svn commit: r1130222 - /webservices/wss4j/trunk/src/main/java/org/apache/ws/security/components/crypto/Merlin.java

Wed, 01 Jun 2011 09:54:35 -0700 

Author: coheigea
Date: Wed Jun  1 16:54:04 2011
New Revision: 1130222

URL: http://svn.apache.org/viewvc?rev=1130222&view=rev
Log:
[WSS-287] - No longer use keystore for truststore purposes if the latter is 
explicitly specified.

Modified:
    
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/components/crypto/Merlin.java

Modified: 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/components/crypto/Merlin.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/components/crypto/Merlin.java?rev=1130222&r1=1130221&r2=1130222&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/components/crypto/Merlin.java
 (original)
+++ 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/components/crypto/Merlin.java
 Wed Jun  1 16:54:04 2011
@@ -121,6 +121,7 @@ public class Merlin extends CryptoBase {
     protected KeyStore keystore = null;
     protected KeyStore truststore = null;
     protected CertStore crlCertStore = null;
+    private boolean loadCACerts = false;
     
     public Merlin() {
         // default constructor
@@ -225,6 +226,7 @@ public class Merlin extends CryptoBase {
                         + " has been loaded"
                     );
                 }
+                loadCACerts = false;
             } finally {
                 if (is != null) {
                     is.close();
@@ -250,6 +252,7 @@ public class Merlin extends CryptoBase {
                     if (doDebug) {
                         log.debug("CA certs have been loaded");
                     }
+                    loadCACerts = true;
                 } finally {
                     if (is != null) {
                         is.close();
@@ -756,8 +759,12 @@ public class Merlin extends CryptoBase {
                 }
             }
 
-            // Add certificates from the keystore
-            if (keystore != null) {
+            //
+            // Add certificates from the keystore - only if there is no 
TrustStore, apart from
+            // the case that the truststore is the JDK CA certs. This 
behaviour is preserved
+            // for backwards compatibility reasons
+            //
+            if (keystore != null && (truststore == null || loadCACerts)) {
                 Enumeration<String> aliases = keystore.aliases();
                 while (aliases.hasMoreElements()) {
                     String alias = aliases.nextElement();

Reply via email to