[WSS-498] Retrieving of public key from certificates in missing for signed results in compare credential method of org.apache.wss4j.dom.saml.DOMSAMLUtil - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.0.0
Component/s: WSS4J Core
Labels:
None

Description

org.apache.wss4j.dom.saml.DOMSAMLUtil compareCredentials , there is a check to compare the certificates , public key and secret key. There might be a case when client signed results contain public key and subjectKeyInfo contains certificate. There should be an additional check the retreive the public key from certificate whenever public key is null
"if(subjectPublicKey == null && subjectCerts != null && subjectCerts.length> 0)

{ subjectPublicKey = subjectCerts[0].getPublicKey();}

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

DOMSAMLUtil.java
24/Apr/14 04:52
10 kB
Renu

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Renu

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 24/Apr/14 04:50

Updated:: 06/May/14 09:10

Resolved:: 24/Apr/14 14:49