Repository: cxf Updated Branches: refs/heads/3.0.x-fixes fdb5facca -> ac6a4c2d5
[CXF-6032] - NullPointerException while validating cert for SAML HOK Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ac6a4c2d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ac6a4c2d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ac6a4c2d Branch: refs/heads/3.0.x-fixes Commit: ac6a4c2d5d682595cd5722f94a8797bc3577c991 Parents: fdb5fac Author: Colm O hEigeartaigh <[email protected]> Authored: Sat Oct 4 23:47:01 2014 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Sat Oct 4 23:47:01 2014 +0100 ---------------------------------------------------------------------- .../apache/cxf/sts/token/provider/DefaultSubjectProvider.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/ac6a4c2d/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java index 154ab7c..b04886d 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java @@ -21,8 +21,11 @@ package org.apache.cxf.sts.token.provider; import java.security.Principal; import java.security.PublicKey; import java.security.cert.X509Certificate; +import java.util.Collection; +import java.util.Collections; import java.util.logging.Level; import java.util.logging.Logger; +import java.util.regex.Pattern; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -173,8 +176,9 @@ public class DefaultSubjectProvider implements SubjectProvider { if (stsProperties.isValidateUseKey() && stsProperties.getSignatureCrypto() != null) { if (receivedKey.getX509Cert() != null) { try { + Collection<Pattern> constraints = Collections.emptyList(); stsProperties.getSignatureCrypto().verifyTrust( - new X509Certificate[]{receivedKey.getX509Cert()}, false, null); + new X509Certificate[]{receivedKey.getX509Cert()}, false, constraints); } catch (WSSecurityException e) { LOG.log(Level.FINE, "Error in trust validation of UseKey: ", e); throw new STSException("Error in trust validation of UseKey", STSException.REQUEST_FAILED);
