[WSS-227] CryptoBase.getPrivateKey() unable to handle empty (null) passwords - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.5.8
Fix Version/s: 1.5.9, 1.6
Component/s: None
Labels:
None
Environment:
java version "1.6.0_17"
Java(TM) SE Runtime Environment (build 1.6.0_17-b04)
Java HotSpot(TM) Client VM (build 14.3-b01, mixed mode, sharing)

Description

While working with SoapUI 3.5 I came across a possible bug where CryptoBase.getPrivateKey() is unable to return a private key when the keystore is not protected by a password.

CryptoBase.java:261
Key keyTmp = keystore.getKey(alias, password.toCharArray());

proposed fix:

Key keyTmp = keystore.getKey(alias, password == null ? new char[]{} : password.toCharArray());

I do also realize that one could argue the issue to be SoapUI's fault, fix on that side would be to pass an empty string to the corresponding methods instead of the null value. In my opinion fixing it in the wss4j core seems to be more appropriate.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Paul Rogalinski

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 29/Mar/10 14:35

Updated:: 16/Apr/10 10:46

Resolved:: 16/Apr/10 10:46

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified