You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ws.apache.org by co...@apache.org on 2014/06/18 16:25:28 UTC

svn commit: r1603461 - /webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java

Author: coheigea
Date: Wed Jun 18 14:25:28 2014
New Revision: 1603461

URL: http://svn.apache.org/r1603461
Log:
[WSS-504] - False control flow leading to warning "No Subject DN Certificate Constraints were defined. This could be a security issue"

Modified:
    webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java

Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java?rev=1603461&r1=1603460&r2=1603461&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java (original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java Wed Jun 18 14:25:28 2014
@@ -160,6 +160,10 @@ public class SignatureTrustValidator imp
                      + subjectString
                 );
             }
+            if (isCertificateInKeyStore(crypto, cert)) {
+                return true;
+            }
+
             Collection<Pattern> subjectCertConstraints = data.getSubjectCertConstraints();
             if (matches(cert, subjectCertConstraints)) {
                 return true;