[
https://issues.apache.org/jira/browse/WSS-18?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh closed WSS-18.
----------------------------------
> WSSecurityEngine can't deal with signed certs
> ---------------------------------------------
>
> Key: WSS-18
> URL: https://issues.apache.org/jira/browse/WSS-18
> Project: WSS4J
> Issue Type: Bug
> Reporter: Thilo Frotscher
> Assignee: Davanum Srinivas
> Priority: Critical
>
> I think that I found a bug in class WSSecurityEngine, method
> handleEncryptedKey(Element, CallbackHandler, Crypto, Private Key)
> (appox at line 1042)
>
> Current code:
> ===========
> else if (secRef.containsKeyIdentifier()) {
> X509Certificate[] certs = secRef.getKeyIdentifier(crypto);
> if (certs == null || certs.length !=1 || certs[0] == null) {
> throw new WSSecurityException...
> ...
> }
>
> If I use certs that were signed by a CA, the array "certs" contains more than
> one element, e.g. the user's cert plus the cert of the CA.
> In this case certs.length != 1 and an exception is thrown. However, I don't
> think that this is an error. In my opinion the line should read
> if (certs == null || certs.length < 1 || certs[0] == null) {
>
> i.e. throw an exception if there is no cert in the array - don't throw an
> exception if there's more than one cert in the array.
> I had to patch WSS4J 1.0.0 this way to make my application work. Please
> consider to change this for the next official release.
> Thanks.
> Thilo
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
