[
https://issues.apache.org/jira/browse/WSS-330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13168266#comment-13168266
]
Colm O hEigeartaigh commented on WSS-330:
-----------------------------------------
Hi Maxim,
According to:
http://docs.oracle.com/javase/1.5.0/docs/api/java/security/MessageDigest.html
"After digest has been called, the MessageDigest object is reset to its
initialized state. "
Therefore, I do not see any need to reset the MessageDigest object explicitly
each iteration of the loop.
Colm.
> CryptoBase.getAliasForX509CertThumb calculates hash wrongly, could only match
> first certificate correctly
> ---------------------------------------------------------------------------------------------------------
>
> Key: WSS-330
> URL: https://issues.apache.org/jira/browse/WSS-330
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.12
> Reporter: Maxim Naidenov
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.13
>
>
> The method CryptoBase.getAliasForX509CertThumb(byte[] thumb) does not
> calculate the hash of certificates in the keystore correctly and could
> possibly match only the first certificate.
> This is because the SHA1 message digest is reset once:
> sha = MessageDigest.getInstance("SHA-1");
> sha.reset();
> but is updated every time while enumerating over certificates in the keystore:
> sha.update(cert.getEncoded());
> byte[] data = sha.digest();
> The fix would be to move the digest reset in the beginning of the enumeration
> loop.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
