X509V3 KeyIdentifier cannot be set dynmaically
----------------------------------------------
Key: RAMPART-335
URL: https://issues.apache.org/jira/browse/RAMPART-335
Project: Rampart
Issue Type: Improvement
Affects Versions: 1.6.0
Reporter: Gergan Dimitrov
Hi all,
for our SOA solution, we use AXIS2 and Rampart for security. But we configure
the rampart policy at runtime, because we support different users with
different security settings and preferences. Therefore, we use classes from the
Rampart api as AsymmetricBinding, X509Token, etc. to configure. So, we need to
support <wsse:KeyIdentifier> with
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";.
Unfortunately, we are not able to do so through the api, because we use the
X509Token.require* methods to specify how the certificate is referenced. And we
have only the option setRequireKeyIdentifierReference(), which by default uses
SubjectKeyIdentifer, which is implemented in the RampartUitl class. Therefore,
I think the API can be extended with method such as
setRequireX509V3KeyIdentifierReference, and the
RampartUtil.setKeyIdentifierType method to be extended, so that it can set the
WSConstants.X509_KEY_IDENTIFIER. The code changes are really small, and I am
ready to provide patch for this. Of course, it could be better to extend the
api to support providing the ValueType as parameter, rather than using boolean
flags, but I leave this decision up to you.
Thank for your time and attention.
Regards,
Gergan Dimitrov.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
