ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mattias Sjölén (JIRA) <>
Subject [jira] Created: (WSS-200) Compliance with X.509 Certificate Token Profile
Date Wed, 17 Jun 2009 17:54:07 GMT
Compliance with X.509 Certificate Token Profile

                 Key: WSS-200
             Project: WSS4J
          Issue Type: Bug
          Components: WSS4J Core
    Affects Versions: 1.5.7
         Environment: I have been running a Java based tool om Windows that have wss4j-1.5.7.jar
in it's lib folder so I quess that WSS4J is used internaly by the tool.
            Reporter: Mattias Sjölén
            Assignee: Ruchith Udayanga Fernando

Chapter "3.2.1 Reference to an X.509 Subject Key Identifier" in the "Certificate Token Profile
1.1" specification states the following - "The <wsse:KeyIdentifier> element MUST have
a ValueType attribute with the value #X509SubjectKeyIdentifier and its contents MUST be the
value of the certificate's X.509v3 SubjectKeyIdentifier extension, encoded as per the <wsse:KeyIdentifier>
element's EncodingType attribute."

The tool I use signs an outgoing xml according to the specified policy and it will then contain
the following tags:
<wsse:SecurityTokenReference wsu:Id="STRId-14A576A8..." xmlns:wsu="">
  <wsse:KeyIdentifier EncodingType=""

Notice that the ValueType for the KeyIdentifier is #X509v3 instead of #X509SubjectKeyIdentifier

If I perform a Base64Decode on the value inside tha tag it contains a X.509 Certifikate and
not a Subject Key Identifier

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message