Bug Name
PrivateKey.getSigner() Returns Null for Unsupported Key Types
Attack Scenario
getSigner() returns null for ECDSA or other unsupported key types. This null is stored in this.signer. Next call to sign() throws NullPointerException with no indication of the actual problem.
Impact
Users with ECDSA keys get opaque NullPointerExceptions instead of a clear unsupported key type message.
Components
File: clients/common/src/main/java/com/binance/connector/client/common/sign/PrivateKey.java line 132. Returns null for non-Ed25519/non-RSA keys.
Reproduction
- Configure client with an ECDSA private key.
- Make a signed request.
- NullPointerException thrown at sign() with no useful error message.
Fix
Throw ApiException('Unsupported key type: ' + algorithmIdentifier) instead of returning null.
Details
Finding ID: MEDIUM-02
Severity: Medium
Researcher: Independent Security Researcher -- Mefai Security Team
Bug Name
PrivateKey.getSigner() Returns Null for Unsupported Key Types
Attack Scenario
getSigner() returns null for ECDSA or other unsupported key types. This null is stored in this.signer. Next call to sign() throws NullPointerException with no indication of the actual problem.
Impact
Users with ECDSA keys get opaque NullPointerExceptions instead of a clear unsupported key type message.
Components
File: clients/common/src/main/java/com/binance/connector/client/common/sign/PrivateKey.java line 132. Returns null for non-Ed25519/non-RSA keys.
Reproduction
Fix
Throw ApiException('Unsupported key type: ' + algorithmIdentifier) instead of returning null.
Details
Finding ID: MEDIUM-02
Severity: Medium
Researcher: Independent Security Researcher -- Mefai Security Team