You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2011/04/20 15:16:05 UTC

[jira] [Commented] (WSS-277) can't get all certificates from Crypto

    [ https://issues.apache.org/jira/browse/WSS-277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13022108#comment-13022108 ] 

Colm O hEigeartaigh commented on WSS-277:
-----------------------------------------


What is the use-case you have for wanting to access X509Certificates from the Crypto object? Does this requirement become void if Merlin is updated to perform CRL checking on the certificate chain? The reason I ask, is that it may just be easier to let the user subclass Merlin or something for custom cases that involve manipulating the certificates of the keystore.

Colm.

> can't get all certificates from Crypto
> --------------------------------------
>
>                 Key: WSS-277
>                 URL: https://issues.apache.org/jira/browse/WSS-277
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.6, 1.6.1
>         Environment: all
>            Reporter: Marcin Markiewicz
>            Assignee: Colm O hEigeartaigh
>
> In wss4j 1.5.x you could get all certificates via keystore. Getting the KeyStore is not possible anymore since 1.6 (for good reasons). Now you can get the certificates for given alias, DN, hash an so on.But if you want to get all certificates, it isn't possible.
> The method getX509Certificates(CryptoType) in Crypto should be changed. I.e. by specifying a new Type in CryptoType - something like "ALL" - and then delivering all certificates.
> By the way - CryptoType is used only in Crypto for specifying the way the certificates are choosen. Wouldn't it be better to provide separate methods without the CryptoType parameter - something like getX509CertificatesByAlias(String alias), getX509CertificatesBySubjectDN(String subjectDN) and so on? There are private methods for it anyway. We could make them public...
> But both ways are kind of equals. The problem with the CryptoType is, you have to set the proper Type AND the proper parameter (like String Alias, or String subjectDN). if you set the alias, and the Type THUMBPRINT_SHA1 then you find nothing. By getting the certificates by the proper method there is no possibility to pass wrong parameters...

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org