Return-Path: Delivered-To: apmail-ws-wss4j-dev-archive@www.apache.org Received: (qmail 99317 invoked from network); 18 Jun 2009 10:18:03 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 18 Jun 2009 10:18:03 -0000 Received: (qmail 60327 invoked by uid 500); 18 Jun 2009 10:18:14 -0000 Delivered-To: apmail-ws-wss4j-dev-archive@ws.apache.org Received: (qmail 60226 invoked by uid 500); 18 Jun 2009 10:18:13 -0000 Mailing-List: contact wss4j-dev-help@ws.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list wss4j-dev@ws.apache.org Received: (qmail 60204 invoked by uid 99); 18 Jun 2009 10:18:13 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Jun 2009 10:18:13 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [217.115.75.234] (HELO demumfd002.nsn-inter.net) (217.115.75.234) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Jun 2009 10:18:01 +0000 Received: from demuprx017.emea.nsn-intra.net ([10.150.129.56]) by demumfd002.nsn-inter.net (8.12.11.20060308/8.12.11) with ESMTP id n5IAHexM025746 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 18 Jun 2009 12:17:40 +0200 Received: from demuexc024.nsn-intra.net (demuexc024.nsn-intra.net [10.159.32.11]) by demuprx017.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id n5IAHdT5029978; Thu, 18 Jun 2009 12:17:40 +0200 Received: from DEMUEXC014.nsn-intra.net ([10.150.128.25]) by demuexc024.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.3959); Thu, 18 Jun 2009 12:17:39 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [jira] Created: (WSS-200) Compliance with X.509 Certificate Token Profile Date: Thu, 18 Jun 2009 12:17:42 +0200 Message-ID: In-Reply-To: <2028293959.1245261247437.JavaMail.jira@brutus> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [jira] Created: (WSS-200) Compliance with X.509 Certificate Token Profile Thread-Index: AcnvdTmmpM76IIfZQ9mkP1CUR5rwqgAh/EBA References: <2028293959.1245261247437.JavaMail.jira@brutus> From: "Dittmann, Werner (NSN - DE/Munich)" To: =?iso-8859-1?Q?ext_Mattias_Sj=F6l=E9n_=28JIRA=29?= , X-OriginalArrivalTime: 18 Jun 2009 10:17:39.0985 (UTC) FILETIME=[02863010:01C9EFFE] X-Virus-Checked: Checked by ClamAV on apache.org WSS4J support several key identifier types, for example SKI (Subject Key Identifier), X509v3, thumbprint and others. It is the task of the software that uses WSS4J library to select the key identifier type, thus the "Java based tool om Windows" sould set the correct parameters. Where do you (or the "tool") specify which key identifier type (profile) to use? Regards, Werner > -----Original Message----- > From: ext Mattias Sj=F6l=E9n (JIRA) [mailto:jira@apache.org]=20 > Sent: Wednesday, June 17, 2009 7:54 PM > To: wss4j-dev@ws.apache.org > Subject: [jira] Created: (WSS-200) Compliance with X.509=20 > Certificate Token Profile >=20 > Compliance with X.509 Certificate Token Profile > ----------------------------------------------- >=20 > Key: WSS-200 > URL: https://issues.apache.org/jira/browse/WSS-200 > Project: WSS4J > Issue Type: Bug > Components: WSS4J Core > Affects Versions: 1.5.7 > Environment: I have been running a Java based tool=20 > om Windows that have wss4j-1.5.7.jar in it's lib folder so I=20 > quess that WSS4J is used internaly by the tool. > Reporter: Mattias Sj=F6l=E9n > Assignee: Ruchith Udayanga Fernando >=20 >=20 > Chapter "3.2.1 Reference to an X.509 Subject Key Identifier"=20 > in the "Certificate Token Profile 1.1" specification states=20 > the following - "The element MUST have a=20 > ValueType attribute with the value #X509SubjectKeyIdentifier=20 > and its contents MUST be the value of the certificate's=20 > X.509v3 SubjectKeyIdentifier extension, encoded as per the=20 > element's EncodingType attribute." >=20 > The tool I use signs an outgoing xml according to the=20 > specified policy and it will then contain the following tags: > xmlns:wsu=3D"http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurity-utility-1.0.xsd"> > EncodingType=3D"http://docs.oasis-open.org/wss/2004/01/oasis-200 401-wss-soap-message-security-1.0#Base64Binary" > = ValueType=3D"http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509v3"> > MIIEFzCCAv+gA... > > >=20 > Notice that the ValueType for the KeyIdentifier is #X509v3=20 > instead of #X509SubjectKeyIdentifier > ValueType=3D"http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509v3" >=20 > If I perform a Base64Decode on the value inside tha tag it=20 > contains a X.509 Certifikate and not a Subject Key Identifier >=20 > --=20 > This message is automatically generated by JIRA. > - > You can reply to this email to add a comment to the issue online. >=20 >=20 > --------------------------------------------------------------------- > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org > For additional commands, e-mail: wss4j-dev-help@ws.apache.org >=20 >=20 --------------------------------------------------------------------- To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org For additional commands, e-mail: wss4j-dev-help@ws.apache.org