You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2010/04/16 12:35:25 UTC

[jira] Assigned: (WSS-227) CryptoBase.getPrivateKey() unable to handle empty (null) passwords

     [ https://issues.apache.org/jira/browse/WSS-227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh reassigned WSS-227:
---------------------------------------

    Assignee: Colm O hEigeartaigh  (was: Ruchith Udayanga Fernando)

> CryptoBase.getPrivateKey() unable to handle empty (null) passwords
> ------------------------------------------------------------------
>
>                 Key: WSS-227
>                 URL: https://issues.apache.org/jira/browse/WSS-227
>             Project: WSS4J
>          Issue Type: Bug
>    Affects Versions: 1.5.8
>         Environment: java version "1.6.0_17"
> Java(TM) SE Runtime Environment (build 1.6.0_17-b04)
> Java HotSpot(TM) Client VM (build 14.3-b01, mixed mode, sharing)
>            Reporter: Paul Rogalinski
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.5.9, 1.6
>
>   Original Estimate: 0.08h
>  Remaining Estimate: 0.08h
>
> While working with SoapUI 3.5 I came across a possible bug where CryptoBase.getPrivateKey() is unable to return a private key when the keystore is not protected by a password.
> CryptoBase.java:261
> Key keyTmp = keystore.getKey(alias, password.toCharArray()); 
> proposed fix:
> Key keyTmp = keystore.getKey(alias, password == null ? new char[]{} : password.toCharArray());
> I do also realize that one could argue the issue to be SoapUI's fault, fix on that side would be to pass an empty string to the corresponding methods instead of the null value. In my opinion fixing it in the wss4j core seems to be more appropriate. 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org