[ 
https://issues.apache.org/jira/browse/WSS-277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13022360#comment-13022360
 ] 

Marcin Markiewicz commented on WSS-277:
---------------------------------------

Hello,

well, this is quite simple - I need all certificates for logging reasons. And 
for checking the CRLs. If the later will be done by Crypto, then only the 
logging reasons remain.
And by the way - if there are four or five possibilities for getting the 
certificates - by alias, checksum, DN and so on - why there shouldn't be one 
more possibility - to get all of them? I don't see any reason telling not to 
make it possible.

> can't get all certificates from Crypto
> --------------------------------------
>
>                 Key: WSS-277
>                 URL: https://issues.apache.org/jira/browse/WSS-277
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.6, 1.6.1
>         Environment: all
>            Reporter: Marcin Markiewicz
>            Assignee: Colm O hEigeartaigh
>
> In wss4j 1.5.x you could get all certificates via keystore. Getting the 
> KeyStore is not possible anymore since 1.6 (for good reasons). Now you can 
> get the certificates for given alias, DN, hash an so on.But if you want to 
> get all certificates, it isn't possible.
> The method getX509Certificates(CryptoType) in Crypto should be changed. I.e. 
> by specifying a new Type in CryptoType - something like "ALL" - and then 
> delivering all certificates.
> By the way - CryptoType is used only in Crypto for specifying the way the 
> certificates are choosen. Wouldn't it be better to provide separate methods 
> without the CryptoType parameter - something like 
> getX509CertificatesByAlias(String alias), 
> getX509CertificatesBySubjectDN(String subjectDN) and so on? There are private 
> methods for it anyway. We could make them public...
> But both ways are kind of equals. The problem with the CryptoType is, you 
> have to set the proper Type AND the proper parameter (like String Alias, or 
> String subjectDN). if you set the alias, and the Type THUMBPRINT_SHA1 then 
> you find nothing. By getting the certificates by the proper method there is 
> no possibility to pass wrong parameters...

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to