Hi,
We have requirements to use X.509 Proxy Certificates (http://www.ietf.org/rfc/rfc3820.txt
) for message signature and validation. We have provider
implementation of CertPathValidator, that deals with X.509 Proxy
Certificates. We also have a CertStore implementation that deals with
our trusted certificates and CRL processing, implemented as a provider.
But looking at the WSS4J trunk code, specifically, SingnatureProcessor
(http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?view=annotate
), line 360 onwards, it appears that the trust verification is baked
into the code.
Are there any plans to use the standard Java Security Provider
framework for this? Can the trust verification and path validation be
made configurable, with use of the current implementation as a
fallback mechanism if no other trust verification is configured?
If not, can anyone advice on the best way to integrate this with the
current code base? We could extend and modify the WSS4J library (we do
this for the current version of toolkit based on Apache Axis), but
before we explore that option, if there are suggestions for cleaner
integration or any planned changes that would accommodate our
requirement, that would be great. Our main intention here is to use
this with Apache CXF, and are happy to contribute any pieces we might
have to develop to back to the project.
Thanks,
Rachana
Rachana Ananthakrishnan
Argonne National Laboratory | University of Chicago
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
