mace-opensaml-users - [OpenSAML] How to validate specific parts of the X.509 subject name in the singning certificate
Subject: OpenSAML user discussion
List archive
[OpenSAML] How to validate specific parts of the X.509 subject name in the singning certificate
Chronological Thread
- From: JM Tremblay <>
- To: mace-opensaml-users <>
- Subject: [OpenSAML] How to validate specific parts of the X.509 subject name in the singning certificate
- Date: Mon, 15 Nov 2010 17:25:36 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=B+giYo4ywrz1WjFLneCj0vErdVbYIJe4t/qpLrGGBUbsfocwWXNJ8WZFLyIUDOokno OhU4u1GZV3tYdEoIkJJjR1QyaA+1SonRr6gglkASbL7Uogv0ZaBhn+6EhTMemQfhTgHL paRBHZltuiMrsbAieYp4mj9rE2FqDPFP2oHFM=
Hi,
I'm looking at PKIXSignatureTrustEngine.evaluateTrust() and
checkNames() in OpenSAML Java 2.4.0 and I see that with some Criteria
I could get the trust engine to validate that the received signing
certificate has a certain subject name. But do you guys have a hint on
how I could validate only certain parts of the subject name (eg.
O=organization)? I was hoping I could derive some custom Criteria or
pass in an X509SubjectNameCriteria with some wildcards. But that
doesn't seem possible. Do you recommend deriving a custom
PKIXSignatureTrustEngine?
JMT
- [OpenSAML] How to validate specific parts of the X.509 subject name in the singning certificate, JM Tremblay, 11/15/2010
- Re: [OpenSAML] How to validate specific parts of the X.509 subject name in the singning certificate, Brent Putman, 11/15/2010
Archive powered by MHonArc 2.6.16.