Compliance with X.509 Certificate Token Profile
-----------------------------------------------
Key: WSS-200
URL: https://issues.apache.org/jira/browse/WSS-200
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 1.5.7
Environment: I have been running a Java based tool om Windows that
have wss4j-1.5.7.jar in it's lib folder so I quess that WSS4J is used internaly
by the tool.
Reporter: Mattias Sjölén
Assignee: Ruchith Udayanga Fernando
Chapter "3.2.1 Reference to an X.509 Subject Key Identifier" in the
"Certificate Token Profile 1.1" specification states the following - "The
<wsse:KeyIdentifier> element MUST have a ValueType attribute with the value
#X509SubjectKeyIdentifier and its contents MUST be the value of the
certificate's X.509v3 SubjectKeyIdentifier extension, encoded as per the
<wsse:KeyIdentifier> element's EncodingType attribute."
The tool I use signs an outgoing xml according to the specified policy and it
will then contain the following tags:
<wsse:SecurityTokenReference wsu:Id="STRId-14A576A8..."
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>
MIIEFzCCAv+gA...
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
Notice that the ValueType for the KeyIdentifier is #X509v3 instead of
#X509SubjectKeyIdentifier
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
If I perform a Base64Decode on the value inside tha tag it contains a X.509
Certifikate and not a Subject Key Identifier
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
