[
https://issues.apache.org/jira/browse/WSS-40?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Davanum Srinivas updated WSS-40:
--------------------------------
Assignee: (was: Davanum Srinivas)
> WSSecurityEngine does not support chained certificates
> ------------------------------------------------------
>
> Key: WSS-40
> URL: https://issues.apache.org/jira/browse/WSS-40
> Project: WSS4J
> Issue Type: Bug
> Environment: WSS4J 1.0.0, Axis 1.2.1, Sun JDK 1.4.2
> Reporter: Guy Rixon
>
> My project, which is associated with the Grid, uses limited proxy
> certificates for digital signature. I.e., the signing application holds a
> user's permanent certificate, signed by a CA and a proxy certificate signed
> with the permanent certificate. The application signs a message using the
> proxy certificate and includes both the proxy and permanent certificates in
> the message header as a WS-Security direct reference to a
> BinarySecurityToken. The service has the CA certificate with which the user's
> permanent certficate was signed. Therefore, to establish trust, the service
> has to chain back from the proxy to the permanent certificate and then to the
> CA certificate.
> WSSignEnvelope includes both certificates correctly but WSSecurityEngine
> fails when checking the chain of trust.
> WSSecurityEngine..processSecurityHeader() only adds one certificate to the
> results passed back to WSDoAllReceiver; it ignores the intermediate
> certificate in the chain.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
