search

AlexKovic / openid4java

Automatically exported from code.google.com/p/openid4java
Apache License 2.0
0 stars 0 forks source link

null string is signed instead of "" #47

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Trying to use cross implementations. (e.g. JanRain's PHP client with
your sample server)

What is the expected output? What do you see instead?
expected: correct signature during client side verification
output: bad signature

What version of the product are you using? On what operating system?
java-openid-sxip-0.9.4 [server] + php-openid-2.0.0 [client]
OS: Debian Linux

Please provide any additional information below.
That happens because null fields (e.g. claimed_id) are added as "null"
Strings. That's not a problem if client & server use the same
implementation, but I doubt it could work with any other.

My solution is: verify null value before adding it to the resulting String.
in AuthSuccess.getSignedText():
...
String value = getParameterValue("openid." + signedParams[i]);
if (value!=null)
  signedText.append(value);
...

Original issue reported on code.google.com by andrei.c...@gmail.com on 16 Jan 2008 at 7:51

GoogleCodeExporter commented 8 years ago 
Thanks for the patch! Fixed in rev 443.

Original comment by Johnny.B...@gmail.com on 22 Jan 2008 at 7:00