You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by gr...@apache.org on 2020/04/06 22:54:43 UTC
[kudu] 01/02: [security] KUDU-3106 update on
getEndpointChannelBindings()
This is an automated email from the ASF dual-hosted git repository.
granthenke pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
commit 5bc210ba7d1243f31c2fa211faefad707f9d286d
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Mon Apr 6 14:15:11 2020 -0700
[security] KUDU-3106 update on getEndpointChannelBindings()
Fixed an issue with SecurityUtil::getEndpointChannelBindings() when Java
security provider converts the certificate signature algorithm's name
to the upper case. At least, the upper-case conversion behavior was
observed when using BouncyCastle 1.65.
Change-Id: Ia788d6d72cfee7958e9db7293740aa22ede8fabd
Reviewed-on: http://gerrit.cloudera.org:8080/15664
Tested-by: Kudu Jenkins
Reviewed-by: Grant Henke <gr...@apache.org>
---
.../kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java b/java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java
index cab4f1f..11e2cfc 100644
--- a/java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java
+++ b/java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java
@@ -138,12 +138,13 @@ public abstract class SecurityUtil {
"can only handle X509 certs");
X509Certificate x509 = (X509Certificate)cert;
String sigAlg = x509.getSigAlgName();
+ String sigAlgUpper = sigAlg.toUpperCase(Locale.ENGLISH);
// The signature algorithm name is a string like 'SHA256withRSA'.
// There's no API available to actually find just the digest algorithm,
// so we resort to some hackery.
- String[] components = sigAlg.split("with", 2);
- String digestAlg = CERT_DIGEST_TO_MESSAGE_DIGEST.get(components[0].toUpperCase(Locale.ENGLISH));
+ String[] components = sigAlgUpper.split("WITH", 2);
+ String digestAlg = CERT_DIGEST_TO_MESSAGE_DIGEST.get(components[0]);
if (digestAlg == null) {
// RFC 5929: if the certificate's signatureAlgorithm uses no hash functions or
// uses multiple hash functions, then this channel binding type's channel