[
https://issues.apache.org/jira/browse/WSS-40?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12923051#action_12923051
]
Seumas Soltysik commented on WSS-40:
------------------------------------
No problem. Let me know your thoughts on the fix when you get a chance. It was
a bit of a pain creating the Cert chain and I have only included the keystores
containing the certs and not the certs themselves. Let me know if you want me
to include the certs as well as part of the patch.
The fix is primarily for the 1.5.x branch. I was just taking advantage of the
existing tests on the trunk to validate my solution. If my solution is
acceptable then I can retrofit for 1.5.x branch. Is there a chance of getting
it into the next 1.5.x release? If so, when would that be?
> WSSecurityEngine does not support chained certificates
> ------------------------------------------------------
>
> Key: WSS-40
> URL: https://issues.apache.org/jira/browse/WSS-40
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.6
> Environment: WSS4J 1.0.0, Axis 1.2.1, Sun JDK 1.4.2
> Reporter: Guy Rixon
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6
>
> Attachments: wss-40-test.patch, wss40.patch
>
>
> My project, which is associated with the Grid, uses limited proxy
> certificates for digital signature. I.e., the signing application holds a
> user's permanent certificate, signed by a CA and a proxy certificate signed
> with the permanent certificate. The application signs a message using the
> proxy certificate and includes both the proxy and permanent certificates in
> the message header as a WS-Security direct reference to a
> BinarySecurityToken. The service has the CA certificate with which the user's
> permanent certficate was signed. Therefore, to establish trust, the service
> has to chain back from the proxy to the permanent certificate and then to the
> CA certificate.
> WSSignEnvelope includes both certificates correctly but WSSecurityEngine
> fails when checking the chain of trust.
> WSSecurityEngine..processSecurityHeader() only adds one certificate to the
> results passed back to WSDoAllReceiver; it ignores the intermediate
> certificate in the chain.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org
For additional commands, e-mail: wss4j-dev-h...@ws.apache.org
