Problems verifying trusted certs if provider not specified in properties
------------------------------------------------------------------------
Key: WSS-165
URL: https://issues.apache.org/jira/browse/WSS-165
Project: WSS4J
Issue Type: Bug
Reporter: Daniel Kulp
Assignee: Daniel Kulp
Fix For: 1.5.6
If keystore/cert providers are not specified in the properties file, the
verifyTrust call can fail even if the certs are valid.
In my case, the keystore ended up as BouncyCastle being the provider.
However, when the X509Cert was created in BinarySecurityTokenProcessor, the
call to load the certificate called to CryptoBase.getCertificateFactory() which
resulted in a Sun factory being returned. The cert couldn't then be verified
for trust.
If I force the provider to be either Sun or BC, it's fine as the certs are
properly compatible.
Relatedly, if the static certFact in CryptoBase is of the "wrong" provider (I
use Sun for some keys and BC for others to work around bugs in either
processor), it will return the wrong factory. The factory provider should be
checked to make sure it's compatible.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
