You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/10/05 00:47:26 UTC
git commit: [CXF-6032] - NullPointerException while validating cert
for SAML HOK
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes fdb5facca -> ac6a4c2d5
[CXF-6032] - NullPointerException while validating cert for SAML HOK
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ac6a4c2d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ac6a4c2d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ac6a4c2d
Branch: refs/heads/3.0.x-fixes
Commit: ac6a4c2d5d682595cd5722f94a8797bc3577c991
Parents: fdb5fac
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Sat Oct 4 23:47:01 2014 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Sat Oct 4 23:47:01 2014 +0100
----------------------------------------------------------------------
.../apache/cxf/sts/token/provider/DefaultSubjectProvider.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/ac6a4c2d/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
index 154ab7c..b04886d 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
@@ -21,8 +21,11 @@ package org.apache.cxf.sts.token.provider;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Collections;
import java.util.logging.Level;
import java.util.logging.Logger;
+import java.util.regex.Pattern;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -173,8 +176,9 @@ public class DefaultSubjectProvider implements SubjectProvider {
if (stsProperties.isValidateUseKey() && stsProperties.getSignatureCrypto() != null) {
if (receivedKey.getX509Cert() != null) {
try {
+ Collection<Pattern> constraints = Collections.emptyList();
stsProperties.getSignatureCrypto().verifyTrust(
- new X509Certificate[]{receivedKey.getX509Cert()}, false, null);
+ new X509Certificate[]{receivedKey.getX509Cert()}, false, constraints);
} catch (WSSecurityException e) {
LOG.log(Level.FINE, "Error in trust validation of UseKey: ", e);
throw new STSException("Error in trust validation of UseKey", STSException.REQUEST_FAILED);