[
https://issues.apache.org/jira/browse/WSS-498?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved WSS-498.
-------------------------------------
Resolution: Fixed
> Retrieving of public key from certificates in missing for signed results in
> compare credential method of org.apache.wss4j.dom.saml.DOMSAMLUtil
> -----------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: WSS-498
> URL: https://issues.apache.org/jira/browse/WSS-498
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 2.0.0
> Reporter: Renu
> Assignee: Colm O hEigeartaigh
> Fix For: 2.0.0
>
> Attachments: DOMSAMLUtil.java
>
>
> org.apache.wss4j.dom.saml.DOMSAMLUtil compareCredentials , there is a check
> to compare the certificates , public key and secret key. There might be a
> case when client signed results contain public key and subjectKeyInfo
> contains certificate. There should be an additional check the retreive the
> public key from certificate whenever public key is null
> "if(subjectPublicKey == null && subjectCerts != null && subjectCerts.length>
> 0){
> subjectPublicKey = subjectCerts[0].getPublicKey();}"
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
