[prev in list] [next in list] [prev in thread] [next in thread]
List: woden-dev
Subject: [jira] [Created] (WSS-341) the "FIRST step" check in SignatureTrustValidator.verifyTrustInCert ignor
From: "Freeman Fang (Created) (JIRA)" <jira () apache ! org>
Date: 2012-02-17 2:21:59
Message-ID: 1670236106.49333.1329445319659.JavaMail.tomcat () hel ! zones ! apache ! org
[Download RAW message or body]
the "FIRST step" check in SignatureTrustValidator.verifyTrustInCert ignore the \
enableRevocation status
------------------------------------------------------------------------------------------------------
Key: WSS-341
URL: https://issues.apache.org/jira/browse/WSS-341
Project: WSS4J
Issue Type: Bug
Reporter: Freeman Fang
Assignee: Colm O hEigeartaigh
currently it's
if (isCertificateInKeyStore(crypto, cert)) {
return true;
}
However if the crypto has keystore, then the cert must be in it, so it always return \
true in this case, so it can't reach the crypto.verifyTrust(x509certs, \
enableRevocation) to check with the revocation.
The SignatureCRLTest can't cover this case because the Merlin crypto it passed in \
only have truststore, we need check enableRevocation first before we check \
isCertificateInKeyStore(crypto, cert)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: \
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more \
information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic