ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dittmann, Werner (JIRA)" <>
Subject [jira] Commented: (WSS-200) Compliance with X.509 Certificate Token Profile
Date Thu, 18 Jun 2009 10:35:07 GMT


Dittmann, Werner commented on WSS-200:

WSS4J support several key identifier types, for example
SKI (Subject Key Identifier), X509v3, thumbprint and
others. It is the task of the software that uses WSS4J
library to select the key identifier type, thus the
"Java based tool om Windows" sould set the correct
parameters. Where do you (or the "tool") specify which
key identifier type (profile) to use?


401-wss-soap-message-security-1.0#Base64Binary" > ValueType="

> Compliance with X.509 Certificate Token Profile
> -----------------------------------------------
>                 Key: WSS-200
>                 URL:
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.7
>         Environment: I have been running a Java based tool om Windows that have wss4j-1.5.7.jar
in it's lib folder so I quess that WSS4J is used internaly by the tool.
>            Reporter: Mattias Sjölén
>            Assignee: Ruchith Udayanga Fernando
> Chapter "3.2.1 Reference to an X.509 Subject Key Identifier" in the "Certificate Token
Profile 1.1" specification states the following - "The <wsse:KeyIdentifier> element
MUST have a ValueType attribute with the value #X509SubjectKeyIdentifier and its contents
MUST be the value of the certificate's X.509v3 SubjectKeyIdentifier extension, encoded as
per the <wsse:KeyIdentifier> element's EncodingType attribute."
> The tool I use signs an outgoing xml according to the specified policy and it will then
contain the following tags:
> <wsse:SecurityTokenReference wsu:Id="STRId-14A576A8..." xmlns:wsu="">
>   <wsse:KeyIdentifier EncodingType=""
>     MIIEFzCCAv+gA...
>   </wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> Notice that the ValueType for the KeyIdentifier is #X509v3 instead of #X509SubjectKeyIdentifier
> ValueType=""
> If I perform a Base64Decode on the value inside tha tag it contains a X.509 Certifikate
and not a Subject Key Identifier

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message