sanketdesale / google-apps-sso-sample

Automatically exported from code.google.com/p/google-apps-sso-sample
Apache License 2.0
0 stars 0 forks source link

Util.getPublicKey/getPrivateKey sometimes reads a truncated DSA key #19

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Util.getPublicKey/getPrivateKey uses this code to read the DSA keys from an
InputStream:

   byte[] bytes = new byte[pubKey.available()];
   pubKey.read(bytes);
   pubKey.close();

This only works if the whole key contents are available().
It does not work if the buffer is too small.
In my case, it did not work, and only a truncated key was read.

Worst thing, this produced no error, but a "working" DSA key pair.
Of course, the signature could not be verified.

Please fix this to read the whole contents of the stream,
see for example Commons IO IOUtils.toByteArray(InputStream)

Original issue reported on code.google.com by thilopl...@googlemail.com on 23 May 2009 at 12:31