cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1521415 - /cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java
Date Tue, 10 Sep 2013 09:57:40 GMT
Author: coheigea
Date: Tue Sep 10 09:57:40 2013
New Revision: 1521415

URL: http://svn.apache.org/r1521415
Log:
Always validate CertPath

Modified:
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java

Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java?rev=1521415&r1=1521414&r2=1521415&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java
(original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java
Tue Sep 10 09:57:40 2013
@@ -83,14 +83,15 @@ public class TrustedAuthorityValidator i
             CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
             CertPath certPath = builder.build(pkixParams).getCertPath();
             
-            // Now validate the CertPath including CRL checking
+            // Now validate the CertPath (including CRL checking)
             if (!crls.isEmpty()) {
                 pkixParams.setRevocationEnabled(true);
                 CertStoreParameters crlParams = new CollectionCertStoreParameters(crls);
                 pkixParams.addCertStore(CertStore.getInstance("Collection", crlParams));
-                CertPathValidator validator = CertPathValidator.getInstance("PKIX");
-                validator.validate(certPath, pkixParams);
             }
+            
+            CertPathValidator validator = CertPathValidator.getInstance("PKIX");
+            validator.validate(certPath, pkixParams);
         } catch (InvalidAlgorithmParameterException e) {
             throw new RuntimeException(e);
         } catch (NoSuchAlgorithmException e) {



Mime
View raw message