axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ricardo Tercero Lozano (JIRA)" <j...@apache.org>
Subject [jira] Closed: (AXIS2-4513) Rampart module fails validating certificate when security provider is Bouncy Castle
Date Fri, 02 Oct 2009 10:17:23 GMT

     [ https://issues.apache.org/jira/browse/AXIS2-4513?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ricardo Tercero Lozano closed AXIS2-4513.
-----------------------------------------

    Resolution: Invalid

Didn't know there was a project for Rampart. Will publish in appropiate project.

> Rampart module fails validating certificate when security provider is Bouncy Castle
> -----------------------------------------------------------------------------------
>
>                 Key: AXIS2-4513
>                 URL: https://issues.apache.org/jira/browse/AXIS2-4513
>             Project: Axis 2.0 (Axis2)
>          Issue Type: Bug
>          Components: modules
>    Affects Versions: 1.5
>         Environment: Java 1.5, Tomcat 6, Axis2 1.5, rampart 1.4
>            Reporter: Ricardo Tercero Lozano
>   Original Estimate: 0.08h
>  Remaining Estimate: 0.08h
>
> I found an error in class 'PolicyBasedResultsValidator', method 'verifyTrust'. This method
gets de subject and issuer to operate.
>         String subjectString = cert.getSubjectDN().getName();
>         String issuerString = cert.getIssuerDN().getName();
>         BigInteger issuerSerial = cert.getSerialNumber();
> when using Bouncy Castle as security provider 'getSubjectDN' and 'getIssuerDN' returns
a DN String representation that can be different from the one on the certificate (which is
my case).
> On bouncy castle devel list, they recommend using 'getSubjectX500Principal' and 'getIssuerX500Principal'
instead of 'DN' methods. These methods returns the values on the certificate, so matching
could be right.
>        String subjectString = cert.getSubjectX500Principal().getName();
>         String issuerString = cert.getIssuerX500Principal().getName();
>         BigInteger issuerSerial = cert.getSerialNumber();
> A rampart configuration to use Bouncy Castle as provider could be:
> <ramp:signatureCrypto>
>     <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
>         <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>         <ramp:property name="org.apache.ws.security.crypto.merlin.file">server.jks</ramp:property>
>         <ramp:property name="org.apache.ws.security.crypto.merlin.cert.provider">BC</ramp:property>
>         <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property>
>     </ramp:crypto>
> </ramp:signatureCrypto>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message