[jboss-user] [JBoss Web Services] - Looking for keys in the wrong place

[Federico Jorge]

Federico Jorge [http://community.jboss.org/people/fedejofa] created the discussion

"Looking for keys in the wrong place"

To view the discussion, visit: http://community.jboss.org/message/577213#577213

--------------------------------------------------------------
Hi, i found that when a client use X509 Certificate Token Reference: 
*  keyIdentifier 
          or
*  x509IssuerSerial 

the server looks for the keys in the keystore instead of the truststore.
In the case of:
*  directReference (+default+) 
the server looks for the key in the truststore.

I have veryfied this with some other guy, and i test this several times.
I know this might be not very important, but i would like your opinions if i should report a jira with the 'bug'.
I will try to look forward a solution for this.

--
The other thing i found is that when receiving x509IssuerSerial from SoapUI (i think it use some apache implementation, but nnot sure)
the IssuerName is send as:
CN=Entidad Cert. TEST de Sistema de Transporte Metropolitano,*OU=STM,O=IMM,C=UY*

but what Jboss expected is:

CN=Entidad Cert. TEST de Sistema de Transporte Metropolitano*, OU=STM, O=IMM, C=UY*

I tried to look for the standard to determine if the problem is from SoapUI or if Jboss should support receiving the IssuerName without spaces after comma but dont find nothing strictly talking about this.
Anyway im quite new to all this security stuff. I would like to hear an experienced voice.

Greetings.
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/577213#577213]

Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20101222/87ec117e/attachment.html