You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by gr...@apache.org on 2020/04/06 22:54:43 UTC

[kudu] 01/02: [security] KUDU-3106 update on getEndpointChannelBindings()

This is an automated email from the ASF dual-hosted git repository.

granthenke pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git

commit 5bc210ba7d1243f31c2fa211faefad707f9d286d
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Mon Apr 6 14:15:11 2020 -0700

    [security] KUDU-3106 update on getEndpointChannelBindings()
    
    Fixed an issue with SecurityUtil::getEndpointChannelBindings() when Java
    security provider converts the certificate signature algorithm's name
    to the upper case.  At least, the upper-case conversion behavior was
    observed when using BouncyCastle 1.65.
    
    Change-Id: Ia788d6d72cfee7958e9db7293740aa22ede8fabd
    Reviewed-on: http://gerrit.cloudera.org:8080/15664
    Tested-by: Kudu Jenkins
    Reviewed-by: Grant Henke <gr...@apache.org>
---
 .../kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java b/java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java
index cab4f1f..11e2cfc 100644
--- a/java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java
+++ b/java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java
@@ -138,12 +138,13 @@ public abstract class SecurityUtil {
         "can only handle X509 certs");
     X509Certificate x509 = (X509Certificate)cert;
     String sigAlg = x509.getSigAlgName();
+    String sigAlgUpper = sigAlg.toUpperCase(Locale.ENGLISH);
 
     // The signature algorithm name is a string like 'SHA256withRSA'.
     // There's no API available to actually find just the digest algorithm,
     // so we resort to some hackery.
-    String[] components = sigAlg.split("with", 2);
-    String digestAlg = CERT_DIGEST_TO_MESSAGE_DIGEST.get(components[0].toUpperCase(Locale.ENGLISH));
+    String[] components = sigAlgUpper.split("WITH", 2);
+    String digestAlg = CERT_DIGEST_TO_MESSAGE_DIGEST.get(components[0]);
     if (digestAlg == null) {
       // RFC 5929: if the certificate's signatureAlgorithm uses no hash functions or
       // uses multiple hash functions, then this channel binding type's channel