[JENKINS-58734] Use SHA-256 for crumbs (jenkinsci#4134)

* [JENKINS-58734] Use SHA-256 for crumbs Signed-off-by: Matt Sicker <[email protected]> * Use SHA-256 more consistently Signed-off-by: Matt Sicker <[email protected]>
timeticktick · Aug 16, 2019 · eadd4b7 · eadd4b7
1 parent 35e507e
commit eadd4b7
Showing 1 changed file with 10 additions and 13 deletions.
diff --git a/core/src/main/java/hudson/security/csrf/DefaultCrumbIssuer.java b/core/src/main/java/hudson/security/csrf/DefaultCrumbIssuer.java
@@ -49,29 +49,26 @@ public class DefaultCrumbIssuer extends CrumbIssuer {
 
     @DataBoundConstructor
     public DefaultCrumbIssuer(boolean excludeClientIPFromCrumb) {
-        try {
-            this.md = MessageDigest.getInstance("MD5");
-            this.excludeClientIPFromCrumb = excludeClientIPFromCrumb;
-        } catch (NoSuchAlgorithmException e) {
-            this.md = null;
-            this.excludeClientIPFromCrumb = false;
-            LOGGER.log(Level.SEVERE, "Can't find MD5", e);
-        }
+        this.excludeClientIPFromCrumb = excludeClientIPFromCrumb;
+        initializeMessageDigest();
     }
 
     public boolean isExcludeClientIPFromCrumb() {
         return this.excludeClientIPFromCrumb;
     }
 
     private Object readResolve() {
+        initializeMessageDigest();
+        return this;
+    }
+
+    private void initializeMessageDigest() {
         try {
-            this.md = MessageDigest.getInstance("MD5");
+            md = MessageDigest.getInstance("SHA-256");
         } catch (NoSuchAlgorithmException e) {
-            this.md = null;
-            LOGGER.log(Level.SEVERE, "Can't find MD5", e);
+            md = null;
+            LOGGER.log(Level.SEVERE, e, () -> "Cannot find SHA-256 MessageDigest implementation.");
         }
-
-        return this;
     }
 
     /**