[
https://issues.apache.org/jira/browse/WSS-227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh reassigned WSS-227:
---------------------------------------
Assignee: Colm O hEigeartaigh (was: Ruchith Udayanga Fernando)
> CryptoBase.getPrivateKey() unable to handle empty (null) passwords
> ------------------------------------------------------------------
>
> Key: WSS-227
> URL: https://issues.apache.org/jira/browse/WSS-227
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.8
> Environment: java version "1.6.0_17"
> Java(TM) SE Runtime Environment (build 1.6.0_17-b04)
> Java HotSpot(TM) Client VM (build 14.3-b01, mixed mode, sharing)
> Reporter: Paul Rogalinski
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.9, 1.6
>
> Original Estimate: 0.08h
> Remaining Estimate: 0.08h
>
> While working with SoapUI 3.5 I came across a possible bug where
> CryptoBase.getPrivateKey() is unable to return a private key when the
> keystore is not protected by a password.
> CryptoBase.java:261
> Key keyTmp = keystore.getKey(alias, password.toCharArray());
> proposed fix:
> Key keyTmp = keystore.getKey(alias, password == null ? new char[]{} :
> password.toCharArray());
> I do also realize that one could argue the issue to be SoapUI's fault, fix on
> that side would be to pass an empty string to the corresponding methods
> instead of the null value. In my opinion fixing it in the wss4j core seems to
> be more appropriate.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
