the "FIRST step" check in SignatureTrustValidator.verifyTrustInCert ignore the enableRevocation status ------------------------------------------------------------------------------------------------------
Key: WSS-341 URL: https://issues.apache.org/jira/browse/WSS-341 Project: WSS4J Issue Type: Bug Reporter: Freeman Fang Assignee: Colm O hEigeartaigh currently it's if (isCertificateInKeyStore(crypto, cert)) { return true; } However if the crypto has keystore, then the cert must be in it, so it always return true in this case, so it can't reach the crypto.verifyTrust(x509certs, enableRevocation) to check with the revocation. The SignatureCRLTest can't cover this case because the Merlin crypto it passed in only have truststore, we need check enableRevocation first before we check isCertificateInKeyStore(crypto, cert) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org