[ https://issues.apache.org/jira/browse/WSS-341?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated WSS-341: ------------------------------------ Affects Version/s: 1.6.4 Fix Version/s: 1.6.5 > the "FIRST step" check in SignatureTrustValidator.verifyTrustInCert ignore > the enableRevocation status > ------------------------------------------------------------------------------------------------------ > > Key: WSS-341 > URL: https://issues.apache.org/jira/browse/WSS-341 > Project: WSS4J > Issue Type: Bug > Affects Versions: 1.6.4 > Reporter: Freeman Fang > Assignee: Colm O hEigeartaigh > Fix For: 1.6.5 > > Attachments: WSS-341.patch > > > currently it's > if (isCertificateInKeyStore(crypto, cert)) { > return true; > } > However if the crypto here has keystore, then if cert is in it, it will > return true in this case, so it can't reach the > crypto.verifyTrust(x509certs, enableRevocation) later to check with the > revocation. This logic is wrong in case the cert is in keystore but already > get revoked. > The SignatureCRLTest can't cover this case because the CA Merlin crypto it > passed in only have truststore, we need check enableRevocation first before > we check isCertificateInKeyStore(crypto, cert) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org