[
https://issues.apache.org/jira/browse/WSS-165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daniel Kulp resolved WSS-165.
-----------------------------
Resolution: Fixed
> Problems verifying trusted certs if provider not specified in properties
> ------------------------------------------------------------------------
>
> Key: WSS-165
> URL: https://issues.apache.org/jira/browse/WSS-165
> Project: WSS4J
> Issue Type: Bug
> Reporter: Daniel Kulp
> Assignee: Daniel Kulp
> Fix For: 1.5.6
>
>
> If keystore/cert providers are not specified in the properties file, the
> verifyTrust call can fail even if the certs are valid.
> In my case, the keystore ended up as BouncyCastle being the provider.
> However, when the X509Cert was created in BinarySecurityTokenProcessor, the
> call to load the certificate called to CryptoBase.getCertificateFactory()
> which resulted in a Sun factory being returned. The cert couldn't then be
> verified for trust.
> If I force the provider to be either Sun or BC, it's fine as the certs are
> properly compatible.
> Relatedly, if the static certFact in CryptoBase is of the "wrong" provider (I
> use Sun for some keys and BC for others to work around bugs in either
> processor), it will return the wrong factory. The factory provider should
> be checked to make sure it's compatible.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
