[prev in list] [next in list] [prev in thread] [next in thread]
List: webservices-general
Subject: [jira] [Updated] (WSS-676) CertificateStore should support ALIAS CryptoType
From: "Lasha Kvatashydze (Jira)" <jira () apache ! org>
Date: 2020-07-15 15:59:00
Message-ID: JIRA.13316964.1594828528000.67595.1594828740204 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/WSS-676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
Lasha Kvatashydze updated WSS-676:
----------------------------------
Description:
Certificate store should try to retrieve X509 Certificates using ALIAS. Not \
SUBJECT_DN, for CryptoType.TYPE.ALIAS {code:java}
public X509Certificate[] getX509Certificates(CryptoType cryptoType) throws \
WSSecurityException { if (cryptoType == null) {
return null;
}
CryptoType.TYPE type = cryptoType.getType();
X509Certificate[] certs = null;
switch (type) {
case ISSUER_SERIAL:
certs = getX509Certificates(cryptoType.getIssuer(), cryptoType.getSerial());
break;
case THUMBPRINT_SHA1:
certs = getX509Certificates(cryptoType.getBytes());
break;
case SKI_BYTES:
certs = getX509CertificatesSKI(cryptoType.getBytes());
break;
case ALIAS:
case SUBJECT_DN:
certs = getX509CertificatesSubjectDN(cryptoType.getSubjectDN());
break;
case ENDPOINT:
break;
}
return certs;
}{code}
The issue is visible when:
{{org.apache.wss4j.dom.message.WSSecEncrypt.prepare(Crypto crypto) }}
is being used. It builds *CryptoType* object and can provide *ALIAS* type, leading \
to: {code:java}
java.lang.NullPointerException: provided null name at
java.base/javax.security.auth.x500.X500Principal.<init>(X500Principal.java:172) at \
java.base/javax.security.auth.x500.X500Principal.<init>(X500Principal.java:128) at \
org.apache.wss4j.common.crypto.CertificateStore.getX509CertificatesSubjectDN(CertificateStore.java:431) \
at org.apache.wss4j.common.crypto.CertificateStore.getX509Certificates(CertificateStore.java:92) \
at org.apache.wss4j.dom.message.WSSecEncrypt.prepare(WSSecEncrypt.java:139) at \
org.apache.wss4j.dom.message.WSSecEncrypt.build(WSSecEncrypt.java:172){code}
was:
Certificate store should try to retrieve X509 Certificates using ALIAS. Not \
SUBJECT_DN, for CryptoType.TYPE.ALIAS {code:java}
public X509Certificate[] getX509Certificates(CryptoType cryptoType) throws \
WSSecurityException { if (cryptoType == null) {
return null;
}
CryptoType.TYPE type = cryptoType.getType();
X509Certificate[] certs = null;
switch (type) {
case ISSUER_SERIAL:
certs = getX509Certificates(cryptoType.getIssuer(), cryptoType.getSerial());
break;
case THUMBPRINT_SHA1:
certs = getX509Certificates(cryptoType.getBytes());
break;
case SKI_BYTES:
certs = getX509CertificatesSKI(cryptoType.getBytes());
break;
case ALIAS:
case SUBJECT_DN:
certs = getX509CertificatesSubjectDN(cryptoType.getSubjectDN());
break;
case ENDPOINT:
break;
}
return certs;
}{code}
The issue is visible when:
{{org.apache.wss4j.dom.message.WSSecEncrypt.prepare(Crypto crypto) }}
is being used. It builds *CryptoType* object and can provide either \
*ENDPOINT_KEY_IDENTIFIER* or *ALIAS*, leading to: {code:java}
java.lang.NullPointerException: provided null name at
java.base/javax.security.auth.x500.X500Principal.<init>(X500Principal.java:172) at \
java.base/javax.security.auth.x500.X500Principal.<init>(X500Principal.java:128) at \
org.apache.wss4j.common.crypto.CertificateStore.getX509CertificatesSubjectDN(CertificateStore.java:431) \
at org.apache.wss4j.common.crypto.CertificateStore.getX509Certificates(CertificateStore.java:92) \
at org.apache.wss4j.dom.message.WSSecEncrypt.prepare(WSSecEncrypt.java:139) at \
org.apache.wss4j.dom.message.WSSecEncrypt.build(WSSecEncrypt.java:172){code}
> CertificateStore should support ALIAS CryptoType
> ------------------------------------------------
>
> Key: WSS-676
> URL: https://issues.apache.org/jira/browse/WSS-676
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 2.3.0
> Reporter: Lasha Kvatashydze
> Assignee: Colm O hEigeartaigh
> Priority: Major
>
> Certificate store should try to retrieve X509 Certificates using ALIAS. Not \
> SUBJECT_DN, for CryptoType.TYPE.ALIAS {code:java}
> public X509Certificate[] getX509Certificates(CryptoType cryptoType) throws \
> WSSecurityException { if (cryptoType == null) {
> return null;
> }
> CryptoType.TYPE type = cryptoType.getType();
> X509Certificate[] certs = null;
> switch (type) {
> case ISSUER_SERIAL:
> certs = getX509Certificates(cryptoType.getIssuer(), cryptoType.getSerial());
> break;
> case THUMBPRINT_SHA1:
> certs = getX509Certificates(cryptoType.getBytes());
> break;
> case SKI_BYTES:
> certs = getX509CertificatesSKI(cryptoType.getBytes());
> break;
> case ALIAS:
> case SUBJECT_DN:
> certs = getX509CertificatesSubjectDN(cryptoType.getSubjectDN());
> break;
> case ENDPOINT:
> break;
> }
> return certs;
> }{code}
> The issue is visible when:
> {{org.apache.wss4j.dom.message.WSSecEncrypt.prepare(Crypto crypto) }}
> is being used. It builds *CryptoType* object and can provide *ALIAS* type, leading \
> to: {code:java}
> java.lang.NullPointerException: provided null name at
> java.base/javax.security.auth.x500.X500Principal.<init>(X500Principal.java:172) at \
> java.base/javax.security.auth.x500.X500Principal.<init>(X500Principal.java:128) at \
> org.apache.wss4j.common.crypto.CertificateStore.getX509CertificatesSubjectDN(CertificateStore.java:431) \
> at org.apache.wss4j.common.crypto.CertificateStore.getX509Certificates(CertificateStore.java:92) \
> at org.apache.wss4j.dom.message.WSSecEncrypt.prepare(WSSecEncrypt.java:139) at \
> org.apache.wss4j.dom.message.WSSecEncrypt.build(WSSecEncrypt.java:172){code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic