Merge pull request #16 from pavel-v-chernykh/fix-invalid-digest-issue

Fix invalid digest issue

.github/workflows/main.yaml

@@ -20,10 +20,10 @@ jobs:
       - name: Clone repository
         uses: actions/checkout@v2
       - name: Lint
-        uses: golangci/golangci-lint-action@v1.2.1
+        uses: golangci/golangci-lint-action@v2.2.0
         with:
           args: --timeout=5m0s -c .golangci.yaml
-          version: v1.27
+          version: v1.30
   test:
     name: Test
     runs-on: ubuntu-latest

.golangci.yaml

@@ -6,6 +6,7 @@ linters:
     - gochecknoglobals
     - funlen
     - goerr113
+    - gofumpt
 
 linters-settings:
   gomnd:

decoder.go

@@ -283,12 +283,13 @@ func Decode(r io.Reader, password []byte) (KeyStore, error) {
 		keyStore[alias] = entry
 	}
 
+	computedDigest := ksd.md.Sum(nil)
+
 	actualDigest, err := ksd.readBytes(uint32(ksd.md.Size()))
 	if err != nil {
 		return nil, fmt.Errorf("read digest: %w", err)
 	}
 
-	computedDigest := ksd.md.Sum(nil)
 	if !bytes.Equal(actualDigest, computedDigest) {
 		return nil, errors.New("got invalid digest")
 	}

decoder_test.go

@@ -5,11 +5,15 @@ import (
 	"crypto/rand"
 	"crypto/sha1"
 	"encoding/binary"
+	"encoding/pem"
 	"errors"
 	"fmt"
 	"io"
+	"io/ioutil"
+	"os"
 	"reflect"
 	"testing"
+	"time"
 )
 
 func TestReadUint16(t *testing.T) {
@@ -58,6 +62,7 @@ func TestReadUint16(t *testing.T) {
 			err:    nil,
 			hash:   sha1.Sum(buf),
 		})
+
 		return table
 	}()
 
@@ -129,6 +134,7 @@ func TestReadUint32(t *testing.T) {
 			err:    nil,
 			hash:   sha1.Sum(buf),
 		})
+
 		return table
 	}()
 
@@ -408,6 +414,7 @@ func TestReadCertificate(t *testing.T) {
 		})
 		table = append(table, func() readCertificateItem {
 			input := []byte{0, 0, 0, 0}
+
 			return readCertificateItem{
 				input:   input,
 				version: version01,
@@ -424,6 +431,7 @@ func TestReadCertificate(t *testing.T) {
 			byteOrder.PutUint16(buf, uint16(len(defaultCertificateType)))
 			buf = append(buf, []byte(defaultCertificateType)...)
 			buf = append(buf, 0, 0, 0, 0)
+
 			return readCertificateItem{
 				input:   buf,
 				version: version02,
@@ -440,6 +448,7 @@ func TestReadCertificate(t *testing.T) {
 			byteOrder.PutUint16(buf, uint16(len(defaultCertificateType)))
 			buf = append(buf, []byte(defaultCertificateType)...)
 			buf = append(buf, 0, 0, 0, 1)
+
 			return readCertificateItem{
 				input:   buf,
 				version: version02,
@@ -475,3 +484,53 @@ func TestReadCertificate(t *testing.T) {
 		}
 	}
 }
+
+func TestDecode(t *testing.T) {
+	password := []byte{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}
+	defer zeroing(password)
+
+	f, err := os.Open("./testdata/keystore.jks")
+	if err != nil {
+		t.Fatalf("open test data keystore file: %s", err)
+	}
+
+	defer func() {
+		if err := f.Close(); err != nil {
+			t.Fatalf("close test data keystore file: %s", err)
+		}
+	}()
+
+	keyStore, err := Decode(f, password)
+	if err != nil {
+		t.Fatalf("decode test data keystore: %s", err)
+	}
+
+	actualPKE, ok := keyStore["alias"].(*PrivateKeyEntry)
+	if !ok {
+		t.Fatalf("assert private key entry")
+	}
+
+	expectedCT, err := time.Parse("2006-01-02 15:04:05.999999999 -0700 MST", "2017-09-19 17:41:00.016 +0300 EEST")
+	if err != nil {
+		t.Fatalf("parse creation time: %s", err)
+	}
+
+	if !actualPKE.CreationTime.Equal(expectedCT) {
+		t.Errorf("unexpected private key entry creation time: '%v' '%v'", actualPKE.CreationTime, expectedCT)
+	}
+
+	if len(actualPKE.CertificateChain) != 0 {
+		t.Errorf("unexpected private key entry certificate chain length: '%d' '%d'", len(actualPKE.CertificateChain), 0)
+	}
+
+	pkPEM, err := ioutil.ReadFile("./testdata/privkey.pem")
+	if err != nil {
+		t.Fatalf("read expected private key file: %s", err)
+	}
+
+	decodedPK, _ := pem.Decode(pkPEM)
+
+	if !reflect.DeepEqual(actualPKE.PrivateKey, decodedPK.Bytes) {
+		t.Errorf("unexpected private key")
+	}
+}

testdata/privkey.pem

@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMiiH2T1BHnHiaU8
+EGAIa6JHkOZCfb9xDLyfqL73m/kFTFAJAhJ9gGusVIk5NCS0aGgASsNnGiqmhFbE
+MiYuvxRzUJIKL9hh1ttnGhyZQ0hwlyeTNVJKCWNX6rcLZ+blO7kpF6YI6fqYsmWc
+QeyxgW2NAFH9HaiqF5F0V0DUXh4dAgMBAAECgYEAwRS0ndXmbsQGxUuefqzb2JqC
+6fWHSpujJEuKe+2S3v2oSUXCBsVct0JrQHwaoFA2QhA14wLv/aeuqEm78V7/ZxsF
+vi+PFsYGsag05N83vZcJi/fHbLzkWFOANAnr7i/4u1sd2fIqFkm5xY5lw02lW5JN
+daVDAo/njAEsTYn2OEkCQQD3cx/50LWmsQnsmSy4RdfERYWMuxDjSlvixfabEb3X
+usyZ8CcK1RUUdEi7m+H+3KXJvuNaZiQ5WdQ7nXX34plXAkEAz5DfPLcC40sQlXxM
+G0pteLNDemV81Okj4yfzukRZXwt54JjPd0AO1GQbmB4K8Zqag7p0ekU/5Y7oL+JQ
+fXA3qwJAPudRNZxM0TcoIrE9oQqAMzDJJmFXhbAdc6SHcBwuemzOHkPiaOqKFU0K
+QEb8SGGm84ZHHW/hvYKMZSs+FenQuQJBAMC6T83cUH4j0P48L56XeRY9vUYEvegj
+ogLlsdUeaa1qxnvY56pefGaRnV2dZ6P2Xco6crSlYDMSgl0T0pDmhYkCQDZ1dn3F
++MXxmJT9uRSfwLj4cNPHICZKrlp20lqDYvEZtIiouY4c/Y7cYykUSotzUgigng9D
+zK3idGFIejk+Ezo=
+-----END PRIVATE KEY-----