G'day all,
I am using WSS4J 1.5.1. I created X509 public keys and certificates from
Sun Microsystems Keytool utility. AFAIK, it creates X509v1 certificates.
Also, verified the same with OpenSSL. Programmatically, I debugged
MerlinCrypto instance created by WSS4J and checked the version number in
the sun.security.x509.X509CertInfo instance. It had Version: v1 as
CertificateVersion value.
Looking at the on the wire message sent from client to server or
otherwise, I observe Token Reference, the value of the "Valuetype"
attribute in the "KeyIdentifier" element is
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
Also, AFAIK, WSS4J supports X.509 Certificate Token Profile 1.0. Please
clarify me if I am wrong.
Since, X509v3 certs have some more extension elements over X509v1, it
should give some error, when passing X509v1 for cryptos creation. Or, it
silently use X509v1, but then the valuetype should be "#x509v1" instead
of "#x509v3".
Or if WSS4J supports OASIS X.509 Certificate Token Profile 1.0 [1].
IMO, the only differences in 1.0 and OASIS X.509 Certificate Token
Profile 1.1 [2] are following:
1. Inclusion of X.509 version 1 certificates (I dont' know the reason of
going back).
2. Allowing only X.509 version 3 certificates to be used in Key
Identifier reference.
We can change the above and can support Token Profile 1.1.
With Regards,
Mayank
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
