'[jira] Resolved: (WSS-18) WSSecurityEngine can't deal with signed certs'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wss4j-dev
Subject:    [jira] Resolved: (WSS-18) WSSecurityEngine can't deal with signed certs
From:       "Davanum Srinivas (JIRA)" <jira () apache ! org>
Date:       2005-08-24 2:46:08
Message-ID: 1421182472.1124851568884.JavaMail.jira () ajax ! apache ! org
[Download RAW message or body]

     [ http://issues.apache.org/jira/browse/WSS-18?page=all ]
     
Davanum Srinivas resolved WSS-18:
---------------------------------

    Resolution: Fixed

Fixed (http://article.gmane.org/gmane.comp.apache.webservices.fx.devel/3213)

thanks,
dims

> WSSecurityEngine can't deal with signed certs
> ---------------------------------------------
> 
> Key: WSS-18
> URL: http://issues.apache.org/jira/browse/WSS-18
> Project: WSS4J
> Type: Bug
> Reporter: Thilo Frotscher
> Assignee: Davanum Srinivas
> Priority: Critical

> 
> I think that I found a bug in class WSSecurityEngine, method
> handleEncryptedKey(Element, CallbackHandler, Crypto, Private Key)
> (appox at line 1042)
> 
> Current code:
> =========== 
> else if (secRef.containsKeyIdentifier()) {
> X509Certificate[] certs = secRef.getKeyIdentifier(crypto);
> if (certs == null || certs.length !=1 || certs[0] == null) {
> throw new WSSecurityException...
> ...
> }
> 
> If I use certs that were signed by a CA, the array "certs" contains more than one \
> element, e.g. the user's cert plus the cert of the CA.  In this case certs.length \
> != 1 and an exception is thrown. However, I don't think that this is an error. In \
> my opinion the line should read if (certs == null || certs.length < 1 || certs[0] \
> == null) { 
> i.e. throw an exception if there is no cert in the array - don't throw an exception \
> if there's more than one cert in the array. I had to patch WSS4J 1.0.0 this way to \
> make my application work. Please consider to change this for the next official \
> release. Thanks.
> Thilo

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic