Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-340

support Certificates revocation check before encrypt on sender side

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.6.4
    • Fix Version/s: 1.6.5
    • Component/s: None
    • Labels:
      None

      Description

      currently WSS4J can support Certificates revocation check(CRL and OCSP) when receiver side validate a signature. Similarly WSS4J should also support Certificates revocation check before encrypt on sender side, as in both case it's possible to use a revoked certificate. We can do it in EncryptionAction where we can load encrypt crypto and use the verifyTrust(certs, enableRevocation, enableOCSP) already there.

      1. WSS-340.patch
        10 kB
        Freeman Fang

        Activity

        Hide
        ffang Freeman Fang added a comment -

        Hi Colm,
        Sure, thanks for applying the patch.
        Freeman

        Show
        ffang Freeman Fang added a comment - Hi Colm, Sure, thanks for applying the patch. Freeman
        Hide
        coheigea Colm O hEigeartaigh added a comment -

        Hi Freeman,

        Could you also merge the EncryptionAction logic to CXF for the WS-SecurityPolicy case? EncryptionAction is only used for the non-policy case.

        Colm.

        Show
        coheigea Colm O hEigeartaigh added a comment - Hi Freeman, Could you also merge the EncryptionAction logic to CXF for the WS-SecurityPolicy case? EncryptionAction is only used for the non-policy case. Colm.
        Hide
        ffang Freeman Fang added a comment -

        Hi Colm,

        I append a patch which also include a testcase, please review it.

        Best Regards
        Freeman

        Show
        ffang Freeman Fang added a comment - Hi Colm, I append a patch which also include a testcase, please review it. Best Regards Freeman
        Hide
        coheigea Colm O hEigeartaigh added a comment -

        Hi Freeman,

        Sounds good, but could you submit a patch based on the current code rather than the patch you submitted for WSS-339?

        Thanks,

        Colm.

        Show
        coheigea Colm O hEigeartaigh added a comment - Hi Freeman, Sounds good, but could you submit a patch based on the current code rather than the patch you submitted for WSS-339 ? Thanks, Colm.
        Hide
        ffang Freeman Fang added a comment -

        Hi Team,

        I'm working on it and will append a patch soon.

        Freeman

        Show
        ffang Freeman Fang added a comment - Hi Team, I'm working on it and will append a patch soon. Freeman

          People

          • Assignee:
            coheigea Colm O hEigeartaigh
            Reporter:
            ffang Freeman Fang
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development