Author: coheigea
Date: Tue Oct 18 15:20:57 2016
New Revision: 1765463

URL: http://svn.apache.org/viewvc?rev=1765463&view=rev
Log:
Modifying last commit for 2.1.x

Modified:
    
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CertificateStore.java
    
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Crypto.java
    
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoBase.java
    
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
    
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinAKI.java
    
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
    
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java
    
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java
    
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SecurityTokenImpl.java
    
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java

Modified: 
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CertificateStore.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CertificateStore.java?rev=1765463&r1=1765462&r2=1765463&view=diff
==============================================================================
--- 
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CertificateStore.java
 (original)
+++ 
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CertificateStore.java
 Tue Oct 18 15:20:57 2016
@@ -157,7 +157,7 @@ public class CertificateStore extends Cr
      * @param subjectCertConstraints A set of constraints on the Subject DN of 
the certificates
      * @throws WSSecurityException if the certificate chain is invalid
      */
-    protected void verifyTrust(
+    public void verifyTrust(
         X509Certificate[] certs,
         boolean enableRevocation,
         Collection<Pattern> subjectCertConstraints
@@ -272,15 +272,6 @@ public class CertificateStore extends Cr
             throw new 
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
         }
     }
-
-    @Override
-    public void verifyTrust(X509Certificate[] certs, boolean enableRevocation, 
Collection<Pattern> subjectCertConstraints,
-                            Collection<Pattern> issuerCertConstraints) throws 
WSSecurityException {
-        verifyTrust(certs, enableRevocation, subjectCertConstraints);
-        if (!matchesIssuerDnPattern(certs[0], issuerCertConstraints)) {
-            throw new 
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
-        }
-    }
 
     /**
      * Evaluate whether a given public key should be trusted.

Modified: 
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Crypto.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Crypto.java?rev=1765463&r1=1765462&r2=1765463&view=diff
==============================================================================
--- 
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Crypto.java
 (original)
+++ 
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Crypto.java
 Tue Oct 18 15:20:57 2016
@@ -197,15 +197,22 @@ public interface Crypto {
      * @param certs Certificate chain to validate
      * @param enableRevocation whether to enable CRL verification or not
      * @param subjectCertConstraints A set of constraints on the Subject DN of 
the certificates
-     * @param issuerCertConstraints A set of constraints on the Issuer DN of 
the certificates
      * @throws WSSecurityException if the certificate chain is invalid
      */
     void verifyTrust(
         X509Certificate[] certs, boolean enableRevocation,
-        Collection<Pattern> subjectCertConstraints,Collection<Pattern> 
issuerCertConstraints
+        Collection<Pattern> subjectCertConstraints
     ) throws WSSecurityException;
 
     /**
+     * Evaluate whether a given public key should be trusted directly (located
+     *
+     * @param certs Certificate chain to validate
+     * @throws WSSecurityException if the certificate chain is invalid
+     */
+    void verifyDirectTrust(X509Certificate[] certs) throws WSSecurityException;
+
+    /**
      * Evaluate whether a given public key should be trusted.
      *
      * @param publicKey The PublicKey to be evaluated

Modified: 
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoBase.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoBase.java?rev=1765463&r1=1765462&r2=1765463&view=diff
==============================================================================
--- 
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoBase.java
 (original)
+++ 
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoBase.java
 Tue Oct 18 15:20:57 2016
@@ -295,6 +295,11 @@ public abstract class CryptoBase impleme
         }
         return certs;
     }
+    
+    @Override
+    public void verifyDirectTrust(X509Certificate[] certs) throws 
WSSecurityException {
+        verifyTrust(certs, true, null);
+    }
 
     protected Object createBCX509Name(String s) {
         if (BC_509CLASS_CONS != null) {
@@ -329,23 +334,6 @@ public abstract class CryptoBase impleme
     }
 
     /**
-     * @return      true if the certificate's Issuer DN matches the 
constraints defined in the
-     *              subject DNConstraints; false, otherwise. The certificate 
subject DN only
-     *              has to match ONE of the subject cert constraints (not all).
-     */
-    protected boolean
-    matchesIssuerDnPattern(
-        final X509Certificate cert, final Collection<Pattern> issuerDNPatterns
-    ) {
-        if (cert == null) {
-            LOG.debug("The certificate is null so no constraints matching was 
possible");
-            return false;
-        }
-        String issuerDn = cert.getIssuerDN().getName();
-        return matchesName(issuerDn, issuerDNPatterns);
-    }
-
-    /**
      * @return      true if the provided name matches the constraints defined 
in the
      *              subject DNConstraints; false, otherwise. The certificate 
(subject) DN only
      *              has to match ONE of the (subject) cert constraints (not 
all).

