On Aug 31, 2005, at 2:26 AM, Dain Sundstrom wrote:
Good idea. Alternatively for our use, it looks like the directory
project has its own asn1 implementation. IIUC that is all we use
in the openejb corba code. Can we sidestep this problem by using
the directory's asn1 implementation?
Kresten, does the proposed Trifork ORB donation include the asn1
code necessary for CORBA security?
Our CSI interceptor can certainly be included in the donation. It
includes some hand-written code for some of the ASN.1 encodings, like
GSS_ExportedName.
For ITTDistinguishedName, we use
javax.security.auth.x500.X500Principal to decode the ASN.1 name.
(this should be in any 1.4+ JDK).
I cannot say for sure if this is all that will be needed in the
future, but we can take it from here. I.e. we might also need code
to ASN.1 encode/decode x509 certificate chains. I could not
immediately find somewhere in our code where we handle that beyond
SSL-level management.
If someone is actually working on this stuff, I can send them the
files that make up the CSI interceptor.
Kresten
