[jira] Commented: (RAMPART-201) Add alias/certificate used for validating signature

Thu, 30 Oct 2008 07:00:05 -0700 

    [ 
https://issues.apache.org/jira/browse/RAMPART-201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12643965#action_12643965
 ] 

Bob Jacoby commented on RAMPART-201:
------------------------------------

This is similar to setting the Username in the context 
(http://issues.apache.org/jira/browse/RAMPART-178). Until the certificate is 
set in a similar fashion you can parse the information directly out of the 
rampart engine results. Something similar to:

    X509Certificate consumerCert = null;
        for (int i = 0; i < results.size() && consumerCert == null; i++) {
            WSHandlerResult rResult = (WSHandlerResult) results.get(i);
            Vector wsSecEngineResults = rResult.getResults();
            for (int j = 0; j < wsSecEngineResults.size(); j++) {
                WSSecurityEngineResult wser = (WSSecurityEngineResult) 
wsSecEngineResults.get(j);
                Integer action = (Integer) 
wser.get(WSSecurityEngineResult.TAG_ACTION);
                int signAction = WSConstants.SIGN;
                if (action.equals(signAction)) {
                    //the result is for the signature, which contains the used 
certificate
                    consumerCert = (X509Certificate) 
wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
                    break;
                }
            }
        } 

> Add alias/certificate used for validating signature
> ---------------------------------------------------
>
>                 Key: RAMPART-201
>                 URL: https://issues.apache.org/jira/browse/RAMPART-201
>             Project: Rampart
>          Issue Type: Improvement
>          Components: rampart-core
>            Reporter: Bob Jacoby
>            Assignee: Ruchith Udayanga Fernando
>            Priority: Minor
>
> Set the alias (or certificate) Rampart used to verify the signature as a 
> property in the message context.
> Reason:
> To allow other modules/handlers to know which certificate was associated with 
> the signature. Rampart already performs this lookup within the keystore given 
> the token reference within the security header. By including either the 
> certificate or alias found during the lookup, subsequent code can use this 
> information for various purposes (e.g. - retrieve externally stored 
> properties based on the certificate used).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to