[prev in list] [next in list] [prev in thread] [next in thread] 

List:       woden-dev
Subject:    [jira] [Created] (WSS-341) the "FIRST step" check in SignatureTrustValidator.verifyTrustInCert ignor
From:       "Freeman Fang (Created) (JIRA)" <jira () apache ! org>
Date:       2012-02-17 2:21:59
Message-ID: 1670236106.49333.1329445319659.JavaMail.tomcat () hel ! zones ! apache ! org
[Download RAW message or body]

the "FIRST step" check in SignatureTrustValidator.verifyTrustInCert ignore the \
                enableRevocation status
------------------------------------------------------------------------------------------------------


                 Key: WSS-341
                 URL: https://issues.apache.org/jira/browse/WSS-341
             Project: WSS4J
          Issue Type: Bug
            Reporter: Freeman Fang
            Assignee: Colm O hEigeartaigh


currently it's
if (isCertificateInKeyStore(crypto, cert)) {
     return true;
}
However if the crypto has keystore, then the cert must be in it, so it always return \
true in this case, so it can't reach the  crypto.verifyTrust(x509certs, \
enableRevocation) to check with the revocation.

The SignatureCRLTest can't cover this case because the Merlin crypto it passed in \
only have truststore, we need check enableRevocation first before we check \
isCertificateInKeyStore(crypto, cert)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: \
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more \
information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]