WSSecurityEngine does not support chained certificates
------------------------------------------------------
Key: WSS-40
URL: http://issues.apache.org/jira/browse/WSS-40
Project: WSS4J
Type: Bug
Environment: WSS4J 1.0.0, Axis 1.2.1, Sun JDK 1.4.2
Reporter: Guy Rixon
Assigned to: Davanum Srinivas
My project, which is associated with the Grid, uses limited proxy certificates
for digital signature. I.e., the signing application holds a user's permanent
certificate, signed by a CA and a proxy certificate signed with the permanent
certificate. The application signs a message using the proxy certificate and
includes both the proxy and permanent certificates in the message header as a
WS-Security direct reference to a BinarySecurityToken. The service has the CA
certificate with which the user's permanent certficate was signed. Therefore,
to establish trust, the service has to chain back from the proxy to the
permanent certificate and then to the CA certificate.
WSSignEnvelope includes both certificates correctly but WSSecurityEngine fails
when checking the chain of trust. WSSecurityEngine..processSecurityHeader()
only adds one certificate to the results passed back to WSDoAllReceiver; it
ignores the intermediate certificate in the chain.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
