Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-278

verifyTrust in Crypto should use CRLs as well

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.6
    • Fix Version/s: 1.6.1
    • Component/s: WSS4J Core
    • Labels:
      None
    • Environment:
      all

      Description

      The trust chain is validated without checking the CRLs. It is done this way, because Merlin does not check the CRLs as well. But it could be done by using CertPathValidator with proper parameters:
      java.security.cert.PKIXParameters params = new java.security.cert.PKIXParameters(...);
      params.setRevocationEnabled(true);

      It would be nice, if th verifyTrust-Method in Crypto would provide the functionality of checking the CRLs. Or a new method (validateTrustWithCRLs(...) ?) would be created.

        Activity

        Hide
        coheigea Colm O hEigeartaigh added a comment -

        Fixed. Please see this blog entry for more details:

        http://coheigea.blogspot.com/2011/05/crl-support-in-wss4j-161.html

        Colm.

        Show
        coheigea Colm O hEigeartaigh added a comment - Fixed. Please see this blog entry for more details: http://coheigea.blogspot.com/2011/05/crl-support-in-wss4j-161.html Colm.

          People

          • Assignee:
            coheigea Colm O hEigeartaigh
            Reporter:
            marcin.markiewicz Marcin Markiewicz
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development