[jira] [Commented] (WSS-277) can't get all certificates from Crypto

Wed, 20 Apr 2011 06:16:50 -0700 

    [ 
https://issues.apache.org/jira/browse/WSS-277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13022108#comment-13022108
 ] 

Colm O hEigeartaigh commented on WSS-277:
-----------------------------------------


What is the use-case you have for wanting to access X509Certificates from the 
Crypto object? Does this requirement become void if Merlin is updated to 
perform CRL checking on the certificate chain? The reason I ask, is that it may 
just be easier to let the user subclass Merlin or something for custom cases 
that involve manipulating the certificates of the keystore.

Colm.

> can't get all certificates from Crypto
> --------------------------------------
>
>                 Key: WSS-277
>                 URL: https://issues.apache.org/jira/browse/WSS-277
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.6, 1.6.1
>         Environment: all
>            Reporter: Marcin Markiewicz
>            Assignee: Colm O hEigeartaigh
>
> In wss4j 1.5.x you could get all certificates via keystore. Getting the 
> KeyStore is not possible anymore since 1.6 (for good reasons). Now you can 
> get the certificates for given alias, DN, hash an so on.But if you want to 
> get all certificates, it isn't possible.
> The method getX509Certificates(CryptoType) in Crypto should be changed. I.e. 
> by specifying a new Type in CryptoType - something like "ALL" - and then 
> delivering all certificates.
> By the way - CryptoType is used only in Crypto for specifying the way the 
> certificates are choosen. Wouldn't it be better to provide separate methods 
> without the CryptoType parameter - something like 
> getX509CertificatesByAlias(String alias), 
> getX509CertificatesBySubjectDN(String subjectDN) and so on? There are private 
> methods for it anyway. We could make them public...
> But both ways are kind of equals. The problem with the CryptoType is, you 
> have to set the proper Type AND the proper parameter (like String Alias, or 
> String subjectDN). if you set the alias, and the Type THUMBPRINT_SHA1 then 
> you find nothing. By getting the certificates by the proper method there is 
> no possibility to pass wrong parameters...

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to