You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2014/06/18 16:25:28 UTC
svn commit: r1603461 -
/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java
Author: coheigea
Date: Wed Jun 18 14:25:28 2014
New Revision: 1603461
URL: http://svn.apache.org/r1603461
Log:
[WSS-504] - False control flow leading to warning "No Subject DN Certificate Constraints were defined. This could be a security issue"
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java
Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java?rev=1603461&r1=1603460&r2=1603461&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java (original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java Wed Jun 18 14:25:28 2014
@@ -160,6 +160,10 @@ public class SignatureTrustValidator imp
+ subjectString
);
}
+ if (isCertificateInKeyStore(crypto, cert)) {
+ return true;
+ }
+
Collection<Pattern> subjectCertConstraints = data.getSubjectCertConstraints();
if (matches(cert, subjectCertConstraints)) {
return true;