Modified: 
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?rev=1765463&r1=1765462&r2=1765463&view=diff
==============================================================================
--- 
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
 (original)
+++ 
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
 Tue Oct 18 15:20:57 2016
@@ -779,7 +779,7 @@ public class Merlin extends CryptoBase {
      *
      * @throws WSSecurityException if the certificate chain is invalid
      */
-    protected void verifyTrust(
+    public void verifyTrust(
         X509Certificate[] certs,
         boolean enableRevocation,
         Collection<Pattern> subjectCertConstraints
@@ -952,16 +952,6 @@ public class Merlin extends CryptoBase {
         }
     }   
 
-    @Override
-    public void verifyTrust(X509Certificate[] certs, boolean enableRevocation, 
-                            Collection<Pattern> subjectCertConstraints,
-                            Collection<Pattern> issuerCertConstraints) throws 
WSSecurityException {
-        verifyTrust(certs, enableRevocation, subjectCertConstraints);
-        if (!matchesIssuerDnPattern(certs[0], issuerCertConstraints)) {
-            throw new 
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
-        }
-    }
-
     // Separated out to allow subclasses to override it
     protected PKIXParameters createPKIXParameters(
         Set<TrustAnchor> trustAnchors, boolean enableRevocation

Modified: 
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinAKI.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinAKI.java?rev=1765463&r1=1765462&r2=1765463&view=diff
==============================================================================
--- 
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinAKI.java
 (original)
+++ 
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinAKI.java
 Tue Oct 18 15:20:57 2016
@@ -81,7 +81,7 @@ public class MerlinAKI extends Merlin {
      * @throws WSSecurityException if the certificate chain is invalid
      */
     @Override
-    protected void verifyTrust(
+    public void verifyTrust(
         X509Certificate[] certs,
         boolean enableRevocation,
         Collection<Pattern> subjectCertConstraints

Modified: 
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java?rev=1765463&r1=1765462&r2=1765463&view=diff
==============================================================================
--- 
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
 (original)
+++ 
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
 Tue Oct 18 15:20:57 2016
@@ -80,7 +80,7 @@ public class EncryptionAction implements
             cryptoType.setAlias(encryptionToken.getUser());
             X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
             if (certs != null && certs.length > 0) {
-                crypto.verifyTrust(certs, enableRevocation, null, null);
+                crypto.verifyTrust(certs, enableRevocation, null);
             }
         }
         if (encryptionToken.getParts().size() > 0) {

Modified: 
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java?rev=1765463&r1=1765462&r2=1765463&view=diff
==============================================================================
--- 
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java
 (original)
+++ 
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java
 Tue Oct 18 15:20:57 2016
@@ -22,6 +22,7 @@ package org.apache.wss4j.dom.validate;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.Collection;
+import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 import org.apache.wss4j.common.crypto.Crypto;
@@ -106,13 +107,18 @@ public class SignatureTrustValidator imp
         //
         Collection<Pattern> subjectCertConstraints = 
data.getSubjectCertConstraints();
         Collection<Pattern> issuerCertConstraints = data.getIssuerDNPatterns();
-        crypto.verifyTrust(certificates, enableRevocation, 
subjectCertConstraints,issuerCertConstraints);
+        crypto.verifyTrust(certificates, enableRevocation, 
subjectCertConstraints);
         if (LOG.isDebugEnabled()) {
             String subjectString = 
certificates[0].getSubjectX500Principal().getName();
             LOG.debug(
                 "Certificate path has been verified for certificate with 
subject " + subjectString
             );
         }
+        
+        // Now verify Issuer DN constraints
+        if (!matchesIssuerDnPattern(certificates[0], issuerCertConstraints)) {
+            throw new 
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
+        }
     }
 
     /**
@@ -124,4 +130,54 @@ public class SignatureTrustValidator imp
         crypto.verifyTrust(publicKey);
     }
 
