[
https://issues.apache.org/jira/browse/WSS-277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13027007#comment-13027007
]
Colm O hEigeartaigh commented on WSS-277:
-----------------------------------------
Hi Marcin,
I'm not inclined to add support to the Crypto interface to get all
certificates. Here are my reasons...
1) It breaks the contract that the interface represents. For example, if an
implementation is an XKMS client that gets certs from a remote server, how will
it get all X509Certificates?
2) If the method was implemented, would it return all certificates or all
certificate chains? Would it include the certs in the truststore, or just the
keystore?
3) The user who wishes to access all certs for some specific reason, can easily
just cast the Crypto to a Merlin instance and use the getKeyStore() and
getTrustStore() methods. Alternatively, the user could just subclass Merlin.
Is there any reason why option number 3 won't work for you?
Colm.
> can't get all certificates from Crypto
> --------------------------------------
>
> Key: WSS-277
> URL: https://issues.apache.org/jira/browse/WSS-277
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.6, 1.6.1
> Environment: all
> Reporter: Marcin Markiewicz
> Assignee: Colm O hEigeartaigh
>
> In wss4j 1.5.x you could get all certificates via keystore. Getting the
> KeyStore is not possible anymore since 1.6 (for good reasons). Now you can
> get the certificates for given alias, DN, hash an so on.But if you want to
> get all certificates, it isn't possible.
> The method getX509Certificates(CryptoType) in Crypto should be changed. I.e.
> by specifying a new Type in CryptoType - something like "ALL" - and then
> delivering all certificates.
> By the way - CryptoType is used only in Crypto for specifying the way the
> certificates are choosen. Wouldn't it be better to provide separate methods
> without the CryptoType parameter - something like
> getX509CertificatesByAlias(String alias),
> getX509CertificatesBySubjectDN(String subjectDN) and so on? There are private
> methods for it anyway. We could make them public...
> But both ways are kind of equals. The problem with the CryptoType is, you
> have to set the proper Type AND the proper parameter (like String Alias, or
> String subjectDN). if you set the alias, and the Type THUMBPRINT_SHA1 then
> you find nothing. By getting the certificates by the proper method there is
> no possibility to pass wrong parameters...
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
