A valid CA certificate in my keystore throws an exception since the wss4j code
is not properly parsing a valid certificate
Merlin.java
validateCertPath
does:
public boolean validateCertPath(X509Certificate[] certs) throws
WSSecurityException {
...
// Add certificates from the keystore
Enumeration aliases = this.keystore.aliases();
while (aliases.hasMoreElements()) {
String alias = (String) aliases.nextElement();
X509Certificate cert =
(X509Certificate) this.keystore.getCertificate(alias);
TrustAnchor anchor =
new TrustAnchor(cert,
cert.getExtensionValue(NAME_CONSTRAINTS_OID));
set.add(anchor);
}
...
The issue is that cert.getExtensionValue bytes must be parsed prior to sending
to TrustAnchor since it is valid to have the name constraints wrapped as an
OCTET_STRING
So the code should look like this:
byte[] ba = cert.getExtensionValue(NAME_CONSTRAINTS_OID);
if (ba != null && ba[0] == 0x04) // if ba is wrapped
ba =
((org.bouncycastle.asn1.ANS1OctetString)org.bouncycastle.asn1.ASN1Object.fromByteArray(ba)).getOctets();
TrustAnchor anchor = new TrustAnchor(cert, ba);
Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox.
Learn more.
_________________________________________________________________
Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1