+    
+    /**
+     * @return      true if the certificate's Issuer DN matches the 
constraints defined in the
+     *              subject DNConstraints; false, otherwise. The certificate 
subject DN only
+     *              has to match ONE of the subject cert constraints (not all).
+     */
+    protected boolean
+    matchesIssuerDnPattern(
+        final X509Certificate cert, final Collection<Pattern> issuerDNPatterns
+    ) {
+        if (cert == null) {
+            LOG.debug("The certificate is null so no constraints matching was 
possible");
+            return false;
+        }
+        String issuerDn = cert.getIssuerDN().getName();
+        return matchesName(issuerDn, issuerDNPatterns);
+    }
+    
+    /**
+     * @return      true if the provided name matches the constraints defined 
in the
+     *              subject DNConstraints; false, otherwise. The certificate 
(subject) DN only
+     *              has to match ONE of the (subject) cert constraints (not 
all).
+     */
+    private boolean
+    matchesName(
+        final String name, final Collection<Pattern> patterns
+    ) {
+        if (patterns != null && !patterns.isEmpty()) {
+            if (name == null || name.isEmpty()) {
+                LOG.debug("The name is null so no constraints matching was 
possible");
+                return false;
+            }
+            boolean subjectMatch = false;
+            for (Pattern subjectDNPattern : patterns) {
+                final Matcher matcher = subjectDNPattern.matcher(name);
+                if (matcher.matches()) {
+                    if (LOG.isDebugEnabled()) {
+                        LOG.debug("Name " + name + " matches with pattern " + 
subjectDNPattern);
+                    }
+                    subjectMatch = true;
+                    break;
+                }
+            }
+            if (!subjectMatch) {
+                return false;
+            }
+        }
+
+        return true;
+    }
 }

Modified: 
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java?rev=1765463&r1=1765462&r2=1765463&view=diff
==============================================================================
--- 
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java
 (original)
+++ 
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java
 Tue Oct 18 15:20:57 2016
@@ -26,6 +26,7 @@ import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.Collection;
 import java.util.List;
+import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 import javax.crypto.spec.SecretKeySpec;
@@ -56,6 +57,9 @@ import org.opensaml.saml.common.SAMLVers
 
 public class SamlSecurityTokenImpl extends AbstractInboundSecurityToken 
implements SamlSecurityToken {
 
+    private static final transient org.slf4j.Logger LOG =
+        org.slf4j.LoggerFactory.getLogger(SamlSecurityTokenImpl.class);
+                                          
     private final SamlAssertionWrapper samlAssertionWrapper;
     private InboundSecurityToken subjectSecurityToken;
     private Crypto crypto;
@@ -212,7 +216,12 @@ public class SamlSecurityTokenImpl exten
                     issuerCertConstraints = 
securityProperties.getIssuerDNConstraints();
 
                 }
-                crypto.verifyTrust(x509Certificates, enableRevocation, 
subjectCertConstraints, issuerCertConstraints);
+                crypto.verifyTrust(x509Certificates, enableRevocation, 
subjectCertConstraints);
+                
+                // Now verify Issuer DN constraints
+                if (!matchesIssuerDnPattern(x509Certificates[0], 
issuerCertConstraints)) {
+                    throw new 
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
+                }
             }
             PublicKey publicKey = getPublicKey();
             if (publicKey != null) {
@@ -220,6 +229,56 @@ public class SamlSecurityTokenImpl exten
             }
         }
     }
+    
+    /**
+     * @return      true if the certificate's Issuer DN matches the 
constraints defined in the
+     *              subject DNConstraints; false, otherwise. The certificate 
subject DN only
+     *              has to match ONE of the subject cert constraints (not all).
+     */
+    protected boolean
+    matchesIssuerDnPattern(
+        final X509Certificate cert, final Collection<Pattern> issuerDNPatterns
+    ) {
+        if (cert == null) {
+            LOG.debug("The certificate is null so no constraints matching was 
possible");
+            return false;
+        }
+        String issuerDn = cert.getIssuerDN().getName();
+        return matchesName(issuerDn, issuerDNPatterns);
+    }
+    
+    /**
+     * @return      true if the provided name matches the constraints defined 
in the
+     *              subject DNConstraints; false, otherwise. The certificate 
(subject) DN only
+     *              has to match ONE of the (subject) cert constraints (not 
all).
+     */
+    private boolean
+    matchesName(
+        final String name, final Collection<Pattern> patterns
+    ) {
+        if (patterns != null && !patterns.isEmpty()) {
+            if (name == null || name.isEmpty()) {
+                LOG.debug("The name is null so no constraints matching was 
possible");
+                return false;
+            }
+            boolean subjectMatch = false;
+            for (Pattern subjectDNPattern : patterns) {
+                final Matcher matcher = subjectDNPattern.matcher(name);
+                if (matcher.matches()) {
+                    if (LOG.isDebugEnabled()) {
+                        LOG.debug("Name " + name + " matches with pattern " + 
subjectDNPattern);
+                    }
+                    subjectMatch = true;
+                    break;
+                }
+            }
+            if (!subjectMatch) {
+                return false;
+            }
+        }
+
+        return true;
+    }
 
