You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Paul Grillo <Pa...@trivininc.com> on 2005/08/11 23:39:28 UTC

Public Certificate Access using Extension ID 2.5.29.14

I am using Axis and WSS4J for security.  I am having problems
communicating with my vendor when using his public certificate for
encrypting.  I am able to do the encryption but am not able to send the
KeyIdentifier along, which is what he expects

In org.apache.ws.security.components.crypto

the following is an excerpt when calling to get the SKIBytes, the
identifier.

the line: 		byte[] derEncodedValue =
cert.getExtensionValue(SKI_OID);
returns a null and I get a null pointer later.  Bottom line is that
there is no extension value of type "2.5.29.14" in the certificate. Is
there any other way to get the ID?  I don't believe that this extension
is required in
this extension, but I need to pass along the key identifier.  Presumable
it exists, in the certificate.  Or is that a bad assumption.

I'm sort of stuck ... thanks for any help.



    /**
     * Reads the SubjectKeyIdentifier information from the certificate.
     * <p/>
     * If the the certificate does not contain a SKI extension then
     * try to compute the SKI according to RFC3280 using the
     * SHA-1 hash value of the public key. The second method described
     * in RFC3280 is not support. Also only RSA public keys are
supported.
     * If we cannot compute the SKI throw a WSSecurityException.
     *
     * @param cert The certificate to read SKI
     * @return The byte array conating the binary SKI data
     */
    public byte[] getSKIBytesFromCert(X509Certificate cert)
			throws WSSecurityException {
		/*
		 * Gets the DER-encoded OCTET string for the extension
value (extnValue)
		 * identified by the passed-in oid String. The oid
string is represented
		 * by a set of positive whole numbers separated by
periods.
		 */
		byte[] derEncodedValue =
cert.getExtensionValue(SKI_OID);



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org