Juan, at the receiver side the WSSecurityEngine (or Processor) places the certificate used to create the Signature in the result structure. There is some code in the handler that performs some additional verification on the cert.
You proposal is to replace that code and provide a callback to get an easier way to add certificate checks? Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Juan Cervera [mailto:[EMAIL PROTECTED] > Gesendet: Dienstag, 27. September 2005 15:16 > An: Apache WSS4J-Dev Mailing List > Betreff: RE: SIG_CALLBACK_REF/SIG_CALLBACK_CLASS feature? > > > > I think he may refer to what I already proposed some time ago. > > WSS4J does not have right now a way to verify the details of > a signature certificate, it just knows if it is in the > keystore and if it is trusted. > > But it would be a good enhancement to create a new callback > to allow the user to code extra checkings on the certificate > so they can verify the Subject's Distinguished Name details > (i.e. commonName, countryName, etc). I guess that would > require those details being passed to the callback from > Merlin from the certificate in the SOAP message. > > Juan > > -----Original Message----- > From: Dittmann, Werner [mailto:[EMAIL PROTECTED] > Sent: 27 September 2005 07:31 > To: Richard Wareing; Apache WSS4J-Dev Mailing List > Subject: AW: SIG_CALLBACK_REF/SIG_CALLBACK_CLASS feature? > > Richard, > > I'm not sure if I understand your proposal correctly. > Couldn't that be done by extending/implementing another class > that implements the Crypto interface? Classes that implement > this interface a Merlin and BouncyCastle in the > **/components/crypto package. > > Regads, > Werner > > > -----Ursprüngliche Nachricht----- > > Von: Richard Wareing [mailto:[EMAIL PROTECTED] > > Gesendet: Dienstag, 27. September 2005 00:01 > > An: Apache WSS4J-Dev Mailing List > > Betreff: SIG_CALLBACK_REF/SIG_CALLBACK_CLASS feature? > > > > > > Are there any plans on implementing such a feature? It > would be handy > > to have in order to lookup a remote WS client's public > "signature key" > > instead of a grabbing it from a key store file. This would > be similar > > to what apparently can be done with encryption via the > > ENC_CALLBACK_REF/ENC_CALLBACK_CLASS (see WSHandlerConstants > API docs). > > > > Regards, > > > > Richard Wareing > > Reimer Technology Group > > > > > > --- > > [This E-mail scanned for viruses by Declude Virus] > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
