CryptoBase.getAliasForX509CertThumb calculates hash wrongly, could only match
first certificate correctly
---------------------------------------------------------------------------------------------------------
Key: WSS-330
URL: https://issues.apache.org/jira/browse/WSS-330
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 1.5.12
Reporter: Maxim Naidenov
Assignee: Colm O hEigeartaigh
Fix For: 1.5.13
The method CryptoBase.getAliasForX509CertThumb(byte[] thumb) does not calculate
the hash of certificates in the keystore correctly and could possibly match
only the first certificate.
This is because the SHA1 message digest is reset once:
sha = MessageDigest.getInstance("SHA-1");
sha.reset();
but is updated every time while enumerating over certificates in the keystore:
sha.update(cert.getEncoded());
byte[] data = sha.digest();
The fix would be to move the digest reset in the beginning of the enumeration
loop.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
