You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Thomas Leonard (JIRA)" <ji...@apache.org> on 2006/08/01 15:43:14 UTC
[jira] Created: (WSS-52) ArrayIndexOutOfBoundsException if
certs.length > 1
ArrayIndexOutOfBoundsException if certs.length > 1
--------------------------------------------------
Key: WSS-52
URL: http://issues.apache.org/jira/browse/WSS-52
Project: WSS4J
Issue Type: Bug
Reporter: Thomas Leonard
Assigned To: Davanum Srinivas
In WSHandler.java we have (revision 427569):
X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
// Then add the first certificate ...
x509certs[0] = cert;
// ... and the other certificates
for (int j = 0; j < certs.length; j++) {
cert = certs[i];
x509certs[certs.length + j] = cert;
}
So, the highest index available in x509certs is "certs.length", while the highest index we write to is "certs.length * 2 - 1".
This code will only work if certs.length < 2.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Updated: (WSS-52) ArrayIndexOutOfBoundsException if
certs.length > 1
Posted by "Thomas Leonard (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/WSS-52?page=all ]
Thomas Leonard updated WSS-52:
------------------------------
Attachment: wshandler2.patch
Presumably this is what was meant. It is exactly equivalent to the old code in the only previously-working case of certs.length == 1.
> ArrayIndexOutOfBoundsException if certs.length > 1
> --------------------------------------------------
>
> Key: WSS-52
> URL: http://issues.apache.org/jira/browse/WSS-52
> Project: WSS4J
> Issue Type: Bug
> Reporter: Thomas Leonard
> Assigned To: Davanum Srinivas
> Attachments: wshandler2.patch
>
>
> In WSHandler.java we have (revision 427569):
> X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
> // Then add the first certificate ...
> x509certs[0] = cert;
> // ... and the other certificates
> for (int j = 0; j < certs.length; j++) {
> cert = certs[i];
> x509certs[certs.length + j] = cert;
> }
> So, the highest index available in x509certs is "certs.length", while the highest index we write to is "certs.length * 2 - 1".
> This code will only work if certs.length < 2.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-52) ArrayIndexOutOfBoundsException if
certs.length > 1
Posted by "Ruchith Udayanga Fernando (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12590027#action_12590027 ]
Ruchith Udayanga Fernando commented on WSS-52:
----------------------------------------------
IIRC I removed it coz it caused some issues when verifying trust of a cert that was issued by a CA in the cacerts list.
However we need to have the cert in the cert chain when we very trust of the chain. Not just the issuer cert chain.
Let me double check the scenario and fix it!
Thanks,
Ruchith
> ArrayIndexOutOfBoundsException if certs.length > 1
> --------------------------------------------------
>
> Key: WSS-52
> URL: https://issues.apache.org/jira/browse/WSS-52
> Project: WSS4J
> Issue Type: Bug
> Reporter: Thomas Leonard
> Attachments: wshandler2.patch
>
>
> In WSHandler.java we have (revision 427569):
> X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
> // Then add the first certificate ...
> x509certs[0] = cert;
> // ... and the other certificates
> for (int j = 0; j < certs.length; j++) {
> cert = certs[i];
> x509certs[certs.length + j] = cert;
> }
> So, the highest index available in x509certs is "certs.length", while the highest index we write to is "certs.length * 2 - 1".
> This code will only work if certs.length < 2.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Resolved: (WSS-52) ArrayIndexOutOfBoundsException if
certs.length > 1
Posted by "Ruchith Udayanga Fernando (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ruchith Udayanga Fernando resolved WSS-52.
------------------------------------------
Resolution: Fixed
Fixed in revision : 649134
> ArrayIndexOutOfBoundsException if certs.length > 1
> --------------------------------------------------
>
> Key: WSS-52
> URL: https://issues.apache.org/jira/browse/WSS-52
> Project: WSS4J
> Issue Type: Bug
> Reporter: Thomas Leonard
> Attachments: wshandler2.patch
>
>
> In WSHandler.java we have (revision 427569):
> X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
> // Then add the first certificate ...
> x509certs[0] = cert;
> // ... and the other certificates
> for (int j = 0; j < certs.length; j++) {
> cert = certs[i];
> x509certs[certs.length + j] = cert;
> }
> So, the highest index available in x509certs is "certs.length", while the highest index we write to is "certs.length * 2 - 1".
> This code will only work if certs.length < 2.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Updated: (WSS-52) ArrayIndexOutOfBoundsException if
certs.length > 1
Posted by "Thomas Leonard (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/WSS-52?page=all ]
Thomas Leonard updated WSS-52:
------------------------------
Attachment: wshandler2.patch
Presumably this is what was meant. It is exactly equivalent to the old code in the only previously-working case of certs.length == 1.
