ws-fx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guy Rixon <...@ast.cam.ac.uk>
Subject Re: How to verify root certificate?
Date Sat, 12 Aug 2006 17:18:27 GMT
The Java CoG ("Commodity Grid") kit has some code to check certificate paths.
I use that with WSS4J (although I had to do violence to WSS4J to put in the
CoG stuff). It also handles RFC3820 proxy certificates. See
http://www.globus.org/ for details.

On Sat, 12 Aug 2006, Werner Dittmann wrote:

> Richard,
> that's correct. WSS4J does not perform the certificate verification. The
> WSS4J Axis handlers have some code that perform a basic certificate path
> verification. This was done because certificate path verification is
> sometime not necessary for basic security (encryption). WSS4J returns
> the certificate used for signature verification to the calling application
> (WSSecurityEngine does this).
>
> Regards,
> Werner
>
> richard.hansen@thomson.com wrote:
> > I've searched quite a bit but have found nothing on how to get WSS4J to
> > verify the root X509 certificate. Can anyone tell me how or point me to
> > an example?
> >
> > I am using WSS4J programatically (not under Axis) to sign and verify
> > SOAP messages. Using the WSSecSignature and WSSecurityEngine classes I
> > have gotten thing things working well except that the root certificate
> > is not verified. I have been using a self-signed cert for testing and
> > passing the cert in the BinarySecurityToken. Any certificate seems to be
> > trusted, in fact I can even use an empty keystore on the server.
> >
> > Rick Hansen
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>

Guy Rixon 				        gtr@ast.cam.ac.uk
Institute of Astronomy   	                Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA		Fax: +44-1223-337523

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message