The Java CoG ("Commodity Grid") kit has some code to check certificate paths.
I use that with WSS4J (although I had to do violence to WSS4J to put in the
CoG stuff). It also handles RFC3820 proxy certificates. See
http://www.globus.org/ for details.On Sat, 12 Aug 2006, Werner Dittmann wrote: > Richard, > that's correct. WSS4J does not perform the certificate verification. The > WSS4J Axis handlers have some code that perform a basic certificate path > verification. This was done because certificate path verification is > sometime not necessary for basic security (encryption). WSS4J returns > the certificate used for signature verification to the calling application > (WSSecurityEngine does this). > > Regards, > Werner > > [EMAIL PROTECTED] wrote: > > I've searched quite a bit but have found nothing on how to get WSS4J to > > verify the root X509 certificate. Can anyone tell me how or point me to > > an example? > > > > I am using WSS4J programatically (not under Axis) to sign and verify > > SOAP messages. Using the WSSecSignature and WSSecurityEngine classes I > > have gotten thing things working well except that the root certificate > > is not verified. I have been using a self-signed cert for testing and > > passing the cert in the BinarySecurityToken. Any certificate seems to be > > trusted, in fact I can even use an empty keystore on the server. > > > > Rick Hansen > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Guy Rixon [EMAIL PROTECTED] Institute of Astronomy Tel: +44-1223-337542 Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
