Hello,
I think that I found a bug in class WSSecurityEngine, method
handleEncryptedKey(Element, CallbackHandler, Crypto, Private Key)
(appox line 1042)
Current code:
else if (secRef.containsKeyIdentifier()) {
X509Certificate[] certs = secRef.getKeyIdentifier(crypto);
if (certs == null || certs.length !=1 || certs[0] == null) {
throw new WSSecurityException...
...
}
If I use certs that were signed by a CA, the array "certs"
contains more than one element, e.g. the user's cert plus
the cert of the CA. In this case certs.length != 1 and an
exception is thrown. However, I don't think that this is
an error. In my opinion the line should read
if (certs == null || certs.length < 1 || certs[0] == null) {
I had to patch WSS4J 1.0.0 this way to make my application
work. Please consider to change this for the next official
release.
BTW: when will WSS4J 1.0.1 be available?
Thanks,
Thilo
