[WSS-489] Extend Crypto interface with verifyTrustDirect() method - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.0.0
Component/s: None
Labels:
None

Description

Normally validate() operation checks only validity period, trusted chain and CRLs of X509 certificate. Basically it is not necessary that certificate exists in the repository/keystore.
However, in some cases it is required that certificate itself is "known" and located in trusted store or XKMS repository (direct trust).

To cover this use case I would propose to extend Crypto interface with verifyTrustDirect() method that cover this functionality. CryptoBase will delegate this method to verifyTrust() by default.

See https://issues.apache.org/jira/browse/CXF-5482 for details

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

crypto-direct-trust.patch
06/Jan/14 15:16
2 kB
Andrei Shakirin

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Andrei Shakirin

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 06/Jan/14 15:14

Updated:: 06/May/14 09:10

Resolved:: 07/Jan/14 12:07