RE: XSECSOAPRequestorSimple::doRequest()

Sat, 22 Jan 2005 01:23:58 -0800 

        OK, I will implement XSECURIResolver for the Windows SSL stream.

Greetings,
Milan


> -----Original Message-----
> From: Berin Lautenbach [mailto:[EMAIL PROTECTED] 
> Sent: Saturday, January 22, 2005 9:58 AM
> To: Milan Tomic
> Subject: Re: XSECSOAPRequestorSimple::doRequest()
> 
> 
> That sounds reasonable.  But some random thoughts :>.
> 
> The Java library has a register of URI resolvers.  I wonder 
> if we should 
> do the same thing that are global to the library.  Thatway, the SOAP 
> class could simply call the resolver for the particular URI and get 
> returned a class that would do the connection etc.  (Currently the 
> caller needs to explicitly set the correct resolver for signature 
> checking which is a real PITA)
> 
> So rather than modify XSECBinHTTPURIInputStream, you could simply 
> re-implement XSECURIResolver for the Windows SSL stream.  We 
> can fix the 
> SOAP resolver so you can just pass a resolver to it and that way it 
> doesn't have to have anything about understanding certs - the 
> only class 
> that needs to is the resolver.
> 
> When we get fancy, we can great a reolver library class that 
> holds all 
> instantiated resolvers, and the SOAP handler simply makes a 
> call to the 
> library that hands back the correct resolver for the URI.
> 
> Does that sound reasonable?
> 
> We should probably start putting this on security-dev so others can 
> comment as well!
> 
> Cheers,
>       Berin
> 
> Milan Tomic wrote:
> 
> > Hi,
> > 
> >     After taking a look into XSEC code
> > (xsec/utils/winutils/XSECBinHTTPURIInputStream) I have 
> realized that 
> > WinSock API was used instead of WinINET API. I have found some SSL 
> > examples in MS Platform SDK, and I'm working on implementing it. My 
> > aproach is that XSECBinHTTPURIInputStream class should have
> > setClientCertificate(PCCERT_CONTEXT) method and this class 
> should use 
> > it for SSL in case URL starts with "https". If it doesn't start it 
> > should act as it already is for "http" addresses. 
> > XSECSOAPRequestorSimpleWin32 class should also have 
> > setClientCertificate() method to be able to transfer certificate to 
> > the XSECBinHTTPURIInputStream class. XSECSOAPRequestorSimpleWin32 
> > class user in ctor specify URL and s/he knows if it starts with 
> > "https" and should somehow find proper cert (e.g. ask user 
> to select 
> > it). I couldn't think of anything better...
> > 
> > Best regards,
> > Milan

Reply via email to