ws-fx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yves Langisch <li...@langisch.ch>
Subject Re: CertPathValidation / CRL
Date Mon, 14 Jun 2004 08:20:54 GMT
Christof,

Your patch with validation of paths with length 1 meets our needs. There
is no need for a more generic approach at the moment.

Actually I still have an issue with your patch or rather with Merlin.
Following the exception which is thrown during the validation process:

java.lang.IllegalArgumentException: unknown object in factory
	at org.bouncycastle.asn1.x509.X509Name.getInstance(X509Name.java:192)
	at
org.bouncycastle.jce.cert.X509CertSelector.match(X509CertSelector.java:1943)
	at
org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.findTrustAnchor(PKIXCertPathValidatorSpi.java:1855)
	at
org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:626)
	at
org.bouncycastle.jce.cert.CertPathValidator.validate(CertPathValidator.java:214)
	at
org.apache.ws.security.components.crypto.Merlin.validateCertPath(Merlin.java:632)
	at
org.apache.ws.axis.security.WSDoAllReceiver.verifyTrust(WSDoAllReceiver.java:581)
	at
org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:243)
	at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
	at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
	at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
	at org.apache.axis.server.AxisServer.invoke(AxisServer.java:248)
	at
org.apache.axis.transport.http.SimpleAxisWorker.execute(SimpleAxisWorker.java:422)
	at
org.apache.axis.transport.http.SimpleAxisWorker.run(SimpleAxisWorker.java:156)
	at
org.apache.axis.transport.http.SimpleAxisServer.run(SimpleAxisServer.java:241)
	at
org.apache.axis.transport.http.SimpleAxisServer.start(SimpleAxisServer.java:284)
	at
org.apache.axis.transport.http.SimpleAxisServer.start(SimpleAxisServer.java:292)
	at
org.apache.axis.transport.http.SimpleAxisServer.main(SimpleAxisServer.java:373)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:324)
	at com.intellij.rt.execution.application.AppMain.main(Unknown Source)

Do you have an ideas?

Regards,
Yves

On Mon, 2004-06-14 at 09:14, Christof Soehngen wrote:
> Hello Yves,
>  
> one of my clients was in need of a validation for the certificate used
> to sign the message, so I created the patch mentioned.
>  
> If you can think of a more generic approach, I'd be interested to
> know.
>  
> Of course, there still is the problem with the hardcoded use of BC in
> Merlin.validateCertPath(). Unfortunately, I was not able to fix this
> lately.
>  
> Regards,
> Christof


Mime
View raw message