You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by co...@apache.org on 2014/04/22 18:14:48 UTC

svn commit: r1589193 - /santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java

Author: coheigea
Date: Tue Apr 22 16:14:47 2014
New Revision: 1589193

URL: http://svn.apache.org/r1589193
Log:
Check X.509 Certificate first in case we have multiple KeyInfo children

Modified:
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1589193&r1=1589192&r2=1589193&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java Tue Apr 22 16:14:47 2014
@@ -54,6 +54,13 @@ public class SecurityTokenFactoryImpl ex
                                           XMLSecurityProperties securityProperties,
                                           InboundSecurityContext inboundSecurityContext) throws XMLSecurityException {
         if (keyInfoType != null) {
+            // X509Data
+            final X509DataType x509DataType =
+                    XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_X509Data);
+            if (x509DataType != null) {
+                return getSecurityToken(x509DataType, securityProperties, inboundSecurityContext, keyUsage);
+            }
+            
             // KeyValue
             final KeyValueType keyValueType
                     = XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_KeyValue);
@@ -70,13 +77,6 @@ public class SecurityTokenFactoryImpl ex
                 setTokenKey(securityProperties, keyUsage, token);
                 return token;
             }
-
-            // X509Data
-            final X509DataType x509DataType =
-                    XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_X509Data);
-            if (x509DataType != null) {
-                return getSecurityToken(x509DataType, securityProperties, inboundSecurityContext, keyUsage);
-            }
         }
 
         // Use a default key if it exists