CryptoBase.getPrivateKey() unable to handle empty (null) passwords
------------------------------------------------------------------
Key: WSS-227
URL: https://issues.apache.org/jira/browse/WSS-227
Project: WSS4J
Issue Type: Bug
Affects Versions: 1.5.8
Environment: java version "1.6.0_17"
Java(TM) SE Runtime Environment (build 1.6.0_17-b04)
Java HotSpot(TM) Client VM (build 14.3-b01, mixed mode, sharing)
Reporter: Paul Rogalinski
Assignee: Ruchith Udayanga Fernando
While working with SoapUI 3.5 I came across a possible bug where
CryptoBase.getPrivateKey() is unable to return a private key when the keystore
is not protected by a password.
CryptoBase.java:261
Key keyTmp = keystore.getKey(alias, password.toCharArray());
proposed fix:
Key keyTmp = keystore.getKey(alias, password == null ? new char[]{} :
password.toCharArray());
I do also realize that one could argue the issue to be SoapUI's fault, fix on
that side would be to pass an empty string to the corresponding methods instead
of the null value. In my opinion fixing it in the wss4j core seems to be more
appropriate.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
