cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alessio Soldano (Assigned) (JIRA)" <>
Subject [jira] [Assigned] (CXF-4028) X509TokenValidator uses signature-crypto-provider instead of encryption-crypto-provider
Date Mon, 06 Feb 2012 18:05:59 GMT


Alessio Soldano reassigned CXF-4028:

    Assignee: Alessio Soldano
> X509TokenValidator uses signature-crypto-provider instead of encryption-crypto-provider
> ---------------------------------------------------------------------------------------
>                 Key: CXF-4028
>                 URL:
>             Project: CXF
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.5
>            Reporter: Jan Bernhardt
>            Assignee: Alessio Soldano
>   Original Estimate: 4h
>  Remaining Estimate: 4h
> I found a bug in X509TokenValidator class.
> There are two crypto handler which can be configured:
> <entry key="ws-security.signature.crypto" value-ref="..."/>
> <entry key="ws-security.encryption.crypto" value-ref="..."/>
> ws-security.signature.crypto is for my own signature, when sending messages, and to decrypt
messages, which have been send to me. (here is my private key)
> ws-security.encryption.crypto is for encrypting messages before sending and validating
of signatures in received messages. (here are all my trusted public keys/CAs)
> In X509TokenValidator the signature crypto provider is used to validate a received message
signature. But instead the encryption provider should be used! See line 101 in
> Crypto sigCrypto = stsProperties.getSignatureCrypto();
> There might be other sections which needs to be updated as well...
> Best regards
> Jan
> See post on the mailinglist regarding this topic also:

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message