You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Lasha Kvatashydze (Jira)" <ji...@apache.org> on 2020/07/15 15:56:00 UTC
[jira] [Created] (WSS-676) CertificateStore should support ALIAS
CryptoType
Lasha Kvatashydze created WSS-676:
-------------------------------------
Summary: CertificateStore should support ALIAS CryptoType
Key: WSS-676
URL: https://issues.apache.org/jira/browse/WSS-676
Project: WSS4J
Issue Type: Bug
Affects Versions: 2.3.0
Reporter: Lasha Kvatashydze
Assignee: Colm O hEigeartaigh
Certificate store should try to retrieve X509 Certificates using ALIAS. Not SUBJECT_DN.
{code:java}
public X509Certificate[] getX509Certificates(CryptoType cryptoType) throws WSSecurityException {
if (cryptoType == null) {
return null;
}
CryptoType.TYPE type = cryptoType.getType();
X509Certificate[] certs = null;
switch (type) {
case ISSUER_SERIAL:
certs = getX509Certificates(cryptoType.getIssuer(), cryptoType.getSerial());
break;
case THUMBPRINT_SHA1:
certs = getX509Certificates(cryptoType.getBytes());
break;
case SKI_BYTES:
certs = getX509CertificatesSKI(cryptoType.getBytes());
break;
case ALIAS:
case SUBJECT_DN:
certs = getX509CertificatesSubjectDN(cryptoType.getSubjectDN());
break;
case ENDPOINT:
break;
}
return certs;
}{code}
The issue is visible when:
{{org.apache.wss4j.dom.message.WSSecEncrypt.prepare(Crypto crypto) }}
is being used. It builds *CryptoType* object and can provide either *ENDPOINT_KEY_IDENTIFIER* or *ALIAS*, leading to:
{code:java}
java.lang.NullPointerException: provided null name at
java.base/javax.security.auth.x500.X500Principal.<init>(X500Principal.java:172) at java.base/javax.security.auth.x500.X500Principal.<init>(X500Principal.java:128) at org.apache.wss4j.common.crypto.CertificateStore.getX509CertificatesSubjectDN(CertificateStore.java:431) at org.apache.wss4j.common.crypto.CertificateStore.getX509Certificates(CertificateStore.java:92) at org.apache.wss4j.dom.message.WSSecEncrypt.prepare(WSSecEncrypt.java:139) at org.apache.wss4j.dom.message.WSSecEncrypt.build(WSSecEncrypt.java:172){code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org