Sean, Are u guys back from vacation yet? :)
-- dims On Fri, 25 Jun 2004 09:35:57 -0400, Sean Mullan <[EMAIL PROTECTED]> wrote: > I'd say it wouldn't be too hard to remove the dependency on the DerValue > class completely. Basically, you want to extract the KeyIdentifier Octet > String from the DER-encoded extension value and then strip off the octet tag. > > If I have some time later, I'll send a snippet of code. > > --Sean > > > > Davanum Srinivas wrote: > > would you be able to compile a fresh version of xml-security from our > > cvs? if so, try replacing sun's DerValue with > > com.ibm.security.util.DerValue and see if that works, if it does, i am > > willing to patch the code using java reflection api to switch between > > the two. > > > > thanks, > > -- dims > > > > On Fri, 25 Jun 2004 14:43:56 +0200, Heiner Westphal > > <[EMAIL PROTECTED]> wrote: > > > >>I digged some more... > >> > >>It seems sun's DerValue class is only used, if > >>the xml signature keyinfo contains an <X509SKI> element > >>(signatures without work). > >> > >>This is what I get. I'm not sure if this is a legal keyinfo. > >>If the combination of issuer/serial and ski is not ok, I can > >>move the problem ownership to the sender :) > >> > >><KeyInfo> > >> <X509Data> > >> <X509IssuerSerial> > >> <X509IssuerName> > >> C=DE,O=Secret GmbH, OU=development,CN=TestSecret > >> </X509IssuerName> > >> <X509SerialNumber>7711026923132787338</X509SerialNumber> > >> </X509IssuerSerial> > >> <X509SKI>aTTp+EejjS30eFH+UObfuscaTeME=</X509SKI> > >> </X509Data> > >></KeyInfo> > >> > >>Regards, > >> > >>Heiner > >> > >> > >> > >>Heiner Westphal wrote: > >> > >> > >>>Hello! > >>> > >>>Im using xml-security java 1.1.0 on an AIX with > >>>IBM SDK 1.4.1. > >>> > >>>In org.apache.xml.security.keys.content.x509.XMLX509SKI > >>>an object of class sun.security.util.DerValue is used, which > >>>should not be according to > >>>http://java.sun.com/products/jdk/faq/faq-sun-packages.html > >>> > >>>When I'm trying to read a specific certificate I get: > >>>Exception in thread "main" java.lang.NoClassDefFoundError: > >>>sun/security/util/DerValue. > >>>This does not happen, if I use a selfsigned cert created with > >>>keytool and keyalg=DSA. > >>> > >>>If anyone knows a quick workaround, please tell me. > >>> > >>>P.S.: The calling code is attached, trace below. > >>>trace is (sorry, no line numbers, > >>>... means org.apache.xml.security.): > >>> > >>>Exception in thread "main" java.lang.NoClassDefFoundError: > >>>sun/security/util/DerValue > >>> at ...keys.content.x509.XMLX509SKI.getSKIBytesFromCert(Unknown Source) > >>> at ...keys.content.x509.XMLX509SKI.<init>(Unknown Source) > >>> at ...keys.keyresolver.implementations.X509SKIResolver. > >>> engineResolveX509Certificate(Unknown Source) > >>> at ...keys.keyresolver.KeyResolver.resolveX509Certificate(Unknown Source) > >>> at ...keys.KeyInfo.getX509CertificateFromStaticResolvers(Unknown Source) > >>> at ...keys.KeyInfo.getX509Certificate(Unknown Source) > >>>- HERE starts my custom code, see attachement - > >>> > >>> > >>>------------------------------------------------------------------------ > >>> > >>> /** > >>> * Get a certificate that matches the given keyinfo. > >>> * @param keyInfo Keyinfo to check against. > >>> * @return certificate that matches the keyinfo. > >>> * @throws MyErrorException If no certificate was found just > >>> * because there was no matching, or because > >>> * the keystore was broken. > >>> */ > >>> private X509Certificate getCertificate(final KeyInfo keyInfo) > >>> throws MyErrorException { > >>> if (keyInfo != null) { > >>> if (keyInfo.containsX509Data()) { > >>> X509Certificate cert; > >>> try { > >>> StorageResolver storageResolver = > >>> new StorageResolver(new KeyStoreResolver(keyStore)); > >>> keyInfo.addStorageResolver(storageResolver); > >>> cert = keyInfo.getX509Certificate(); // HERE! > >>> } catch (StorageResolverException e) { > >>> throw new MyErrorException(e); > >>> } catch (KeyResolverException e) { > >>> throw new MyErrorException(e); > >>> } > >>> return cert; > >>> } else { > >>> throw new MyErrorException( > >>> "Message contains no KeyInfo. " + "Cannot check dsig."); > >>> } > >>> } else { > >>> throw new MyErrorException( > >>> "Message contains no X509Data. " + "Cannot check dsig."); > >>> } > >>> } > >> > >> > > > > > > -- Davanum Srinivas - http://webservices.apache.org/~dims/
