Fix bug in digest computation.

CHANGELOG.md

@@ -8,6 +8,8 @@
    - Fix a bug where Microdescriptor's getDigestSha256Base64() returns
      a hex string rather than a base64 string.
    - Move descriptor digest computation to DescriptorImpl.
+   - Fix a bug in digest computation by making sure that the
+     descriptor string actually contains the end token.
 
 
 # Changes in version 1.7.0 - 2017-05-17

src/main/java/org/torproject/descriptor/impl/DescriptorImpl.java

@@ -371,8 +371,12 @@ public abstract class DescriptorImpl implements Descriptor {
       String ascii = new String(this.rawDescriptorBytes,
           StandardCharsets.US_ASCII);
       int start = ascii.indexOf(startToken);
-      int end = (null == endToken) ? ascii.length()
-          : (ascii.indexOf(endToken) + endToken.length());
+      int end = -1;
+      if (null == endToken) {
+        end = ascii.length();
+      } else if (ascii.contains(endToken)) {
+        end = ascii.indexOf(endToken) + endToken.length();
+      }
       if (start >= 0 && end >= 0 && end > start) {
         byte[] forDigest = new byte[end - start];
         System.arraycopy(this.rawDescriptorBytes, start, forDigest, 0,
@@ -408,8 +412,12 @@ public abstract class DescriptorImpl implements Descriptor {
       String ascii = new String(this.rawDescriptorBytes,
           StandardCharsets.US_ASCII);
       int start = ascii.indexOf(startToken);
-      int end = (null == endToken) ? ascii.length()
-          : (ascii.indexOf(endToken) + endToken.length());
+      int end = -1;
+      if (null == endToken) {
+        end = ascii.length();
+      } else if (ascii.contains(endToken)) {
+        end = ascii.indexOf(endToken) + endToken.length();
+      }
       if (start >= 0 && end >= 0 && end > start) {
         byte[] forDigest = new byte[end - start];
         System.arraycopy(this.rawDescriptorBytes, start, forDigest, 0,

src/test/java/org/torproject/descriptor/impl/RelayNetworkStatusImplTest.java

@@ -24,8 +24,15 @@ public class RelayNetworkStatusImplTest {
       + "c6JWYUWZSPpW1uyjyLPUI/ikyyH7zmtR4MfhSeNdt2zSakojYNaPAgMBAAE=\n"
       + "-----END RSA PUBLIC KEY-----\n";
 
+  private static final String validFooter = "directory-signature dizum\n"
+      + "-----BEGIN SIGNATURE-----\n"
+      + "G62xrsrqpmJKSHP672o2Wv/5hdKmy+LoWwdQl/JvT7WN7VfdlfBpo5UgsxvIHGSF\n"
+      + "MGVROgjL1+EW4vezm5U0/Tz02CbCaw5Gs2hu4fviT0qKTV+QTP+l9a4SeY36a1qL\n"
+      + "TZiThjmOWg5C5ru2eOZKzst2wGW0WDPmsVRpWO7UMzs=\n"
+      + "-----END SIGNATURE-----\n";
+
   private static final String validStatus =
-      "@type network-status-2 1.0\n" + validHeader;
+      "@type network-status-2 1.0\n" + validHeader + validFooter;
 
   @Test(expected = DescriptorParseException.class)
   public void testParseBrokenHeader() throws DescriptorParseException {

src/test/java/org/torproject/descriptor/impl/ServerDescriptorImplTest.java

@@ -1027,14 +1027,14 @@ public class ServerDescriptorImplTest {
         descriptor.getExitPolicyLines());
   }
 
-  @Test()
-  public void testRouterSignatureOpt()
-      throws DescriptorParseException {
-    DescriptorBuilder.createWithRouterSignatureLines("opt "
-        + "router-signature\n"
+  @Test(expected = DescriptorParseException.class)
+  public void testEndSignatureFourDashes() throws DescriptorParseException {
+    DescriptorBuilder.createWithRouterSignatureLines("router-signature\n"
         + "-----BEGIN SIGNATURE-----\n"
-        + "crypto lines are ignored anyway\n"
-        + "-----END SIGNATURE-----");
+        + "o4j+kH8UQfjBwepUnr99v0ebN8RpzHJ/lqYsTojXHy9kMr1RNI9IDeSzA7PSqT"
+        + "uV\n4PL8QsGtlfwthtIoZpB2srZeyN/mcpA9fa1JXUrt/UN9K/+32Cyaad7h0n"
+        + "HE6Xfb\njqpXDpnBpvk4zjmzjjKYnIsUWTnADmu0fo3xTRqXi7g=\n"
+        + "-----END SIGNATURE----");
   }
 
   @Test(expected = DescriptorParseException.class)