santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: certificate status + path validation
Date Tue, 01 Aug 2006 13:30:38 GMT
All of the features that you mention are actually supported in the JDK 
(Java SE) 5.0, and not the Apache XML Security API specifically. See the 
following references for more information:

http://java.sun.com/j2se/1.5.0/docs/guide/security/certpath/CertPathProgGuide.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/time-of-signing.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html

The Apache XML Security API (and JSR 105 which will be included with 
version 1.4) both are extensible to allow you to add the features that 
you mention below for building/validating certificate chains contained 
in XML Signature KeyInfo elements, but you will need to do a little bit 
of coding (using the JDK APIs mentioned above) to add that 
functionality. See for example the following classes that you can extend:

Apache XML Security: 
org.apache.xml.security.keys.keyresolver.KeyResolver/KeyResolverSpi
JSR 105: 
http://download.java.net/jdk6/docs/api/javax/xml/crypto/KeySelector.html

--Sean

Filip Van Gool wrote:
>  
> 
> Hi,
> 
>  
> 
> As we are considering choosing for the xml security api, some questions 
> remain open for us:
> 
>  
> 
> -Does the xml apache security api in Java supports or implements OCSP 
> and CRL checking?
> 
> -Does the xml apache security api in Java supports certificate path 
> validation?
> 
> -Does the xml apache security api in Java supports time stamping ?
> 
>  
> 
> Regards,
> 
>  
> 
> Filip Van Gool
> 
> CONFIDENTIALITY NOTICE
> 
>       
> 
> This e-mail and any attachment is confidential. All rights are reserved 
> by Intesi Group Belgium. This e-mail is intended only for the addressee. 
> Although Intesi Group Belgium reasonably scans e-mails sent from e-mail 
> addresses under its control for known viruses, Intesi Group Belgium 
> disclaims, to the maximum extent possible under applicable laws, any 
> liability for any damage caused by any virus transmitted by this or any 
> other e-mail.
> 
>  
> 


Mime
View raw message