Skip to content

[backport camel-4.18.x] CAMEL-23843: Camel-PQC - sign and verify String payloads as UTF-8#24723

Merged
oscerd merged 1 commit into
apache:camel-4.18.xfrom
oscerd:backport/24716-to-camel-4.18.x
Jul 16, 2026
Merged

[backport camel-4.18.x] CAMEL-23843: Camel-PQC - sign and verify String payloads as UTF-8#24723
oscerd merged 1 commit into
apache:camel-4.18.xfrom
oscerd:backport/24716-to-camel-4.18.x

Conversation

@oscerd

@oscerd oscerd commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Backport of #24716 to camel-4.18.x (fixVersion 4.18.4) — charset only.

sign/verify encoded a String body with String.getBytes() (the JVM default charset). The default charset is platform dependent, so signing on one JVM and verifying on another with a different default disagrees on the bytes of a non-ASCII payload and verification fails. Pin StandardCharsets.UTF_8.

Scope vs main: the native byte[]/InputStream handling delivered on main by CAMEL-23847 is an improvement kept to main, so it is intentionally not in this backport — only the charset determinism fix for String payloads. This branch has no hybrid sign/verify, so only signature()/verification() are touched.

Note on the test: the bug is JVM-default-charset dependent (a no-op on Java 18+ where the default is already UTF-8, per JEP 400), so the test pins the UTF-8 contract — it independently verifies the produced signature over the payload's UTF-8 bytes and confirms it does not match the ISO-8859-1 bytes. Validated green on this branch; no generated drift.

Claude Code on behalf of Andrea Cosentino.

… payloads as UTF-8

sign/verify encoded a String message body with String.getBytes(), which uses the JVM
default charset. The default charset is platform dependent, so signing on one JVM and
verifying on another with a different default could disagree on the bytes of a
non-ASCII payload and fail verification. Pin StandardCharsets.UTF_8.

Charset-only backport of apache#24716. The native byte[]/InputStream handling from
CAMEL-23847 is an improvement that stays on main only, so it is intentionally not
part of this backport.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

@gnodet gnodet left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well-scoped, minimal backport of the charset determinism fix — looks good.

What works well:

  • The fix is correct and complete: both signature() and verification() now use StandardCharsets.UTF_8 instead of the platform-dependent String.getBytes().
  • No other .getBytes() calls exist in PQCProducer.java on this branch, so nothing is missed.
  • The test design is solid — independently verifying the signature over UTF-8 bytes and confirming it does not match ISO-8859-1 bytes pins the UTF-8 contract regardless of the JVM's default charset.
  • Backport scope is appropriate: only the charset fix, no hybrid crypto code (which correctly doesn't exist on camel-4.18.x).

Checklist:

  • Tests included (PQCSignatureCharsetTest)
  • No @author tags
  • Backport scope — minimal, targeted fix only
  • Backward compat — improves cross-platform correctness
  • Security — deterministic encoding prevents subtle signature verification failures
  • Formatting — import placement correct

Reviewed with Claude Code on behalf of gnodet. This review was generated by an AI agent and may contain inaccuracies; please verify all suggestions before applying.

@oscerd
oscerd requested review from davsclaus and gnodet July 15, 2026 12:32
@oscerd
oscerd merged commit abd2538 into apache:camel-4.18.x Jul 16, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants