WSS4J support several key identifier types, for example SKI (Subject Key Identifier), X509v3, thumbprint and others. It is the task of the software that uses WSS4J library to select the key identifier type, thus the "Java based tool om Windows" sould set the correct parameters. Where do you (or the "tool") specify which key identifier type (profile) to use?
Regards, Werner > -----Original Message----- > From: ext Mattias Sjölén (JIRA) [mailto:[email protected]] > Sent: Wednesday, June 17, 2009 7:54 PM > To: [email protected] > Subject: [jira] Created: (WSS-200) Compliance with X.509 > Certificate Token Profile > > Compliance with X.509 Certificate Token Profile > ----------------------------------------------- > > Key: WSS-200 > URL: https://issues.apache.org/jira/browse/WSS-200 > Project: WSS4J > Issue Type: Bug > Components: WSS4J Core > Affects Versions: 1.5.7 > Environment: I have been running a Java based tool > om Windows that have wss4j-1.5.7.jar in it's lib folder so I > quess that WSS4J is used internaly by the tool. > Reporter: Mattias Sjölén > Assignee: Ruchith Udayanga Fernando > > > Chapter "3.2.1 Reference to an X.509 Subject Key Identifier" > in the "Certificate Token Profile 1.1" specification states > the following - "The <wsse:KeyIdentifier> element MUST have a > ValueType attribute with the value #X509SubjectKeyIdentifier > and its contents MUST be the value of the certificate's > X.509v3 SubjectKeyIdentifier extension, encoded as per the > <wsse:KeyIdentifier> element's EncodingType attribute." > > The tool I use signs an outgoing xml according to the > specified policy and it will then contain the following tags: > <wsse:SecurityTokenReference wsu:Id="STRId-14A576A8..." > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurity-utility-1.0.xsd"> > <wsse:KeyIdentifier > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 401-wss-soap-message-security-1.0#Base64Binary" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509v3"> > MIIEFzCCAv+gA... > </wsse:KeyIdentifier> > </wsse:SecurityTokenReference> > > Notice that the ValueType for the KeyIdentifier is #X509v3 > instead of #X509SubjectKeyIdentifier > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509v3" > > If I perform a Base64Decode on the value inside tha tag it > contains a X.509 Certifikate and not a Subject Key Identifier > > -- > This message is automatically generated by JIRA. > - > You can reply to this email to add a comment to the issue online. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
