SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 17

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 18

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
This compliant solution uses the {{equals()}} method as a first test and then compares the encoded version of the keys to facilitate provider-independent behavior. For example, it can be checked if a {{RSAPrivateKey}} and {{RSAPrivateCrtKey}} represent an equivalent private key. \[[Sun 2006|AA. Bibliography#Sun 06]\].

Code Block
bgColor#ccccff
private static boolean keysEqual(Key key1, Key key2) {
  if (key1.equals(key2)) {
    return true;
  }

  if (Arrays.equals(key1.getEncoded(), key2.getEncoded())) {
    return true;
  }

  // More code for different types of keys here.
  // For example, the following code can check if
  // an RSAPrivateKey and an RSAPrivateCrtKey are equal:
  if ((key1 instanceof RSAPrivateKey) &&
     (key2 instanceof RSAPrivateKey)) {
  
    if ((((RSAKey) key1).getModulus().equals(((RSAKey) key2).getModulus()))
       && (((RSAPrivateKey) key1).getPrivateExponent().equals(
       ((RSAPrivateKey) key2).getPrivateExponent()))) {
  
      return true;
    }
  }
  return false;
}

...

Using Object.equals() to compare cryptographic keys may not yield accurate results.

Rule Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

MSC04-J

high

unlikely

low

P9

L2

...