[
https://issues.apache.org/jira/browse/WSS-277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13027031#comment-13027031
]
Marcin Markiewicz commented on WSS-277:
---------------------------------------
Hello,
I can understand your doubts.
Number 3 would work for me, but what happasn if wss4j won't use Merlin
anymore ad it would be replaced by something different? Then my cast
won't work anymore. But until then I don't see any Problems doing so.
But anyway - if there are 5 ways to get the certificates specifying the
proper CryptoType - this way one can get certificates matching given
alias or issuer serial or ski bytes or subject DN or thumbprint - why
can't there be a CryptoType for getting them all? Now I can get all
certificates with the alias "xyz" (OK, usually the Array will carry just
one certificate...). There are no keystores or certificate chains. And I
would like to have the same, but just with the possibility of getting
all certificates.
I think the change in the API is trivial - one more CryptoType.TYPE
value (i.e. "ALL").
In case of Merlin, it would get all certificates from the keystore and
return it.
I have no idea how to solve your first point. I have no idea how xkms
works. Is it really not possible to get all certificates from it?
Well, anyways - I will try to subcast to Merlin for the beginning.
Unfortunately I don't have any time to work on this project now - But in
a month or so the work will go on...
Greeetings,
Marcin Markiewicz
> can't get all certificates from Crypto
> --------------------------------------
>
> Key: WSS-277
> URL: https://issues.apache.org/jira/browse/WSS-277
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.6, 1.6.1
> Environment: all
> Reporter: Marcin Markiewicz
> Assignee: Colm O hEigeartaigh
>
> In wss4j 1.5.x you could get all certificates via keystore. Getting the
> KeyStore is not possible anymore since 1.6 (for good reasons). Now you can
> get the certificates for given alias, DN, hash an so on.But if you want to
> get all certificates, it isn't possible.
> The method getX509Certificates(CryptoType) in Crypto should be changed. I.e.
> by specifying a new Type in CryptoType - something like "ALL" - and then
> delivering all certificates.
> By the way - CryptoType is used only in Crypto for specifying the way the
> certificates are choosen. Wouldn't it be better to provide separate methods
> without the CryptoType parameter - something like
> getX509CertificatesByAlias(String alias),
> getX509CertificatesBySubjectDN(String subjectDN) and so on? There are private
> methods for it anyway. We could make them public...
> But both ways are kind of equals. The problem with the CryptoType is, you
> have to set the proper Type AND the proper parameter (like String Alias, or
> String subjectDN). if you set the alias, and the Type THUMBPRINT_SHA1 then
> you find nothing. By getting the certificates by the proper method there is
> no possibility to pass wrong parameters...
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
