Menu
▾
▴
Re: [Ejbca-develop] Support CertHash extension in OCSP singleExtensions field
|
From: Tomas G. <to...@pr...> - 2017-12-22 09:14:16
|
Hi, I have shceduled to fix this for the next feature release, EJBCA 6.12, scheduled for Q1 2018. API stability is not of great importance for this specific API, so I'll go for the smaller patch. Thanks for reminding us of this so we can fix it. Happy holidays! Regards, Tomas On 2017-11-13 13:25, Horstmann, Moritz wrote: > Hi Tomas, > > Thanks for creating the JIRA issue, I just registered myself with the username mhorst. > I looked at the existing patch and these are my remarks: > > 1. The patch changes the interface OCSPExtension, which could be problematic if it is used for other extensions not delivered with EJBCA (e.g. developed by customers). > 2. The OCSPExtensionType REQUEST and SINGLE_REQUEST enum constants are not wired up anywhere, which could cause confusion when trying to implement those extensions in the future. I'd leave them out or add a comment to both. > > I designed my patch with API stability in mind - if that is not important, I would prefer the existing patch due to its brevity. > > Regards, > > Moritz Horstmann > Entwicklung > -- > Governikus GmbH & Co. KG > Am Fallturm 9 > 28359 Bremen, Germany > > Phone+49 421 204 95 - 81 > Fax+49 421 204 95 - 11 > E-M...@go... > www.governikus.com > -- > Governikus GmbH & Co. KG > Aufsichtsratsvorsitzender: Dr. Martin Hagen | Amtsgericht Bremen HRA 22041 > Geschäftsführer: Dr. Stephan Klein > > Persönlich haftende Gesellschafterin: Governikus Bremen GmbH > Geschäftsführer: Dr. Stephan Klein | Amtsgericht Bremen HRB 18756 > > > > **************************************************** > Veranstaltungsvorschau: Besuchen Sie uns… > Governikus Jahrestagung | 07. + 08.11.2017 | dbb forum Berlin > 9. Jahrestagung E-Akte | 15. + 16.11.2017 | Bundespresseamt Berlin > > -----Ursprüngliche Nachricht----- > Von: Tomas Gustavsson [mailto:to...@pr...] > Gesendet: Donnerstag, 9. November 2017 08:04 > An: ejb...@li... > Betreff: Re: [Ejbca-develop] Support CertHash extension in OCSP singleExtensions field > > > Hi Moritz, > > Thanks for the work. We'll take a look at it and try to add it to a future version. Especially thanks for creating a JUnit test, that helps a lot to get things through. > > I created this issue: > https://jira.primekey.se/browse/ECA-6292 > > If you have an account in Jira, you can follow it there (I can also set you as reporter) > > We actually have another patch for the same thing, and I will compare both. I attached both patches to the Jira issue, feel free to compare the other one and say what you think. > > > Regards, > Tomas > ********** > PrimeKey Solutions AB > Lundagatan 16, 171 63 Solna, Sweden > Mob: +46 (0)707421096 > Internet: www.primekey.se > Twitter: twitter.com/primekeyPKI > ********** > > On 2017-11-06 09:36, Horstmann, Moritz wrote: >> Hi, >> >> >> >> I use EJBCA to provide test certificates in German/European >> eGovernment scenarios. >> >> >> >> While testing a new tool for signature verification, I noticed the >> CertHash extension in EJBCA putting the extension in the >> responseExtensions field of the OCSP ResponseData element, whereas it >> should be put inside the singleExtensions field of the OCSP >> SingleResponse element, according to Common-PKI (see Common PKI Part 9 >> version 2.0 page 22, table row 4: _SingleResponse extension:_ […] ). >> >> >> >> In the attached patch, I implemented generic support for >> SingleExtensions in the OcspResponseGeneratorSessionBean together with >> an implementation of the CertHash extension for singleExtension. It >> shares code with the old extension to prevent code duplication, but it >> does not change the behavior of the old extension and will become >> active when configured explicitly in the ocsp.extensionclass property >> of the conf/ocsp.properties file. >> >> >> >> I’d like to contribute the patch to upstream; any feedback or change >> request is appreciated. Apply the patch with -p1 option in ejbca trunk root. >> >> >> >> This work is sponsored by Governikus GmbH & Co. KG. >> >> >> >> Regards, >> >> >> >> Moritz Horstmann >> Entwicklung >> -- >> >> *Governikus GmbH & Co. **KG* >> >> Am Fallturm 9 >> >> 28359 Bremen, Germany >> >> >> >> Phone +49 421 204 95 - 81 >> >> Fax +49 421 204 95 - 11 >> >> E-Mail mor...@go... >> <mailto:mor...@go...> >> >> www.governikus.com <http://www.governikus.com/> >> >> -- >> >> Governikus GmbH & Co. KG >> >> Aufsichtsratsvorsitzender: Dr. Martin Hagen | Amtsgericht Bremen HRA >> 22041 >> >> Geschäftsführer: Dr. Stephan Klein >> >> >> >> Persönlich haftende Gesellschafterin: Governikus Bremen GmbH >> >> Geschäftsführer: Dr. Stephan Klein | Amtsgericht Bremen HRB 18756 >> >> >> >> >> **************************************************** >> *Veranstaltungsvorschau: Besuchen Sie uns… *Governikus Jahrestagung >> <https://www.jahrestagung.governikus.de>| 07. + >> 08.11.2017 | dbb forum Berlin >> 9. Jahrestagung E-Akte >> <https://www.infora-mc.de/Jahrestagung-E-Akte-676078.html>| 15. + >> 16.11.2017 | Bundespresseamt Berlin >> >> >> >> Governikus KG >> Twitter Governikus KG <http://www.twitter.com/Governikus_KG> Youtube >> Governikus KG >> <https://www.youtube.com/watch?v=tR4dEHyUs9g&list=PLpn1VV_zfaVfaGGnxtB >> 06Bxo3Vb3RG_SV> >> >> AusweisApp2 >> Twitter AusweisApp2 <http://www.twitter.com/AusweisApp2> Facebook >> AusweisApp2 <http://www.facebook.com/AusweisApp2 > >> >> >> ---------------------------------------------------------------------- >> -------- Check out the vibrant tech community on one of the world's >> most engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
