Hi,
I have attatched a patch to fix the bug in using the P_SHA-1 key
derivation in Linux.
Can somone please apply it :-)
Regards,
Ruchith
Index: P_SHA1.java
===================================================================
RCS file:
/home/cvspublic/ws-fx/wss4j/src/org/apache/ws/security/conversation/dkAlgo/P_SHA1.java,v
retrieving revision 1.3
diff -u -r1.3 P_SHA1.java
--- P_SHA1.java 9 Aug 2004 18:02:46 -0000 1.3
+++ P_SHA1.java 23 Mar 2005 04:19:17 -0000
@@ -40,11 +40,11 @@
* @version 1.0
*/
-import org.apache.ws.security.conversation.ConversationException;
-
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
+import org.apache.ws.security.conversation.ConversationException;
+
public class P_SHA1
implements DerivationAlgorithm {
@@ -55,9 +55,13 @@
long length) throws ConversationException {
try {
Mac mac = Mac.getInstance("HmacSHA1");
- byte[] key = new String(P_hash(secret, labelAndNonce.getBytes(),
mac,
- (offset + (int) length))).substring(offset,
- (int) length).getBytes();
+
+ byte[] tempBytes = P_hash(secret, labelAndNonce.getBytes(),
mac,(offset + (int) length));
+
+ byte[] key = new byte[(int)length];
+
+ for(int i = 0; i < key.length; i++)
+ key[i] = tempBytes[i+offset];
return key;
} catch (Exception ex) {
