Fixed bug in verification that fails any time a bad CA is in the keystore.
authorcantor <cantor@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 2 Sep 2002 08:31:38 +0000 (08:31 +0000)
committercantor <cantor@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 2 Sep 2002 08:31:38 +0000 (08:31 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@273 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/common/ShibPOSTProfile.java

index 4b49098..68c372c 100755 (executable)
@@ -393,10 +393,10 @@ public class ShibPOSTProfile
                         Certificate cacert = ks.getCertificate(alias);
                         if (!(cacert instanceof X509Certificate))
                             continue;
-                        ((X509Certificate)cacert).checkValidity();
                         if (iname.equals(((X509Certificate)cacert).getSubjectDN().getName()))
                         {
                             cert.verify(cacert.getPublicKey());
+                            ((X509Certificate)cacert).checkValidity();
                             return true;
                         }
                     }