the "FIRST step" check in SignatureTrustValidator.verifyTrustInCert ignore the
enableRevocation status
------------------------------------------------------------------------------------------------------
Key: WSS-341
URL: https://issues.apache.org/jira/browse/WSS-341
Project: WSS4J
Issue Type: Bug
Reporter: Freeman Fang
Assignee: Colm O hEigeartaigh
currently it's
if (isCertificateInKeyStore(crypto, cert)) {
return true;
}
However if the crypto has keystore, then the cert must be in it, so it always
return true in this case, so it can't reach the
crypto.verifyTrust(x509certs, enableRevocation) to check with the revocation.
The SignatureCRLTest can't cover this case because the Merlin crypto it passed
in only have truststore, we need check enableRevocation first before we check
isCertificateInKeyStore(crypto, cert)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For additional commands, e-mail: dev-h...@ws.apache.org
