the new Crypto interface...

Thu, 14 Apr 2011 09:36:48 -0700 


Hello,

I'm currently trying to migrate my project from wssj4 1.5.x to 1.6. But I
encountered problems with the new Crypto Interface. In the old version it
was possible to get all Certificates from the keystore (by getting the
KeyStore and so on). But now it is not possible anymore. I can get the
Certificates by type (alian, DN, Hash,...), but I can't get all of them.
Or maybe I just don't see the proper method...

My second issue: if I want do validate the trust chain, then I can use the
new method "Crypto.verifyTrust(...)". But it does not check the CRLs. What
have I to do to check the CRLs?
Up to wss4j 1.5 I coult get the KeyStore from the Crypto and then pass it
to the "CertPathValidator" (beside some other needed params). But now I
can't get the KeyStore...

Can some one help me with this issues?

Here are some snippets from my code for better understanding of this two
problems:
1) - iterating over all certificates:
...
Enumeration aliases = crypto.getKeyStore().aliases(); // <- I can't get the
keystore now...
while (aliases.hasMoreElements())
{
   String debugAlias = aliases.nextElement().toString();
   X509Certificate[] debugCertificates = crypto.getCertificates
(debugAlias);
...
}

2) - validating the certificate trust chain. with CRLs:
...
CertPath path = crypto.getCertificateFactory().generateCertPath
(certList); // <- List<X509Certificate>...
PKIXParameters param = new PKIXParameters(crypto.getKeyStore()); // <- I
can't get the keystore now...
param.addCertStore(crlCertStore);
param.setRevocationEnabled(true);
CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX"
);
CertPathValidatorResult result = certPathValidator.validate(path, param);
...

If I could get the KeyStore, then both my problem would be solved. If I
could get all Certificates, then they would be solved too - in the second
case I can genereate a set of TrustAnchors from the certificates and pass
it to the PKIXParameters.

Greetings,
Marcin Markiewicz



----------------------------------------------------------------------------------------------------------------------------------------------


Fiducia IT AG
Fiduciastraße 20
76227 Karlsruhe

Sitz der Gesellschaft: Karlsruhe
AG Mannheim HRB 100059

Vorsitzender des Aufsichtsrats: Gregor Scheller
Vorsitzender des Vorstands: Michael Krings
Stellv. Vorsitzender des Vorstands: Klaus-Peter Bruns
Vorstand: Jens-Olaf Bartels, Hans-Peter Straberger

Umsatzsteuer-ID.Nr. DE143582320, http://www.fiducia.de
----------------------------------------------------------------------------------------------------------------------------------------------

Reply via email to