You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by "Falk Bauer (JIRA)" <ji...@apache.org> on 2006/08/09 11:01:18 UTC

[jira] Commented: (WSS-52) ArrayIndexOutOfBoundsException if certs.length > 1

    [ http://issues.apache.org/jira/browse/WSS-52?page=comments#action_12426876 ] 
            
Falk Bauer commented on WSS-52:
-------------------------------

It is right that your provided solution patchs one issue in this code-snippet.
But i think there is another issue at this place:

The certificate path (as an array) has to be build to verify the trust of the given certificate in the message.
The first cert in the cert-array has to be the cert which was given in the message.
The followings certs have to be the certs which have hierachically signed the given certificate up to a root-ca.
But the code above adds the same cert again and again to the path-array:
**********************************
cert = certs[i] //in the cert-variable there is always the same certificate
x509certs[j + 1] = cert //for every loop the same cert is added into the path-array.
**********************************

So i think there is a typo in the assignment of the cert-variable and the code should be written in the following way:
**********************************
cert = certs[j]
**********************************
 In this way all the given certificates will be added into the path-array for later validation in the described way.

> ArrayIndexOutOfBoundsException if certs.length > 1
> --------------------------------------------------
>
>                 Key: WSS-52
>                 URL: http://issues.apache.org/jira/browse/WSS-52
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: Thomas Leonard
>         Assigned To: Davanum Srinivas
>         Attachments: wshandler2.patch
>
>
> In WSHandler.java we have (revision 427569):
>             X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
>             // Then add the first certificate ...
>             x509certs[0] = cert;
>             // ... and the other certificates
>             for (int j = 0; j < certs.length; j++) {
>                 cert = certs[i];
>                 x509certs[certs.length + j] = cert;
>             }
> So, the highest index available in x509certs is "certs.length", while the highest index we write to is "certs.length * 2 - 1".
> This code will only work if certs.length < 2.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org