[prev in list] [next in list] [prev in thread] [next in thread]
List: wss4j-dev
Subject: cvs commit: ws-wss4j/src/org/apache/ws/security WSSecurityEngine.java
From: dims () apache ! org
Date: 2005-08-23 15:33:10
Message-ID: 20050823153310.69947.qmail () minotaur ! apache ! org
[Download RAW message or body]
dims 2005/08/23 08:33:10
Modified: src/org/apache/ws/security WSSecurityEngine.java
Log:
Bug reported by Thilo Frotscher <thilo.frotscher@web.de> in email with message id \
(430B3AD5.1020507@web.de>)
Revision Changes Path
1.49 +5 -5 ws-wss4j/src/org/apache/ws/security/WSSecurityEngine.java
Index: WSSecurityEngine.java
===================================================================
RCS file: /home/cvs/ws-wss4j/src/org/apache/ws/security/WSSecurityEngine.java,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- WSSecurityEngine.java 18 Aug 2005 14:35:00 -0000 1.48
+++ WSSecurityEngine.java 23 Aug 2005 15:33:10 -0000 1.49
@@ -791,11 +791,11 @@
}
/**
- * Check the UsernameToken element. Depending on the password type
+ * Check the UsernameToken element. Depending on the password type
* contained in the element the processing differs. If the password type
* is password digest (a hashed password) then process the password
* commpletely here. Use the callback class to get a stored password
- * perform hash algorithm and compare the result with the transmitted
+ * perform hash algorithm and compare the result with the transmitted
* password.
* <p/>
* If the password is of type password text or any other yet unknown
@@ -804,7 +804,7 @@
* the callback class via the WSPasswordCallback object. To distinguish
* from digested usernam token the usage parameter of WSPasswordCallback
* is set to <code>USERNAME_TOKEN_UNKNOWN</code>
- *
+ *
* @param token the DOM element that contains the UsernameToken
* @param cb the refernce to the callback object
* @return WSUsernameTokenPrincipal that contain data that an application
@@ -817,7 +817,7 @@
String password = ut.getPassword();
String nonce = ut.getNonce();
String createdTime = ut.getCreated();
- String pwType = ut.getPasswordType();
+ String pwType = ut.getPasswordType();
if (doDebug) {
log.debug("UsernameToken user " + user);
log.debug("UsernameToken password " + password);
@@ -1022,7 +1022,7 @@
*/
else if (secRef.containsKeyIdentifier()) {
X509Certificate[] certs = secRef.getKeyIdentifier(crypto);
- if (certs == null || certs.length != 1 || certs[0] == null) {
+ if (certs == null || certs.length < 1 || certs[0] == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"invalidX509Data", new Object[]{"for decryption \
(KeyId)"}); }
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic