Author: coheigea
Date: Fri May 10 15:06:45 2013
New Revision: 1481045
URL: http://svn.apache.org/r1481045
Log:
Allow SKI Referencing for the RequireKeyIdentifierReference case
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java?rev=1481045&r1=1481044&r2=1481045&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java
Fri May 10 15:06:45 2013
@@ -76,7 +76,8 @@ public class X509TokenAssertionState ext
}
}
if (x509Token.isRequireKeyIdentifierReference() &&
-
!WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier.equals(securityToken.getKeyIdentifier()))
{
+
!(WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier.equals(securityToken.getKeyIdentifier())
+ ||
WSSecurityTokenConstants.KeyIdentifier_SkiKeyIdentifier.equals(securityToken.getKeyIdentifier())))
{
setErrorMessage("Policy enforces KeyIdentifierReference but we
got " + securityToken.getKeyIdentifier());
return false;
} else if (x509Token.isRequireIssuerSerialReference() &&
