RE: Using a custom CertPathChecker

2015-04-07 Thread Stephen.CTR.Chappell
07, 2015 1:46 PM To: users@cxf.apache.org; cohei...@apache.org Subject: Re: Using a custom CertPathChecker As far as I know you can't do private keys with PKCS7 format. Try the PKCS12 format. Vishnu On 2015-04-07, 13:35, "stephen.ctr.chapp...@faa.gov" wrote: >So here is whe

Re: Using a custom CertPathChecker

2015-04-07 Thread Vishnu Radhakrishnan
ribed in >the original email, so I guess I will stick with that solution. > >Stephen W. Chappell > >-Original Message- >From: Chappell, Stephen CTR (FAA) >Sent: Tuesday, April 07, 2015 12:22 PM >To: users@cxf.apache.org; cohei...@apache.org >Subject: RE: Using a cu

RE: Using a custom CertPathChecker

2015-04-07 Thread Stephen.CTR.Chappell
xf.apache.org; cohei...@apache.org Subject: RE: Using a custom CertPathChecker I thought I needed PKCS7, not PKCS12? Stephen W. Chappell -Original Message- From: Vishnu Radhakrishnan [mailto:vis...@10point1.com] Sent: Tuesday, April 07, 2015 11:01 AM To: users@cxf.apache.org; cohei...@apache.org

RE: Using a custom CertPathChecker

2015-04-07 Thread Stephen.CTR.Chappell
I thought I needed PKCS7, not PKCS12? Stephen W. Chappell -Original Message- From: Vishnu Radhakrishnan [mailto:vis...@10point1.com] Sent: Tuesday, April 07, 2015 11:01 AM To: users@cxf.apache.org; cohei...@apache.org Subject: Re: Using a custom CertPathChecker keytool -list -storetype

Re: Using a custom CertPathChecker

2015-04-07 Thread Vishnu Radhakrishnan
ool in the right order, >>that keytool would establish a cert chain. Instead it just adds them as >>individual certificates with no cert chain to be found. >> >>Stephen W. Chappell >> >>-Original Message- >>From: Chappell, Stephen CTR (FAA) >>Sent

Re: Using a custom CertPathChecker

2015-04-07 Thread bertrand.trolard
shnu Radhakrishnan [mailto:vis...@10point1.com] Sent: Tuesday, April 07, 2015 10:28 AM To: users@cxf.apache.org; cohei...@apache.org Subject: Re: Using a custom CertPathChecker From the keytool man - it imports certificate chain, if input is given in PKCS#7 format, otherwise only the single certific

RE: Using a custom CertPathChecker

2015-04-07 Thread Stephen.CTR.Chappell
1 instead of 3. That's when I posted the question. Stephen W. Chappell -Original Message- From: Vishnu Radhakrishnan [mailto:vis...@10point1.com] Sent: Tuesday, April 07, 2015 10:28 AM To: users@cxf.apache.org; cohei...@apache.org Subject: Re: Using a custom CertPathChecker >Fr

Re: Using a custom CertPathChecker

2015-04-07 Thread Vishnu Radhakrishnan
gt; >Stephen W. Chappell > >-Original Message- >From: Chappell, Stephen CTR (FAA) >Sent: Tuesday, April 07, 2015 8:21 AM >To: cohei...@apache.org >Cc: users@cxf.apache.org >Subject: RE: Using a custom CertPathChecker > >Well, that must be the issue. I just ran

RE: Using a custom CertPathChecker

2015-04-07 Thread Stephen.CTR.Chappell
en CTR (FAA) Sent: Tuesday, April 07, 2015 8:21 AM To: cohei...@apache.org Cc: users@cxf.apache.org Subject: RE: Using a custom CertPathChecker Well, that must be the issue. I just ran it through the debugger, and getCertificateChain is returning null each time. I’ve added code in my subclassed

RE: Using a custom CertPathChecker

2015-04-07 Thread Stephen.CTR.Chappell
W. Chappell From: Colm O hEigeartaigh [mailto:cohei...@apache.org] Sent: Tuesday, April 07, 2015 8:12 AM To: Chappell, Stephen CTR (FAA) Cc: users@cxf.apache.org Subject: Re: Using a custom CertPathChecker Ok cool. Just bear in mind that WSS4J won't wire up the trust chain using individual

Re: Using a custom CertPathChecker

2015-04-07 Thread Colm O hEigeartaigh
; > > *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org] > *Sent:* Tuesday, April 07, 2015 7:59 AM > *To:* Chappell, Stephen CTR (FAA) > *Cc:* users@cxf.apache.org > *Subject:* Re: Using a custom CertPathChecker > > > > "getX509Certificates" calls "getCer

RE: Using a custom CertPathChecker

2015-04-07 Thread Stephen.CTR.Chappell
...@apache.org] Sent: Tuesday, April 07, 2015 7:59 AM To: Chappell, Stephen CTR (FAA) Cc: users@cxf.apache.org Subject: Re: Using a custom CertPathChecker "getX509Certificates" calls "getCertificates" which (first) calls "getCertificateChain" on the keystore. Your i

Re: Using a custom CertPathChecker

2015-04-07 Thread Colm O hEigeartaigh
27;s also an open question (or rather, open disagreement) about > revocation checking the Root CA cert, but this list is probably not the > right place for that discussion. > > Stephen W. Chappell > > -Original Message- > From: Chappell, Stephen CTR (FAA) > Sent: Fri

Re: Using a custom CertPathChecker

2015-04-03 Thread Colm O hEigeartaigh
t; Thanx, > Stephen W. Chappell > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Friday, April 03, 2015 9:47 AM > To: users@cxf.apache.org > Subject: Re: Using a custom CertPathChecker > > Hi Stephen, > > There is no way to

RE: Using a custom CertPathChecker

2015-04-03 Thread Stephen.CTR.Chappell
ion. Stephen W. Chappell -Original Message- From: Chappell, Stephen CTR (FAA) Sent: Friday, April 03, 2015 9:56 AM To: users@cxf.apache.org; cohei...@apache.org Subject: RE: Using a custom CertPathChecker Colm - No, I don't have any better suggestions. In fact, subclassing Merlin and

RE: Using a custom CertPathChecker

2015-04-03 Thread Stephen.CTR.Chappell
il 03, 2015 9:47 AM To: users@cxf.apache.org Subject: Re: Using a custom CertPathChecker Hi Stephen, There is no way to add CertPathCheckers at the moment, beyond subclassing Merlin and overriding the "verifyTrust" method. I could add a method to customize the PKIXParameters object though

Re: Using a custom CertPathChecker

2015-04-03 Thread Colm O hEigeartaigh
Hi Stephen, There is no way to add CertPathCheckers at the moment, beyond subclassing Merlin and overriding the "verifyTrust" method. I could add a method to customize the PKIXParameters object though, that could be overridden by a subclass though which would be better. Or do you have any other su