I'm working on this problem with Rachana. I wondered if anyone had any thoughts on how we could incorporate these customizations.
Thanks, Tom Howe On Wed, Aug 19, 2009 at 3:31 PM, Rachana Ananthakrishnan < [email protected]> wrote: > Hi, > > We have requirements to use X.509 Proxy Certificates ( > http://www.ietf.org/rfc/rfc3820.txt) for message signature and validation. > We have provider implementation of CertPathValidator, that deals with X.509 > Proxy Certificates. We also have a CertStore implementation that deals with > our trusted certificates and CRL processing, implemented as a provider. > > But looking at the WSS4J trunk code, specifically, SingnatureProcessor ( > http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?view=annotate), > line 360 onwards, it appears that the trust verification is baked into the > code. > > Are there any plans to use the standard Java Security Provider framework > for this? Can the trust verification and path validation be made > configurable, with use of the current implementation as a fallback mechanism > if no other trust verification is configured? > > If not, can anyone advice on the best way to integrate this with the > current code base? We could extend and modify the WSS4J library (we do this > for the current version of toolkit based on Apache Axis), but before we > explore that option, if there are suggestions for cleaner integration or any > planned changes that would accommodate our requirement, that would be great. > Our main intention here is to use this with Apache CXF, and are happy to > contribute any pieces we might have to develop to back to the project. > > Thanks, > Rachana > > Rachana Ananthakrishnan > Argonne National Laboratory | University of Chicago > -- Tom Howe Senior Software Engineer Distributed Systems Lab University of Chicago/Argonne National Laboratory Sent from Chicago, Illinois, United States
