Menu
▾
▴
Re: [Ejbca-develop] Support CertHash extension in OCSP singleExtensions field
|
From: Tomas G. <to...@pr...> - 2017-11-24 08:28:43
|
Thanks. I'll try to incorporate it in a future release, not too far in the future. FYI: for this specific function, API stability is of less concern I would say. I am not aware of anyone using this specific plug-in API. If anyone is, and is reading this, please let us know. Regards, Tomas On 2017-11-13 13:25, Horstmann, Moritz wrote: > Hi Tomas, > > Thanks for creating the JIRA issue, I just registered myself with the username mhorst. > I looked at the existing patch and these are my remarks: > > 1. The patch changes the interface OCSPExtension, which could be problematic if it is used for other extensions not delivered with EJBCA (e.g. developed by customers). > 2. The OCSPExtensionType REQUEST and SINGLE_REQUEST enum constants are not wired up anywhere, which could cause confusion when trying to implement those extensions in the future. I'd leave them out or add a comment to both. > > I designed my patch with API stability in mind - if that is not important, I would prefer the existing patch due to its brevity. > > Regards, > > Moritz Horstmann > Entwicklung > -- > Governikus GmbH & Co. KG > Am Fallturm 9 > 28359 Bremen, Germany > > Phone+49 421 204 95 - 81 > Fax+49 421 204 95 - 11 > E-M...@go... > www.governikus.com > -- > Governikus GmbH & Co. KG > Aufsichtsratsvorsitzender: Dr. Martin Hagen | Amtsgericht Bremen HRA 22041 > Geschäftsführer: Dr. Stephan Klein > > Persönlich haftende Gesellschafterin: Governikus Bremen GmbH > Geschäftsführer: Dr. Stephan Klein | Amtsgericht Bremen HRB 18756 > > > > **************************************************** > Veranstaltungsvorschau: Besuchen Sie uns… > Governikus Jahrestagung | 07. + 08.11.2017 | dbb forum Berlin > 9. Jahrestagung E-Akte | 15. + 16.11.2017 | Bundespresseamt Berlin > > -----Ursprüngliche Nachricht----- > Von: Tomas Gustavsson [mailto:to...@pr...] > Gesendet: Donnerstag, 9. November 2017 08:04 > An: ejb...@li... > Betreff: Re: [Ejbca-develop] Support CertHash extension in OCSP singleExtensions field > > > Hi Moritz, > > Thanks for the work. We'll take a look at it and try to add it to a future version. Especially thanks for creating a JUnit test, that helps a lot to get things through. > > I created this issue: > https://jira.primekey.se/browse/ECA-6292 > > If you have an account in Jira, you can follow it there (I can also set you as reporter) > > We actually have another patch for the same thing, and I will compare both. I attached both patches to the Jira issue, feel free to compare the other one and say what you think. > > > Regards, > Tomas > ********** > PrimeKey Solutions AB > Lundagatan 16, 171 63 Solna, Sweden > Mob: +46 (0)707421096 > Internet: www.primekey.se > Twitter: twitter.com/primekeyPKI > ********** > > On 2017-11-06 09:36, Horstmann, Moritz wrote: >> Hi, >> >> >> >> I use EJBCA to provide test certificates in German/European >> eGovernment scenarios. >> >> >> >> While testing a new tool for signature verification, I noticed the >> CertHash extension in EJBCA putting the extension in the >> responseExtensions field of the OCSP ResponseData element, whereas it >> should be put inside the singleExtensions field of the OCSP >> SingleResponse element, according to Common-PKI (see Common PKI Part 9 >> version 2.0 page 22, table row 4: _SingleResponse extension:_ […] ). >> >> >> >> In the attached patch, I implemented generic support for >> SingleExtensions in the OcspResponseGeneratorSessionBean together with >> an implementation of the CertHash extension for singleExtension. It >> shares code with the old extension to prevent code duplication, but it >> does not change the behavior of the old extension and will become >> active when configured explicitly in the ocsp.extensionclass property >> of the conf/ocsp.properties file. >> >> >> >> I’d like to contribute the patch to upstream; any feedback or change >> request is appreciated. Apply the patch with -p1 option in ejbca trunk root. >> >> >> >> This work is sponsored by Governikus GmbH & Co. KG. >> >> >> >> Regards, >> >> >> >> Moritz Horstmann >> Entwicklung >> -- >> >> *Governikus GmbH & Co. **KG* >> >> Am Fallturm 9 >> >> 28359 Bremen, Germany >> >> >> >> Phone +49 421 204 95 - 81 >> >> Fax +49 421 204 95 - 11 >> >> E-Mail mor...@go... >> <mailto:mor...@go...> >> >> www.governikus.com <http://www.governikus.com/> >> >> -- >> >> Governikus GmbH & Co. KG >> >> Aufsichtsratsvorsitzender: Dr. Martin Hagen | Amtsgericht Bremen HRA >> 22041 >> >> Geschäftsführer: Dr. Stephan Klein >> >> >> >> Persönlich haftende Gesellschafterin: Governikus Bremen GmbH >> >> Geschäftsführer: Dr. Stephan Klein | Amtsgericht Bremen HRB 18756 >> >> >> >> >> **************************************************** >> *Veranstaltungsvorschau: Besuchen Sie uns… *Governikus Jahrestagung >> <https://www.jahrestagung.governikus.de>| 07. + >> 08.11.2017 | dbb forum Berlin >> 9. Jahrestagung E-Akte >> <https://www.infora-mc.de/Jahrestagung-E-Akte-676078.html>| 15. + >> 16.11.2017 | Bundespresseamt Berlin >> >> >> >> Governikus KG >> Twitter Governikus KG <http://www.twitter.com/Governikus_KG> Youtube >> Governikus KG >> <https://www.youtube.com/watch?v=tR4dEHyUs9g&list=PLpn1VV_zfaVfaGGnxtB >> 06Bxo3Vb3RG_SV> >> >> AusweisApp2 >> Twitter AusweisApp2 <http://www.twitter.com/AusweisApp2> Facebook >> AusweisApp2 <http://www.facebook.com/AusweisApp2 > >> >> >> ---------------------------------------------------------------------- >> -------- Check out the vibrant tech community on one of the world's >> most engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |