From 23d5748d6820f2cacb76db0ba4b91a331bd2738c Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Tue, 4 Mar 2025 20:15:44 +0200 Subject: [PATCH] Fix thread-safety by creating a new DigestCalculator each time SubjectCertificateNotRevokedValidator.getCertificateId() is called WE2-1068 Signed-off-by: Mart Somermaa --- .../certvalidators/SubjectCertificateNotRevokedValidator.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/eu/webeid/security/validator/certvalidators/SubjectCertificateNotRevokedValidator.java b/src/main/java/eu/webeid/security/validator/certvalidators/SubjectCertificateNotRevokedValidator.java index fb339579..bf3e649b 100644 --- a/src/main/java/eu/webeid/security/validator/certvalidators/SubjectCertificateNotRevokedValidator.java +++ b/src/main/java/eu/webeid/security/validator/certvalidators/SubjectCertificateNotRevokedValidator.java @@ -60,7 +60,6 @@ public final class SubjectCertificateNotRevokedValidator { private static final Logger LOG = LoggerFactory.getLogger(SubjectCertificateNotRevokedValidator.class); - private static final DigestCalculator DIGEST_CALCULATOR = DigestCalculatorImpl.sha1(); private final SubjectCertificateTrustedValidator trustValidator; private final OcspClient ocspClient; @@ -197,7 +196,8 @@ private static void checkNonce(OCSPReq request, BasicOCSPResp response) throws U private static CertificateID getCertificateId(X509Certificate subjectCertificate, X509Certificate issuerCertificate) throws CertificateEncodingException, IOException, OCSPException { final BigInteger serial = subjectCertificate.getSerialNumber(); - return new CertificateID(DIGEST_CALCULATOR, + final DigestCalculator digestCalculator = DigestCalculatorImpl.sha1(); + return new CertificateID(digestCalculator, new X509CertificateHolder(issuerCertificate.getEncoded()), serial); }