From b99607881857becb0abd34bb9b259feb0e807f4a Mon Sep 17 00:00:00 2001
From: J-N-K <github@klug.nrw>
Date: Sat, 8 Jun 2024 23:22:24 +0200
Subject: [PATCH] [mqtt] Fix certificate pinning (#16857)

Signed-off-by: Jan N. Klug <github@klug.nrw>
---
 .../org/openhab/binding/mqtt/handler/BrokerHandler.java   | 8 +++++++-
 .../java/org/openhab/binding/mqtt/internal/ssl/Pin.java   | 4 ++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/bundles/org.openhab.binding.mqtt/src/main/java/org/openhab/binding/mqtt/handler/BrokerHandler.java b/bundles/org.openhab.binding.mqtt/src/main/java/org/openhab/binding/mqtt/handler/BrokerHandler.java
index e5f29522e6..16dd1853ab 100644
--- a/bundles/org.openhab.binding.mqtt/src/main/java/org/openhab/binding/mqtt/handler/BrokerHandler.java
+++ b/bundles/org.openhab.binding.mqtt/src/main/java/org/openhab/binding/mqtt/handler/BrokerHandler.java
@@ -83,6 +83,12 @@ public class BrokerHandler extends AbstractBrokerHandler implements PinnedCallba
             logger.error("Received pins hash is empty!");
             return;
         }
+        PinMessageDigest hashDigest = pin.getHashDigest();
+        if (hashDigest == null) {
+            logger.error("Received pins message digest is not set!");
+            return;
+        }
+
         String configKey = null;
         try {
             switch (pin.getType()) {
@@ -99,7 +105,7 @@ public class BrokerHandler extends AbstractBrokerHandler implements PinnedCallba
         }
 
         Configuration thingConfig = editConfiguration();
-        thingConfig.put(configKey, HexUtils.bytesToHex(hash));
+        thingConfig.put(configKey, hashDigest.getMethod() + ":" + HexUtils.bytesToHex(hash));
         updateConfiguration(thingConfig);
     }
 
diff --git a/bundles/org.openhab.binding.mqtt/src/main/java/org/openhab/binding/mqtt/internal/ssl/Pin.java b/bundles/org.openhab.binding.mqtt/src/main/java/org/openhab/binding/mqtt/internal/ssl/Pin.java
index 9009b18d00..134f53408a 100644
--- a/bundles/org.openhab.binding.mqtt/src/main/java/org/openhab/binding/mqtt/internal/ssl/Pin.java
+++ b/bundles/org.openhab.binding.mqtt/src/main/java/org/openhab/binding/mqtt/internal/ssl/Pin.java
@@ -54,6 +54,10 @@ public class Pin {
         return pinData;
     }
 
+    public @Nullable PinMessageDigest getHashDigest() {
+        return hashDigest;
+    }
+
     public void setLearningMode() {
         this.learning = true;
         this.pinData = null;
-- 
2.47.3