From bc1834bfdf63b8a50065a84a98f4a4fee45742df Mon Sep 17 00:00:00 2001
From: Scott Frederick <sfrederick@pivotal.io>
Date: Fri, 28 Aug 2020 17:04:34 -0500
Subject: [PATCH] Ensure layer digest hashes contain 64 characters

This commit ensures that encoded digest hashes for Docker image
layers are zero-padded to the required 64 characters length.

Fixes gh-23132
---
 .../boot/buildpack/platform/docker/type/LayerId.java   |  2 +-
 .../buildpack/platform/docker/type/LayerIdTests.java   | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/type/LayerId.java b/spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/type/LayerId.java
index bec2d83f63f..d30cc6a331a 100644
--- a/spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/type/LayerId.java
+++ b/spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/type/LayerId.java
@@ -98,7 +98,7 @@ public final class LayerId {
 		Assert.notNull(digest, "Digest must not be null");
 		Assert.isTrue(digest.length == 32, "Digest must be exactly 32 bytes");
 		String algorithm = "sha256";
-		String hash = String.format("%32x", new BigInteger(1, digest));
+		String hash = String.format("%064x", new BigInteger(1, digest));
 		return new LayerId(algorithm + ":" + hash, algorithm, hash);
 	}
 
diff --git a/spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/test/java/org/springframework/boot/buildpack/platform/docker/type/LayerIdTests.java b/spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/test/java/org/springframework/boot/buildpack/platform/docker/type/LayerIdTests.java
index 50129a223d3..34d9bd52e27 100644
--- a/spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/test/java/org/springframework/boot/buildpack/platform/docker/type/LayerIdTests.java
+++ b/spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/test/java/org/springframework/boot/buildpack/platform/docker/type/LayerIdTests.java
@@ -18,6 +18,7 @@ package org.springframework.boot.buildpack.platform.docker.type;
 
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
+import java.util.Arrays;
 
 import org.junit.jupiter.api.Test;
 
@@ -67,6 +68,15 @@ class LayerIdTests {
 		assertThat(id.toString()).isEqualTo("sha256:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08");
 	}
 
+	@Test
+	void ofSha256DigestWithZeroPadding() {
+		byte[] digest = new byte[32];
+		Arrays.fill(digest, (byte) 127);
+		digest[0] = 1;
+		LayerId id = LayerId.ofSha256Digest(digest);
+		assertThat(id.toString()).isEqualTo("sha256:017f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f");
+	}
+
 	@Test
 	void ofSha256DigestWhenNullThrowsException() {
 		assertThatIllegalArgumentException().isThrownBy(() -> LayerId.ofSha256Digest((byte[]) null))