SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 6

changes.mady.by.user Ankur Goyal

Saved on

compared with

New Version 7

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 4

...

Code Block
bgColor#ccccff
private static boolean keysEqual(Key key1, Key key2) {
  if (key1.equals(key2)) {
    return true;
  }

  if (Arrays.equals(key1.getEncoded(), key2.getEncoded())) {
    return true;
  }

  // More code for different types of keys here.
  // For example, the following code can check if
  // an RSAPrivateKey and an RSAPrivateCrtKey are equal:
  if ((key1 instanceof RSAPrivateKey) &&
     (key2 instanceof RSAPrivateKey)) {
  
    if ((((RSAKey) key1).getModulus().equals(((RSAKey) key2).getModulus()))
       && (((RSAPrivateKey) key1).getPrivateExponent().equals(
       ((RSAPrivateKey) key2).getPrivateExponent()))) {
  
      return true;
    }
  }
  return false;
}

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[API 06|AA. Java References#API 06]\] 
\[[Sun 06|AA. Java References#Sun 06]\] [Determining If Two Keys Are Equal|http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#Determining%20If%20Two%20Keys%20Are%20Equal] (JCA Reference Guide)

...

MSC34FIO36-J. Do not base critical decisions on IP addresses or DNS lookups      49. Miscellaneous (MSC)      99. The Void (VOIDcreate multiple buffered wrappers on an InputStream      09. Input Output (FIO)      09. Input Output (FIO)