[jira] Commented: (WSS-200) Compliance with X.509 Certificate Token Profile

Thu, 18 Jun 2009 06:55:41 -0700 

    [ 
https://issues.apache.org/jira/browse/WSS-200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12721262#action_12721262
 ] 

Mattias Sjölén commented on WSS-200:
------------------------------------

No, you're right that it isn't WSS4J's fault how other programs use it. 

However, I find the X509_KEY_IDENTIFIER to be a non-standard extension made by 
WSS4J and I suggest it to be documented as such to 
lessen the probability that users of WSS4J uses it without knowing the 
implications.

Regards
  Mattias

> Compliance with X.509 Certificate Token Profile
> -----------------------------------------------
>
>                 Key: WSS-200
>                 URL: https://issues.apache.org/jira/browse/WSS-200
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.7
>         Environment: I have been running a Java based tool om Windows that 
> have wss4j-1.5.7.jar in it's lib folder so I quess that WSS4J is used 
> internaly by the tool.
>            Reporter: Mattias Sjölén
>            Assignee: Ruchith Udayanga Fernando
>
> Chapter "3.2.1 Reference to an X.509 Subject Key Identifier" in the 
> "Certificate Token Profile 1.1" specification states the following - "The 
> <wsse:KeyIdentifier> element MUST have a ValueType attribute with the value 
> #X509SubjectKeyIdentifier and its contents MUST be the value of the 
> certificate's X.509v3 SubjectKeyIdentifier extension, encoded as per the 
> <wsse:KeyIdentifier> element's EncodingType attribute."
> The tool I use signs an outgoing xml according to the specified policy and it 
> will then contain the following tags:
> <wsse:SecurityTokenReference wsu:Id="STRId-14A576A8..." 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
>   <wsse:KeyIdentifier 
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
>  
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>
>     MIIEFzCCAv+gA...
>   </wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> Notice that the ValueType for the KeyIdentifier is #X509v3 instead of 
> #X509SubjectKeyIdentifier
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
> If I perform a Base64Decode on the value inside tha tag it contains a X.509 
> Certifikate and not a Subject Key Identifier

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to