     @Override
     public WSSecurityTokenConstants.TokenType getTokenType() {

Modified: 
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SecurityTokenImpl.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SecurityTokenImpl.java?rev=1765463&r1=1765462&r2=1765463&view=diff
==============================================================================
--- 
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SecurityTokenImpl.java
 (original)
+++ 
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SecurityTokenImpl.java
 Tue Oct 18 15:20:57 2016
@@ -119,8 +119,63 @@ public abstract class X509SecurityTokenI
                 subjectCertConstraints = 
securityProperties.getSubjectCertConstraints();
                 issuerCertConstraints = 
securityProperties.getIssuerDNConstraints();
             }
-            getCrypto().verifyTrust(x509Certificates, enableRevocation, 
subjectCertConstraints, issuerCertConstraints);
+            getCrypto().verifyTrust(x509Certificates, enableRevocation, 
subjectCertConstraints);
+            
+            // Now verify Issuer DN constraints
+            if (!matchesIssuerDnPattern(x509Certificates[0], 
issuerCertConstraints)) {
+                throw new 
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
+            }
+        }
+    }
+    
+    /**
+     * @return      true if the certificate's Issuer DN matches the 
constraints defined in the
+     *              subject DNConstraints; false, otherwise. The certificate 
subject DN only
+     *              has to match ONE of the subject cert constraints (not all).
+     */
+    protected boolean
+    matchesIssuerDnPattern(
+        final X509Certificate cert, final Collection<Pattern> issuerDNPatterns
+    ) {
+        if (cert == null) {
+            LOG.debug("The certificate is null so no constraints matching was 
possible");
+            return false;
         }
+        String issuerDn = cert.getIssuerDN().getName();
+        return matchesName(issuerDn, issuerDNPatterns);
+    }
+    
+    /**
+     * @return      true if the provided name matches the constraints defined 
in the
+     *              subject DNConstraints; false, otherwise. The certificate 
(subject) DN only
+     *              has to match ONE of the (subject) cert constraints (not 
all).
+     */
+    private boolean
+    matchesName(
+        final String name, final Collection<Pattern> patterns
+    ) {
+        if (patterns != null && !patterns.isEmpty()) {
+            if (name == null || name.isEmpty()) {
+                LOG.debug("The name is null so no constraints matching was 
possible");
+                return false;
+            }
+            boolean subjectMatch = false;
+            for (Pattern subjectDNPattern : patterns) {
+                final Matcher matcher = subjectDNPattern.matcher(name);
+                if (matcher.matches()) {
+                    if (LOG.isDebugEnabled()) {
+                        LOG.debug("Name " + name + " matches with pattern " + 
subjectDNPattern);
+                    }
+                    subjectMatch = true;
+                    break;
+                }
+            }
+            if (!subjectMatch) {
+                return false;
+            }
+        }
+
+        return true;
     }
 
     /**

Modified: 
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java?rev=1765463&r1=1765462&r2=1765463&view=diff
==============================================================================
--- 
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
 (original)
+++ 
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
 Tue Oct 18 15:20:57 2016
@@ -405,7 +405,7 @@ public class OutboundWSSec {
         // Check for Revocation
         if (securityProperties.isEnableRevocation() && x509Certificates != 
null) {
             Crypto crypto = securityProperties.getEncryptionCrypto();
-            crypto.verifyTrust(x509Certificates, true, null, null);
+            crypto.verifyTrust(x509Certificates, true, null);
         }
 
         // Create a new outbound EncryptedKey token for the cert


Reply via email to