[
https://issues.apache.org/jira/browse/WSS-277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13022360#comment-13022360
]
Marcin Markiewicz commented on WSS-277:
---------------------------------------
Hello,
well, this is quite simple - I need all certificates for logging reasons. And
for checking the CRLs. If the later will be done by Crypto, then only the
logging reasons remain.
And by the way - if there are four or five possibilities for getting the
certificates - by alias, checksum, DN and so on - why there shouldn't be one
more possibility - to get all of them? I don't see any reason telling not to
make it possible.
> can't get all certificates from Crypto
> --------------------------------------
>
> Key: WSS-277
> URL: https://issues.apache.org/jira/browse/WSS-277
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.6, 1.6.1
> Environment: all
> Reporter: Marcin Markiewicz
> Assignee: Colm O hEigeartaigh
>
> In wss4j 1.5.x you could get all certificates via keystore. Getting the
> KeyStore is not possible anymore since 1.6 (for good reasons). Now you can
> get the certificates for given alias, DN, hash an so on.But if you want to
> get all certificates, it isn't possible.
> The method getX509Certificates(CryptoType) in Crypto should be changed. I.e.
> by specifying a new Type in CryptoType - something like "ALL" - and then
> delivering all certificates.
> By the way - CryptoType is used only in Crypto for specifying the way the
> certificates are choosen. Wouldn't it be better to provide separate methods
> without the CryptoType parameter - something like
> getX509CertificatesByAlias(String alias),
> getX509CertificatesBySubjectDN(String subjectDN) and so on? There are private
> methods for it anyway. We could make them public...
> But both ways are kind of equals. The problem with the CryptoType is, you
> have to set the proper Type AND the proper parameter (like String Alias, or
> String subjectDN). if you set the alias, and the Type THUMBPRINT_SHA1 then
> you find nothing. By getting the certificates by the proper method there is
> no possibility to pass wrong parameters...
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]