would you be able to compile a fresh version of xml-security from our cvs? if so, try replacing sun's DerValue with com.ibm.security.util.DerValue and see if that works, if it does, i am willing to patch the code using java reflection api to switch between the two.
thanks, -- dims On Fri, 25 Jun 2004 14:43:56 +0200, Heiner Westphal <[EMAIL PROTECTED]> wrote: > > I digged some more... > > It seems sun's DerValue class is only used, if > the xml signature keyinfo contains an <X509SKI> element > (signatures without work). > > This is what I get. I'm not sure if this is a legal keyinfo. > If the combination of issuer/serial and ski is not ok, I can > move the problem ownership to the sender :) > > <KeyInfo> > <X509Data> > <X509IssuerSerial> > <X509IssuerName> > C=DE,O=Secret GmbH, OU=development,CN=TestSecret > </X509IssuerName> > <X509SerialNumber>7711026923132787338</X509SerialNumber> > </X509IssuerSerial> > <X509SKI>aTTp+EejjS30eFH+UObfuscaTeME=</X509SKI> > </X509Data> > </KeyInfo> > > Regards, > > Heiner > > > > Heiner Westphal wrote: > > > Hello! > > > > Im using xml-security java 1.1.0 on an AIX with > > IBM SDK 1.4.1. > > > > In org.apache.xml.security.keys.content.x509.XMLX509SKI > > an object of class sun.security.util.DerValue is used, which > > should not be according to > > http://java.sun.com/products/jdk/faq/faq-sun-packages.html > > > > When I'm trying to read a specific certificate I get: > > Exception in thread "main" java.lang.NoClassDefFoundError: > > sun/security/util/DerValue. > > This does not happen, if I use a selfsigned cert created with > > keytool and keyalg=DSA. > > > > If anyone knows a quick workaround, please tell me. > > > > P.S.: The calling code is attached, trace below. > > trace is (sorry, no line numbers, > > ... means org.apache.xml.security.): > > > > Exception in thread "main" java.lang.NoClassDefFoundError: > > sun/security/util/DerValue > > at ...keys.content.x509.XMLX509SKI.getSKIBytesFromCert(Unknown Source) > > at ...keys.content.x509.XMLX509SKI.<init>(Unknown Source) > > at ...keys.keyresolver.implementations.X509SKIResolver. > > engineResolveX509Certificate(Unknown Source) > > at ...keys.keyresolver.KeyResolver.resolveX509Certificate(Unknown Source) > > at ...keys.KeyInfo.getX509CertificateFromStaticResolvers(Unknown Source) > > at ...keys.KeyInfo.getX509Certificate(Unknown Source) > > - HERE starts my custom code, see attachement - > > > > > > ------------------------------------------------------------------------ > > > > /** > > * Get a certificate that matches the given keyinfo. > > * @param keyInfo Keyinfo to check against. > > * @return certificate that matches the keyinfo. > > * @throws MyErrorException If no certificate was found just > > * because there was no matching, or because > > * the keystore was broken. > > */ > > private X509Certificate getCertificate(final KeyInfo keyInfo) > > throws MyErrorException { > > if (keyInfo != null) { > > if (keyInfo.containsX509Data()) { > > X509Certificate cert; > > try { > > StorageResolver storageResolver = > > new StorageResolver(new KeyStoreResolver(keyStore)); > > keyInfo.addStorageResolver(storageResolver); > > cert = keyInfo.getX509Certificate(); // HERE! > > } catch (StorageResolverException e) { > > throw new MyErrorException(e); > > } catch (KeyResolverException e) { > > throw new MyErrorException(e); > > } > > return cert; > > } else { > > throw new MyErrorException( > > "Message contains no KeyInfo. " + "Cannot check dsig."); > > } > > } else { > > throw new MyErrorException( > > "Message contains no X509Data. " + "Cannot check dsig."); > > } > > } > > -- Davanum Srinivas - http://webservices.apache.org/~dims/