Renu created WSS-498:
------------------------
Summary: Retrieving of public key from certificates in missing for
signed results in compare credential method of
org.apache.wss4j.dom.saml.DOMSAMLUtil
Key: WSS-498
URL: https://issues.apache.org/jira/browse/WSS-498
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 2.0.0
Reporter: Renu
Assignee: Colm O hEigeartaigh
org.apache.wss4j.dom.saml.DOMSAMLUtil compareCredentials , there is a check to
compare the certificates , public key and secret key. There might be a case
when client signed results contain public key and subjectKeyInfo contains
certificate. There should be an additional check the retreive the public key
from certificate whenever public key is null
"if(subjectPublicKey == null && subjectCerts != null && subjectCerts.length> 0){
subjectPublicKey = subjectCerts[0].getPublicKey();}"
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
