Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-287

No longer use keystore for truststore purposes if the latter is explicitly specified.

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.6
    • Fix Version/s: 1.6.1
    • Component/s: None
    • Labels:
      None

      Description

      According to this blog entry: http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html

      Quote: "One final note - when building a validation chain to validate a received credential, WSS4J uses both the truststore and the keystore. This is for backwards compatibility reasons, where the user does not specify a truststore using the new config."

      Recommend switching this algorithm to not use the keystore for validation if the truststore is explicitly validated.

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            coheigea Colm O hEigeartaigh
            Reporter:
            gmazza Glen Mazza
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development