Version
2.14.0
Bug description
Writing an OpenSshCertificate to a Buffer and then reading it back from there corrupts the OpenSshCertificate.getMessage(), which is supposed to be the bytes signed by the signature.
Buffer.getPublicKey(() simply sets the message to all bytes read so far since offset zero. This is may include bytes before the raw public key. This renders getMessage() useless as it cannot be used for verifying the signature.
Actual behavior
After
OpenSshCertificate initial = ...;
Buffer buf = new ByteArrayBuffer();
buf.putPublicKey(initial);
PublicKey readBack = buf.getPublicKey();
readBack.getMessage() would contain the extra 4 bytes for the overall public key length and signature verification of the readBack certificate fails if getMessage() is used.
Expected behavior
getMessage() correctly returns exactly the bytes of the raw certificate (including the key_type string), minus the signature.
Relevant log output
No response
Other information
No response
Version
2.14.0
Bug description
Writing an
OpenSshCertificateto aBufferand then reading it back from there corrupts theOpenSshCertificate.getMessage(), which is supposed to be the bytes signed by the signature.Buffer.getPublicKey(()simply sets the message to all bytes read so far since offset zero. This is may include bytes before the raw public key. This rendersgetMessage()useless as it cannot be used for verifying the signature.Actual behavior
After
readBack.getMessage()would contain the extra 4 bytes for the overall public key length and signature verification of thereadBackcertificate fails ifgetMessage()is used.Expected behavior
getMessage()correctly returns exactly the bytes of the raw certificate (including the key_type string), minus the signature.Relevant log output
No response
Other information
No response