[GitHub] [ws-wss4j] free-ice opened a new pull request #41: Add wfc compat for 2 3 x

Fri, 24 Sep 2021 06:56:29 -0700 


free-ice opened a new pull request #41:
URL: https://github.com/apache/ws-wss4j/pull/41


   Comments: Not sure why there is a merge conflict, I rebased with 9/20 
changes before pushing to the free-ice repo.
                      Still need to perform additional testing once I modify 
spring-ws to expose new options hence the draft state.
   
   **Overview**
   Add ISSUER_SERIAL_QUOTE_FORMAT option output a format that is compatiable 
with both Microsoft's WCF stack and Java.
   This is achieved by using quotes to delimit unicode characters as opposed to 
a backslash.
   
   This solves the :
   **The EncryptedKey clause was not wrapped with the required encryption token 
'System.IdentityModel.Tokens.X509SecurityToken'**
   error seen in IIS and which dates back to at least 2007.
   
   Example, minimal diff:
   ```
                ISSUER_SERIAL               OU=Sales,CN=J. Smith
                ISSUER_SERIAL_QUOTE_FORMAT  OU=Sales, CN=J. Smith
   ```
   Example which prompted this change:
   ```
   ISSUER_SERIAL:                 CN=Entrust Certification Authority - 
L1K,OU=(c) 2012 Entrust\, Inc. - for authorized use only,OU=See 
www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US
   
   ISSUER_SERIAL_QUOTE_FORMAT:    CN=Entrust Certification Authority - L1K, 
OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See 
www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
   ```
   
   **Details**
   RFC 2253 seems to provide two approaches for escaping characters.
   WCF seems to only support the use of using "".
   Java seems to support both approaches using \ or using "". 
   This claim is supported by Unit tests by testing against all CA in Java's 
keystore used to test wss4j and also a fixed set of CA.
   
   This patch changes the Issuers X509Principal name format to the "" delimited
   format. It has simple unit tests and also another test that uses the JDK
   truststore and test that Java interprets the Comma delimted RDN the
   same as the \ delimited format.
   
   This patch was originally against the 2_3_x-fixes , ~ August 2021 and has 
mainly been tested under Java 8,
   and against both a test and production WCF system.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to