[
https://issues.apache.org/jira/browse/WSS-40?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12920232#action_12920232
]
Seumas Soltysik commented on WSS-40:
------------------------------------
Hi Colm,
Any thoughts on the latest patch that I provided?
Seumas
> WSSecurityEngine does not support chained certificates
> ------------------------------------------------------
>
> Key: WSS-40
> URL: https://issues.apache.org/jira/browse/WSS-40
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.6
> Environment: WSS4J 1.0.0, Axis 1.2.1, Sun JDK 1.4.2
> Reporter: Guy Rixon
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6
>
> Attachments: wss-40-test.patch, wss40.patch
>
>
> My project, which is associated with the Grid, uses limited proxy
> certificates for digital signature. I.e., the signing application holds a
> user's permanent certificate, signed by a CA and a proxy certificate signed
> with the permanent certificate. The application signs a message using the
> proxy certificate and includes both the proxy and permanent certificates in
> the message header as a WS-Security direct reference to a
> BinarySecurityToken. The service has the CA certificate with which the user's
> permanent certficate was signed. Therefore, to establish trust, the service
> has to chain back from the proxy to the permanent certificate and then to the
> CA certificate.
> WSSignEnvelope includes both certificates correctly but WSSecurityEngine
> fails when checking the chain of trust.
> WSSecurityEngine..processSecurityHeader() only adds one certificate to the
> results passed back to WSDoAllReceiver; it ignores the intermediate
> certificate in the chain.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