> ArrayIndexOutOfBoundsException if certs.length > 1
> --------------------------------------------------
>
> Key: WSS-52
> URL: http://issues.apache.org/jira/browse/WSS-52
> Project: WSS4J
> Issue Type: Bug
> Reporter: Thomas Leonard
> Assigned To: Davanum Srinivas
> Attachments: wshandler2.patch
>
>
> In WSHandler.java we have (revision 427569):
> X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
> // Then add the first certificate ...
> x509certs[0] = cert;
> // ... and the other certificates
> for (int j = 0; j < certs.length; j++) {
> cert = certs[i];
> x509certs[certs.length + j] = cert;
> }
> So, the highest index available in x509certs is "certs.length", while the highest index we write to is "certs.length * 2 - 1".
> This code will only work if certs.length < 2.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-52) ArrayIndexOutOfBoundsException if
certs.length > 1
Posted by "Fabien KOCIK (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12500594 ]
Fabien KOCIK commented on WSS-52:
---------------------------------
I think Falk is right.
I modified WSS4J in this way :
// First, create new array
X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
// Then add the first certificate ...
x509certs[0] = cert;
// ... and the other certificates
for (int j = 0; j < certs.length; j++) {
cert = certs[j];
x509certs[j+1] = cert;
}
certs = x509certs;
This code works fine with a certs.length == 2.
> ArrayIndexOutOfBoundsException if certs.length > 1
> --------------------------------------------------
>
> Key: WSS-52
> URL: https://issues.apache.org/jira/browse/WSS-52
> Project: WSS4J
> Issue Type: Bug
> Reporter: Thomas Leonard
> Assignee: Davanum Srinivas
> Attachments: wshandler2.patch
>
>
> In WSHandler.java we have (revision 427569):
> X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
> // Then add the first certificate ...
> x509certs[0] = cert;
> // ... and the other certificates
> for (int j = 0; j < certs.length; j++) {
> cert = certs[i];
> x509certs[certs.length + j] = cert;
> }
> So, the highest index available in x509certs is "certs.length", while the highest index we write to is "certs.length * 2 - 1".
> This code will only work if certs.length < 2.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-52) ArrayIndexOutOfBoundsException if
certs.length > 1
Posted by "Falk Bauer (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/WSS-52?page=comments#action_12426876 ]
Falk Bauer commented on WSS-52:
-------------------------------
It is right that your provided solution patchs one issue in this code-snippet.
But i think there is another issue at this place:
The certificate path (as an array) has to be build to verify the trust of the given certificate in the message.
The first cert in the cert-array has to be the cert which was given in the message.
The followings certs have to be the certs which have hierachically signed the given certificate up to a root-ca.
But the code above adds the same cert again and again to the path-array:
**********************************
cert = certs[i] //in the cert-variable there is always the same certificate
x509certs[j + 1] = cert //for every loop the same cert is added into the path-array.
**********************************
So i think there is a typo in the assignment of the cert-variable and the code should be written in the following way:
**********************************
cert = certs[j]
**********************************
In this way all the given certificates will be added into the path-array for later validation in the described way.
> ArrayIndexOutOfBoundsException if certs.length > 1
> --------------------------------------------------
>
> Key: WSS-52
> URL: http://issues.apache.org/jira/browse/WSS-52
> Project: WSS4J
> Issue Type: Bug
> Reporter: Thomas Leonard
> Assigned To: Davanum Srinivas
> Attachments: wshandler2.patch
>
>
> In WSHandler.java we have (revision 427569):
> X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
> // Then add the first certificate ...
> x509certs[0] = cert;
> // ... and the other certificates
> for (int j = 0; j < certs.length; j++) {
> cert = certs[i];
> x509certs[certs.length + j] = cert;
> }
> So, the highest index available in x509certs is "certs.length", while the highest index we write to is "certs.length * 2 - 1".
> This code will only work if certs.length < 2.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Updated: (WSS-52) ArrayIndexOutOfBoundsException if
certs.length > 1
Posted by "Fred Dushin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Fred Dushin updated WSS-52:
---------------------------
Fix Version/s: 1.5.4
> ArrayIndexOutOfBoundsException if certs.length > 1
> --------------------------------------------------
>
> Key: WSS-52
> URL: https://issues.apache.org/jira/browse/WSS-52
> Project: WSS4J
> Issue Type: Bug
> Reporter: Thomas Leonard
> Fix For: 1.5.4
>
> Attachments: wshandler2.patch
>
>
> In WSHandler.java we have (revision 427569):
> X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
> // Then add the first certificate ...
