[ http://issues.apache.org/jira/browse/WSS-52?page=comments#action_12426876 ] Falk Bauer commented on WSS-52: -------------------------------
It is right that your provided solution patchs one issue in this code-snippet. But i think there is another issue at this place: The certificate path (as an array) has to be build to verify the trust of the given certificate in the message. The first cert in the cert-array has to be the cert which was given in the message. The followings certs have to be the certs which have hierachically signed the given certificate up to a root-ca. But the code above adds the same cert again and again to the path-array: ********************************** cert = certs[i] //in the cert-variable there is always the same certificate x509certs[j + 1] = cert //for every loop the same cert is added into the path-array. ********************************** So i think there is a typo in the assignment of the cert-variable and the code should be written in the following way: ********************************** cert = certs[j] ********************************** In this way all the given certificates will be added into the path-array for later validation in the described way. > ArrayIndexOutOfBoundsException if certs.length > 1 > -------------------------------------------------- > > Key: WSS-52 > URL: http://issues.apache.org/jira/browse/WSS-52 > Project: WSS4J > Issue Type: Bug > Reporter: Thomas Leonard > Assigned To: Davanum Srinivas > Attachments: wshandler2.patch > > > In WSHandler.java we have (revision 427569): > X509Certificate[] x509certs = new X509Certificate[certs.length + > 1]; > // Then add the first certificate ... > x509certs[0] = cert; > // ... and the other certificates > for (int j = 0; j < certs.length; j++) { > cert = certs[i]; > x509certs[certs.length + j] = cert; > } > So, the highest index available in x509certs is "certs.length", while the > highest index we write to is "certs.length * 2 - 1". > This code will only work if certs.length < 2. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
