You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Maxim Naidenov (Created) (JIRA)" <ji...@apache.org> on 2011/12/13 09:15:31 UTC
[jira] [Created] (WSS-330) CryptoBase.getAliasForX509CertThumb
calculates hash wrongly, could only match first certificate correctly
CryptoBase.getAliasForX509CertThumb calculates hash wrongly, could only match first certificate correctly
---------------------------------------------------------------------------------------------------------
Key: WSS-330
URL: https://issues.apache.org/jira/browse/WSS-330
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 1.5.12
Reporter: Maxim Naidenov
Assignee: Colm O hEigeartaigh
Fix For: 1.5.13
The method CryptoBase.getAliasForX509CertThumb(byte[] thumb) does not calculate the hash of certificates in the keystore correctly and could possibly match only the first certificate.
This is because the SHA1 message digest is reset once:
sha = MessageDigest.getInstance("SHA-1");
sha.reset();
but is updated every time while enumerating over certificates in the keystore:
sha.update(cert.getEncoded());
byte[] data = sha.digest();
The fix would be to move the digest reset in the beginning of the enumeration loop.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Commented] (WSS-330) CryptoBase.getAliasForX509CertThumb
calculates hash wrongly, could only match first certificate correctly
Posted by "Colm O hEigeartaigh (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13168266#comment-13168266 ]
Colm O hEigeartaigh commented on WSS-330:
-----------------------------------------
Hi Maxim,
According to:
http://docs.oracle.com/javase/1.5.0/docs/api/java/security/MessageDigest.html
"After digest has been called, the MessageDigest object is reset to its initialized state. "
Therefore, I do not see any need to reset the MessageDigest object explicitly each iteration of the loop.
Colm.
> CryptoBase.getAliasForX509CertThumb calculates hash wrongly, could only match first certificate correctly
> ---------------------------------------------------------------------------------------------------------
>
> Key: WSS-330
> URL: https://issues.apache.org/jira/browse/WSS-330
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.12
> Reporter: Maxim Naidenov
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.13
>
>
> The method CryptoBase.getAliasForX509CertThumb(byte[] thumb) does not calculate the hash of certificates in the keystore correctly and could possibly match only the first certificate.
> This is because the SHA1 message digest is reset once:
> sha = MessageDigest.getInstance("SHA-1");
> sha.reset();
> but is updated every time while enumerating over certificates in the keystore:
> sha.update(cert.getEncoded());
> byte[] data = sha.digest();
> The fix would be to move the digest reset in the beginning of the enumeration loop.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Closed] (WSS-330) CryptoBase.getAliasForX509CertThumb
calculates hash wrongly, could only match first certificate correctly
Posted by "Maxim Naidenov (Closed) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-330?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maxim Naidenov closed WSS-330.
------------------------------
Resolution: Not A Problem
Hi Colm,
you are right, seems I was too fast to write a bug report before doing a good old debug and especially carefully checking the certificates that are compared.
Sorry for taking your time.
Maxim
> CryptoBase.getAliasForX509CertThumb calculates hash wrongly, could only match first certificate correctly
> ---------------------------------------------------------------------------------------------------------
>
> Key: WSS-330
> URL: https://issues.apache.org/jira/browse/WSS-330
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.12
> Reporter: Maxim Naidenov
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.13
>
>
> The method CryptoBase.getAliasForX509CertThumb(byte[] thumb) does not calculate the hash of certificates in the keystore correctly and could possibly match only the first certificate.
> This is because the SHA1 message digest is reset once:
> sha = MessageDigest.getInstance("SHA-1");
> sha.reset();
> but is updated every time while enumerating over certificates in the keystore:
> sha.update(cert.getEncoded());
> byte[] data = sha.digest();
> The fix would be to move the digest reset in the beginning of the enumeration loop.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org