I have attempted to utilize https://github.com/DinoChiesa/Apigee-Java-WsSec-Signature-2GitHub - DinoChiesa/Apigee-Java-WsSec-Sig... and was wondering if the cited limitation of this JAVA callout package is being planned to be updated to enable validation of certificates which uses SHA-256 thumbprint?
@dchiesa1 requesting your advise and feedback for these query items and much appreciated!
Many thanks!
@pauljosh wrote:
wondering if the cited limitation of this JAVA callout package is being planned to be updated to enable validation of certificates which uses SHA-256 thumbprint?
Ahh, I understand.
I've updated the callout to also be able to validate SHA256 thumbprints. To get it, you configure it like this:
<JavaCallout name='Java-WSSEC-Validate'>
<Properties>
<Property name='source'>message.content</Property>
<Property name='max-lifetime'>10m</Property>
<Property name='require-expiry'>true</Property>
<Property name='accept-thumbprints-sha256'>ef3712c45743b3f4405f597a1f6173c4c7d0992eda38c0a3a42983d91a2cf489</Property>
</Properties>
<ClassName>com.google.apigee.callouts.wssecdsig.Validate</ClassName>
<ResourceURL>java://apigee-wssecdsig-20230721.jar</ResourceURL>
</JavaCallout>
The thumbprint must be hex-encoded. You need to pull the latest version from github to get this capability. Let me know how it goes.