[
https://issues.apache.org/jira/browse/WSS-200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12721207#action_12721207
]
Mattias Sjölén commented on WSS-200:
------------------------------------
The tool in question is SoapUI (www.soapui.org), and there aren't any way to
set configure which key identifier type should be used. We should report this
to them as well, but we'd still have a problem since our client uses yet
another tool (from IBM I think) that seems to exhibit the same behavior and we
also have other reasons to suspect it uses WSS4J internally.
Anyway, in the 1.0 X.509 profile found at
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf
, the use of an X.509 certificate is described as a ValueType for a
BinarySecurityToken (Table 2) but not for a KeyIdentifier (Table 3), as far as
I can see. Might I be looking in the wrong document?
Regards,
Mattias Sjölén
> Compliance with X.509 Certificate Token Profile
> -----------------------------------------------
>
> Key: WSS-200
> URL: https://issues.apache.org/jira/browse/WSS-200
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.7
> Environment: I have been running a Java based tool om Windows that
> have wss4j-1.5.7.jar in it's lib folder so I quess that WSS4J is used
> internaly by the tool.
> Reporter: Mattias Sjölén
> Assignee: Ruchith Udayanga Fernando
>
> Chapter "3.2.1 Reference to an X.509 Subject Key Identifier" in the
> "Certificate Token Profile 1.1" specification states the following - "The
> <wsse:KeyIdentifier> element MUST have a ValueType attribute with the value
> #X509SubjectKeyIdentifier and its contents MUST be the value of the
> certificate's X.509v3 SubjectKeyIdentifier extension, encoded as per the
> <wsse:KeyIdentifier> element's EncodingType attribute."
> The tool I use signs an outgoing xml according to the specified policy and it
> will then contain the following tags:
> <wsse:SecurityTokenReference wsu:Id="STRId-14A576A8..."
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
> <wsse:KeyIdentifier
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
>
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>
> MIIEFzCCAv+gA...
> </wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> Notice that the ValueType for the KeyIdentifier is #X509v3 instead of
> #X509SubjectKeyIdentifier
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
> If I perform a Base64Decode on the value inside tha tag it contains a X.509
> Certifikate and not a Subject Key Identifier
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
