Fix the signatures done with the JCA provider using multiple updates

ebourg · Jun 7, 2024 · 7e69e26 · 7e69e26
1 parent 5a56502
commit 7e69e26
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 6 deletions.
diff --git a/jsign-crypto/src/main/java/net/jsign/jca/SigningServiceSignature.java b/jsign-crypto/src/main/java/net/jsign/jca/SigningServiceSignature.java
@@ -16,14 +16,15 @@
 
 package net.jsign.jca;
 
+import java.io.ByteArrayOutputStream;
 import java.security.GeneralSecurityException;
 import java.security.PrivateKey;
 import java.security.SignatureException;
 
 class SigningServiceSignature extends AbstractSignatureSpi {
 
     private SigningServicePrivateKey privateKey;
-    private byte[] data;
+    private ByteArrayOutputStream buffer = new ByteArrayOutputStream();
 
     public SigningServiceSignature(String signingAlgorithm) {
         super(signingAlgorithm);
@@ -36,14 +37,13 @@ protected void engineInitSign(PrivateKey privateKey) {
 
     @Override
     protected void engineUpdate(byte[] b, int off, int len) {
-        data = new byte[len];
-        System.arraycopy(b, off, data, 0, len);
+        buffer.write(b, off, len);
     }
 
     @Override
     protected byte[] engineSign() throws SignatureException {
         try {
-            return privateKey.getService().sign(privateKey, signingAlgorithm, data);
+            return privateKey.getService().sign(privateKey, signingAlgorithm, buffer.toByteArray());
         } catch (GeneralSecurityException e) {
             throw new SignatureException(e);
         }

diff --git a/jsign-crypto/src/test/java/net/jsign/jca/SigningServiceTest.java b/jsign-crypto/src/test/java/net/jsign/jca/SigningServiceTest.java
@@ -46,10 +46,20 @@ public void testCustomProvider(Provider signingProvider, KeyStore keystore, Stri
 
         Signature signature = Signature.getInstance("SHA256withRSA", signingProvider);
         signature.initSign((PrivateKey) key);
+        signature.update("Hello World".getBytes());
+        byte[] s1 = signature.sign();
+
+        assertNotNull("signature null", s1);
+
+        // test with multiple updates
+        signature = Signature.getInstance("SHA256withRSA", signingProvider);
+        signature.initSign((PrivateKey) key);
         signature.update("Hello".getBytes());
-        byte[] s = signature.sign();
+        signature.update(" ".getBytes());
+        signature.update("World".getBytes());
+        byte[] s2 = signature.sign();
 
-        assertNotNull("signature null", s);
+        assertArrayEquals("signature", s1, s2);
     }
 
     @Test