Hans,
Sure, I will remove redundant methods per your approach. I
will also add
unit tests. What is the process to commit these changes to
TSIK?
Jar file contains the changed trust verifier classes to
implement the
new timestamp based verify method. I fixed some logic in
CRLTrustVerifier and added some null check since then.
Thanks
Gopi
------------------------------------------------------------
----
Gopi Santhanakrishnan
VeriSign Information Services
703-948-4386
-----Original Message-----
From: Granqvist, Hans
Sent: Tuesday, March 14, 2006 6:55 PM
To: Santhanakrishnan, Gopikrishna; tsik-dev ws.apache.org
Subject: RE: TSIK TrustVerifier timestamp support
HI Gopi,
I like the idea. There seems to be code duplication which
can be avoided
having the original non-date signature method call dated
ones with a
Time.now() parameter?
I couldn't see any unit tests for these new signatures
either.
Hans
Btw, what is in the jar file you attached?
-----Original Message-----
From: Santhanakrishnan, Gopikrishna
Sent: Tue 3/14/2006 1:18 PM
To: tsik-devws.apache.org; Granqvist, Hans
Subject: TSIK TrustVerifier timestamp support
Hi
I have the attached enhancement (source and diff to base)
to TSIK API
to support timestamp based trust verification to achieve the
following
needs:
* Whether the Certificate used in XML Signature was valid
at the time
of signing?
* Whether the CRL was revoked at the time of signing?
I have taken liberty to design with the following method to
TrustVerifier interface
void verifyTrust(X509Certificate[] chain, Date date)
throws
TrustVerificationException
And added implementation for this metho for all
TrustVerifiers
especially X509TrustVerifier and CRLTrustVerifier to achieve
the above
requirements.
Please provide your inputs.
Thanks
Gopi
------------------------------------------------------------
---------
To unsubscribe, e-mail: tsik-dev-unsubscribews.apache.org
For additional commands, e-mail: tsik-dev-helpws.apache.org
|