> x509certs[0] = cert;
> // ... and the other certificates
> for (int j = 0; j < certs.length; j++) {
> cert = certs[i];
> x509certs[certs.length + j] = cert;
> }
> So, the highest index available in x509certs is "certs.length", while the highest index we write to is "certs.length * 2 - 1".
> This code will only work if certs.length < 2.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-52) ArrayIndexOutOfBoundsException if
certs.length > 1
Posted by "Falk Bauer (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/WSS-52?page=comments#action_12426876 ]
Falk Bauer commented on WSS-52:
-------------------------------
It is right that your provided solution patchs one issue in this code-snippet.
But i think there is another issue at this place:
The certificate path (as an array) has to be build to verify the trust of the given certificate in the message.
The first cert in the cert-array has to be the cert which was given in the message.
The followings certs have to be the certs which have hierachically signed the given certificate up to a root-ca.
But the code above adds the same cert again and again to the path-array:
**********************************
cert = certs[i] //in the cert-variable there is always the same certificate
x509certs[j + 1] = cert //for every loop the same cert is added into the path-array.
**********************************
So i think there is a typo in the assignment of the cert-variable and the code should be written in the following way:
**********************************
cert = certs[j]
**********************************
In this way all the given certificates will be added into the path-array for later validation in the described way.
> ArrayIndexOutOfBoundsException if certs.length > 1
> --------------------------------------------------
>
> Key: WSS-52
> URL: http://issues.apache.org/jira/browse/WSS-52
> Project: WSS4J
> Issue Type: Bug
> Reporter: Thomas Leonard
> Assigned To: Davanum Srinivas
> Attachments: wshandler2.patch
>
>
> In WSHandler.java we have (revision 427569):
> X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
> // Then add the first certificate ...
> x509certs[0] = cert;
> // ... and the other certificates
> for (int j = 0; j < certs.length; j++) {
> cert = certs[i];
> x509certs[certs.length + j] = cert;
> }
> So, the highest index available in x509certs is "certs.length", while the highest index we write to is "certs.length * 2 - 1".
> This code will only work if certs.length < 2.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-52) ArrayIndexOutOfBoundsException if
certs.length > 1
Posted by "Fred Dushin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12587722#action_12587722 ]
Fred Dushin commented on WSS-52:
--------------------------------
The code in question was removed at r525249:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?p2=%2Fwebservices%2Fwss4j%2Ftrunk%2Fsrc%2Forg%2Fapache%2Fws%2Fsecurity%2Fhandler%2FWSHandler.java&p1=%2Fwebservices%2Fwss4j%2Ftrunk%2Fsrc%2Forg%2Fapache%2Fws%2Fsecurity%2Fhandler%2FWSHandler.java&r1=525249&r2=525248&view=diff&pathrev=525249
which involved closure of WSS-71
Ruchith, would you have any idea of whether the functionality that was removed was replaced with anything in Merlin? If so, perhaps this bug can be closed?
> ArrayIndexOutOfBoundsException if certs.length > 1
> --------------------------------------------------
>
> Key: WSS-52
> URL: https://issues.apache.org/jira/browse/WSS-52
> Project: WSS4J
> Issue Type: Bug
> Reporter: Thomas Leonard
> Attachments: wshandler2.patch
>
>
> In WSHandler.java we have (revision 427569):
> X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
> // Then add the first certificate ...
> x509certs[0] = cert;
> // ... and the other certificates
> for (int j = 0; j < certs.length; j++) {
> cert = certs[i];
> x509certs[certs.length + j] = cert;
> }
> So, the highest index available in x509certs is "certs.length", while the highest index we write to is "certs.length * 2 - 1".
> This code will only work if certs.length < 2.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Updated: (WSS-52) ArrayIndexOutOfBoundsException if
certs.length > 1
Posted by "Davanum Srinivas (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Davanum Srinivas updated WSS-52:
--------------------------------
Assignee: (was: Davanum Srinivas)
> ArrayIndexOutOfBoundsException if certs.length > 1
> --------------------------------------------------
>
> Key: WSS-52
> URL: https://issues.apache.org/jira/browse/WSS-52
> Project: WSS4J
> Issue Type: Bug
> Reporter: Thomas Leonard
> Attachments: wshandler2.patch
>
>
> In WSHandler.java we have (revision 427569):
> X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
> // Then add the first certificate ...
> x509certs[0] = cert;
> // ... and the other certificates
> for (int j = 0; j < certs.length; j++) {
> cert = certs[i];
> x509certs[certs.length + j] = cert;
> }
> So, the highest index available in x509certs is "certs.length", while the highest index we write to is "certs.length * 2 - 1".
> This code will only work if certs.length < 2.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org