov
Hi all,
for our SOA solution, we use AXIS2 and Rampart for security. But we configure the rampart policy at runtime, because we support different users with different security settings and preferences. Therefore, we use classes from the Rampart api as AsymmetricBinding, X509Token, etc. to configure. So, we need to support <wsse:KeyIdentifier> with ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3". Unfortunately, we are not able to do so through the api, because we use the X509Token.require* methods to specify how the certificate is referenced. And we have only the option setRequireKeyIdentifierReference(), which by default uses SubjectKeyIdentifer, which is implemented in the RampartUitl class. Therefore, I think the API can be extended with method such as setRequireX509V3KeyIdentifierReference, and the RampartUtil.setKeyIdentifierType method to be extended, so that it can set the WSConstants.X509_KEY_IDENTIFIER. The code changes are really small, and I am ready to provide patch for this. Of course, it could be better to extend the api to support providing the ValueType as parameter, rather than using boolean flags, but I leave this decision up to you.
Thank for your time and attention.
Regards,
Gergan Dimitrov.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
[jira] [Updated] (RAMPART-335) X509V3 KeyIdentifier cannot be set
dynmaically
Posted by "Gergan Dimitrov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-335?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gergan Dimitrov updated RAMPART-335:
------------------------------------
Attachment: patch.txt
Patch fixing this issue, SVN revision 1150660
> X509V3 KeyIdentifier cannot be set dynmaically
> ----------------------------------------------
>
> Key: RAMPART-335
> URL: https://issues.apache.org/jira/browse/RAMPART-335
> Project: Rampart
> Issue Type: Improvement
> Affects Versions: 1.6.0
> Reporter: Gergan Dimitrov
> Attachments: patch.txt
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> Hi all,
> for our SOA solution, we use AXIS2 and Rampart for security. But we configure the rampart policy at runtime, because we support different users with different security settings and preferences. Therefore, we use classes from the Rampart api as AsymmetricBinding, X509Token, etc. to configure. So, we need to support <wsse:KeyIdentifier> with ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3". Unfortunately, we are not able to do so through the api, because we use the X509Token.require* methods to specify how the certificate is referenced. And we have only the option setRequireKeyIdentifierReference(), which by default uses SubjectKeyIdentifer, which is implemented in the RampartUitl class. Therefore, I think the API can be extended with method such as setRequireX509V3KeyIdentifierReference, and the RampartUtil.setKeyIdentifierType method to be extended, so that it can set the WSConstants.X509_KEY_IDENTIFIER. The code changes are really small, and I am ready to provide patch for this. Of course, it could be better to extend the api to support providing the ValueType as parameter, rather than using boolean flags, but I leave this decision up to you.
> Thank for your time and attention.
> Regards,
> Gergan Dimitrov.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org