[jira] [Resolved] (RAMPART-335) X509V3 KeyIdentifier cannot be set dynmaically

Wed, 06 Nov 2024 11:21:10 -0800 


     [ 
https://issues.apache.org/jira/browse/RAMPART-335?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Lazarski resolved RAMPART-335.
-------------------------------------
    Resolution: Fixed

> X509V3 KeyIdentifier cannot be set dynmaically
> ----------------------------------------------
>
>                 Key: RAMPART-335
>                 URL: https://issues.apache.org/jira/browse/RAMPART-335
>             Project: Rampart
>          Issue Type: Improvement
>    Affects Versions: 1.6.0
>            Reporter: Gergan Dimitrov
>            Assignee: Robert Lazarski
>            Priority: Major
>             Fix For: 1.8.0
>
>         Attachments: patch.txt
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> Hi all,
> for our SOA solution, we use AXIS2 and Rampart for security. But we configure 
> the rampart policy at runtime, because we support different users with 
> different security settings and preferences. Therefore, we use classes from 
> the Rampart api as AsymmetricBinding, X509Token, etc. to configure. So, we 
> need to support <wsse:KeyIdentifier> with 
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";.
>  Unfortunately, we are not able to do so through the api, because we use the 
> X509Token.require* methods to specify how the certificate is referenced. And 
> we have only the option setRequireKeyIdentifierReference(), which by default 
> uses SubjectKeyIdentifer, which is implemented in the RampartUitl class. 
> Therefore, I think the API can be extended with method such as 
> setRequireX509V3KeyIdentifierReference, and the 
> RampartUtil.setKeyIdentifierType method to be extended, so that it can set 
> the WSConstants.X509_KEY_IDENTIFIER. The code changes are really small, and I 
> am ready to provide patch for this. Of course, it could be better to extend 
> the api to support providing the ValueType as parameter, rather than using 
> boolean flags, but I leave this decision up to you. 
> Thank for your time and attention.
> Regards,
> Gergan Dimitrov.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

Reply via email to