You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by co...@apache.org on 2013/09/10 11:57:40 UTC

svn commit: r1521415 - /cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java

Author: coheigea
Date: Tue Sep 10 09:57:40 2013
New Revision: 1521415

URL: http://svn.apache.org/r1521415
Log:
Always validate CertPath

Modified:
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java

Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java?rev=1521415&r1=1521414&r2=1521415&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java (original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java Tue Sep 10 09:57:40 2013
@@ -83,14 +83,15 @@ public class TrustedAuthorityValidator i
             CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
             CertPath certPath = builder.build(pkixParams).getCertPath();
             
-            // Now validate the CertPath including CRL checking
+            // Now validate the CertPath (including CRL checking)
             if (!crls.isEmpty()) {
                 pkixParams.setRevocationEnabled(true);
                 CertStoreParameters crlParams = new CollectionCertStoreParameters(crls);
                 pkixParams.addCertStore(CertStore.getInstance("Collection", crlParams));
-                CertPathValidator validator = CertPathValidator.getInstance("PKIX");
-                validator.validate(certPath, pkixParams);
             }
+            
+            CertPathValidator validator = CertPathValidator.getInstance("PKIX");
+            validator.validate(certPath, pkixParams);
         } catch (InvalidAlgorithmParameterException e) {
             throw new RuntimeException(e);
         } catch (NoSuchAlgorithmException e) {