Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-853

KeyStoreCallbackHandler should allow the configuration of PKIXBuilderParameters, specifically to enable revocation checking

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.1 GA, 2.1.4
    • Fix Version/s: 2.2.RC1
    • Component/s: None
    • Labels:
      None

      Description

      The Spring Web Services class org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler implements X509 certificate validation with method handleCertificateValidationCallback(), which in turn uses an instance of the inner class KeyStoreCertificateValidator. The validate() method of KeyStoreCertificateValidator creates an instance of java.security.cert.PKIXBuilderParameters. The current implementation (I checked up to version Spring WS 2.1.4) calls setRevocationEnabled(false), i.e. certificate revocation checking of the PKIX service provider is turned off.

      The revocation checking feature of the callback handler bean needs to be configurable as a bean property. There are other aspects of PKIXBuilderParameters that control the behavior of the PKIX service provider with respect to certificate validation. Therefore, it seems to be appropriate to allow the application to supply a configured instance of PKIXBuilderParameters.

      Work-around: class KeyStoreCallbackHandler uses final methods and private inner classes. Therefore the revocation checking behavior cannot be changed in a class extension. I had to copy the class and modify line 648 to pass the value of a bean property isRevocationEnabled instead of false.

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            arjen.poutsma Arjen Poutsma
            Reporter:
            jfai J├╝rgen Failenschmid
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: