Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-40

WSSecurityEngine does not support chained certificates

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.5.6
    • 1.5.10, 1.6
    • None
    • None
    • WSS4J 1.0.0, Axis 1.2.1, Sun JDK 1.4.2

    Description

      My project, which is associated with the Grid, uses limited proxy certificates for digital signature. I.e., the signing application holds a user's permanent certificate, signed by a CA and a proxy certificate signed with the permanent certificate. The application signs a message using the proxy certificate and includes both the proxy and permanent certificates in the message header as a WS-Security direct reference to a BinarySecurityToken. The service has the CA certificate with which the user's permanent certficate was signed. Therefore, to establish trust, the service has to chain back from the proxy to the permanent certificate and then to the CA certificate.

      WSSignEnvelope includes both certificates correctly but WSSecurityEngine fails when checking the chain of trust. WSSecurityEngine..processSecurityHeader() only adds one certificate to the results passed back to WSDoAllReceiver; it ignores the intermediate certificate in the chain.

      Attachments

        1. wss-40-test.patch
          4 kB
          Seumas Soltysik
        2. wss40.patch
          7 kB
          Seumas Soltysik
        3. wss40-trunk-revised.patch
          8 kB
          Colm O hEigeartaigh
        4. wss40.patch.11.09.2010
          12 kB
          Seumas Soltysik
        5. client_keystore.jks
          3 kB
          Seumas Soltysik
        6. server_keystore.jks
          1 kB
          Seumas Soltysik

        Issue Links

          Activity

            People

              coheigea Colm O hEigeartaigh
              guyrixon Guy Rixon
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: