Nice - so I won't have to load the certificat again since it is in the request. They have been using the CertPath API in WSS4J to validate the certificate - I wonder why they did not use CRL validation - for me it is mandatory if you use a PKI to validate against a CRL if you don't want to weekness the security of the system.
Here is the validation with CertPath http://ws.apache.org/wss4j/xref/org/apache/ws/security/components/crypto/BouncyCastle.html On 11/29/07, Fred Dushin <[EMAIL PROTECTED]> wrote: > > Interesting idea. > > I'd implement it as a CXF InInterceptor, appropriately place after > the CXF WSS4J InInterceptor, and then grab the X.509 certificate off > the request context. You can then use JCE interfaces to validate the > received certificate off your CRL, to make sure it hasn't been revoked. > > -Fred > > On Nov 29, 2007, at 9:44 AM, Olivier OTTAVI wrote: > > > Does anyone use WS-Security with X509 certificates and manage to > > validate > > against CRL with CXF or WSS4J ? I am looking for a standard or a > > custom way > > to design this validation (throught callback or interceptor for > > exemple) > > > > Thanks > >
