Description
Prior and following the implementation of #1419 and #135. There is still an edge case whereby the following WARN'ing happens:
WARN - org.apache.wss4j.common.crypto.CryptoBase - No Subject DN Certificate Constraints were defined. This could be a security issue
This happens with both pre-4.1.0 and post 4.1.0 versions.
Investigating, this appears to be with the way that the following verifyCertificateTrust method creates a new RequestData object that does not passthrough the signatureSubjectDnPatterns like the initializeRequestData and initializeValidationRequestData methods do as fixed in #1419?
With pre-4.1.0, a solution has been taken to override the verifyCertificateTrust method with the same body but then passthrough the required fields from the RequestData generated from an overridden initializeValidationRequestData method using a configuration Singleton bean.
The ideal is that the library propagates this down through to this RequestData, or the initializeValidationRequestData returned RequestData is reused. MessageContext does not appear within the verifyCertificateTrust method at present, but could potentially be passed through from (