svn commit: r1603461 - /webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java

[coheigea]

Author: coheigea
Date: Wed Jun 18 14:25:28 2014
New Revision: 1603461

URL: http://svn.apache.org/r1603461
Log:
[WSS-504] - False control flow leading to warning "No Subject DN Certificate 
Constraints were defined. This could be a security issue"

Modified:
    
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java

Modified: 
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java?rev=1603461&r1=1603460&r2=1603461&view=diff
==============================================================================
--- 
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java
 (original)
+++ 
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java
 Wed Jun 18 14:25:28 2014
@@ -160,6 +160,10 @@ public class SignatureTrustValidator imp
                      + subjectString
                 );
             }
+            if (isCertificateInKeyStore(crypto, cert)) {
+                return true;
+            }
+
             Collection<Pattern> subjectCertConstraints = 
data.getSubjectCertConstraints();
             if (matches(cert, subjectCertConstraints)) {
                 return true;