You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2014/05/09 15:57:25 UTC
svn commit: r1593539 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java
Author: coheigea
Date: Fri May 9 13:57:25 2014
New Revision: 1593539
URL: http://svn.apache.org/r1593539
Log:
Fixing expiry tests
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?rev=1593539&r1=1593538&r2=1593539&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java Fri May 9 13:57:25 2014
@@ -39,7 +39,9 @@ import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
@@ -804,6 +806,17 @@ public class Merlin extends CryptoBase {
// to ensure against phony DNs (compare encoded form including signature)
//
if (foundCerts != null && foundCerts[0] != null && foundCerts[0].equals(certs[0])) {
+ try {
+ certs[0].checkValidity();
+ } catch (CertificateExpiredException e) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILED_CHECK, "invalidCert", e
+ );
+ } catch (CertificateNotYetValidException e) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILED_CHECK, "invalidCert", e
+ );
+ }
if (LOG.isDebugEnabled()) {
LOG.debug(
"Direct trust for certificate with " + certs[0].getSubjectX500Principal().getName()
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java?rev=1593539&r1=1593538&r2=1593539&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java Fri May 9 13:57:25 2014
@@ -337,9 +337,13 @@ public class SignatureCertTest extends o
//
// Verify the signature
//
- // TODO Failure expected after expiry
WSSecurityEngine newEngine = new WSSecurityEngine();
- newEngine.processSecurityHeader(doc, null, null, cryptoCA);
+ try {
+ newEngine.processSecurityHeader(doc, null, null, cryptoCA);
+ fail("Failure expected on an expired cert");
+ } catch (WSSecurityException ex) {
+ // expected
+ }
}
@org.junit.Test
@@ -372,9 +376,13 @@ public class SignatureCertTest extends o
//
// Verify the signature
//
- // TODO Failure expected after expiry
WSSecurityEngine newEngine = new WSSecurityEngine();
- newEngine.processSecurityHeader(doc, null, null, clientCrypto);
+ try {
+ newEngine.processSecurityHeader(doc, null, null, clientCrypto);
+ fail("Failure expected on an expired cert");
+ } catch (WSSecurityException ex) {
+ // expected
+ }
}
/**