Paul, We have a PublicKeyRealm we want to push into Shiro, I suspect there is some overlap with your realm. Any chance, you have something I can take a look at ?
Thanks On Wed, May 5, 2010 at 6:04 AM, Paul Merlin <eska...@n0pe.org> wrote: > Hi, > > For my own needs I wrote support of X509Certificate mutual authentication > for > shiro and I will contribute it back. > > I implemented several CredentialMatchers : > - DN matching (but I think this is the poor's man mutual authentication as > it > opens security vulnerabilities) > - certificate fingerprint matching (more robust IMHO) > - full PKIX path validation using a trusted certificates collection > provided by > the underling realm (really nice if you have several authorities and a > complex > security model) > > All theses are working fine. > > Obviously some code in my current implementation is a bit specific but I > think > that with some more work it will be usable as a generic implementation. > > All this needs several classes, so I think about extracting the code from > my > project, packaging it as a standalone project depending on shiro so that > it's > easily testable without applying a complex patch. Les, do you have any > suggestions about this ? > > Cheers > > /Paul > > >
