security WSSecurityEngine.java

dims Tue, 23 Aug 2005 08:33:13 -0700

dims        2005/08/23 08:33:10

  Modified:    src/org/apache/ws/security WSSecurityEngine.java
  Log:
  Bug reported by Thilo Frotscher <[EMAIL PROTECTED]> in email with message id 
([EMAIL PROTECTED]>)
  
  Revision  Changes    Path
  1.49      +5 -5      ws-wss4j/src/org/apache/ws/security/WSSecurityEngine.java
  
  Index: WSSecurityEngine.java
  ===================================================================
  RCS file: 
/home/cvs/ws-wss4j/src/org/apache/ws/security/WSSecurityEngine.java,v
  retrieving revision 1.48
  retrieving revision 1.49
  diff -u -r1.48 -r1.49
  --- WSSecurityEngine.java     18 Aug 2005 14:35:00 -0000      1.48
  +++ WSSecurityEngine.java     23 Aug 2005 15:33:10 -0000      1.49
  @@ -791,11 +791,11 @@
       }
   
       /**
  -     * Check the UsernameToken element. Depending on the password type 
  +     * Check the UsernameToken element. Depending on the password type
        * contained in the element the processing differs. If the password type
        * is password digest (a hashed password) then process the password
        * commpletely here. Use the callback class to get a stored password
  -     * perform hash algorithm and compare the result with the transmitted 
  +     * perform hash algorithm and compare the result with the transmitted
        * password.
        * <p/>
        * If the password is of type password text or any other yet unknown
  @@ -804,7 +804,7 @@
        * the callback class via the WSPasswordCallback object. To distinguish
        * from digested usernam token the usage parameter of WSPasswordCallback
        * is set to <code>USERNAME_TOKEN_UNKNOWN</code>
  -     * 
  +     *
        * @param token the DOM element that contains the UsernameToken
        * @param cb the refernce to the callback object
        * @return WSUsernameTokenPrincipal that contain data that an application
  @@ -817,7 +817,7 @@
           String password = ut.getPassword();
           String nonce = ut.getNonce();
           String createdTime = ut.getCreated();
  -        String pwType = ut.getPasswordType(); 
  +        String pwType = ut.getPasswordType();
           if (doDebug) {
               log.debug("UsernameToken user " + user);
               log.debug("UsernameToken password " + password);
  @@ -1022,7 +1022,7 @@
                   */
                   else if (secRef.containsKeyIdentifier()) {
                       X509Certificate[] certs = 
secRef.getKeyIdentifier(crypto);
  -                    if (certs == null || certs.length != 1 || certs[0] == 
null) {
  +                    if (certs == null || certs.length < 1 || certs[0] == 
null) {
                           throw new 
WSSecurityException(WSSecurityException.FAILURE,
                                   "invalidX509Data", new Object[]{"for 
decryption (KeyId)"});
                       }


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: ws-wss4j/src/org/apache/ws/security WSSecurityEngine.java

Reply via email to