8236470: Deal with ECDSA using ecdsa-with-SHA2 plus hash algorithm as AlgorithmId

Reviewed-by: xuelei

8236470: Deal with ECDSA using ecdsa-with-SHA2 plus hash algorithm as AlgorithmId
Reviewed-by: xuelei
baccb0cf · weijun · 84dd5c50 · baccb0cf · baccb0cf
2 changed file
--- a/src/java.base/share/classes/sun/security/x509/AlgorithmId.java
+++ b/src/java.base/share/classes/sun/security/x509/AlgorithmId.java
@@ -236,6 +236,9 @@ public class AlgorithmId implements Serializable, DerEncoder {
     * return a name such as "MD5withRSA" for a signature algorithm on
     * some systems.  It also returns names like "OID.1.2.3.4", when
     * no particular name for the algorithm is known.
+     *
+     * Note: for ecdsa-with-SHA2 plus hash algorithm (Ex: SHA-256), this method
+     * returns the "full" signature algorithm (Ex: SHA256withECDSA) directly.
     */
    public String getName() {
        String algName = nameTable.get(algid);
@@ -245,7 +248,7 @@ public class AlgorithmId implements Serializable, DerEncoder {
        if ((params != null) && algid.equals((Object)specifiedWithECDSA_oid)) {
            try {
                AlgorithmId paramsId =
-                        AlgorithmId.parse(new DerValue(getEncodedParams()));
+                        AlgorithmId.parse(new DerValue(params.toByteArray()));
                String paramsName = paramsId.getName();
                algName = makeSigAlg(paramsName, "EC");
            } catch (IOException e) {
@@ -261,12 +264,18 @@ public class AlgorithmId implements Serializable, DerEncoder {

    /**
     * Returns the DER encoded parameter, which can then be
-     * used to initialize java.security.AlgorithmParamters.
+     * used to initialize java.security.AlgorithmParameters.
+     *
+     * Note: for ecdsa-with-SHA2 plus hash algorithm (Ex: SHA-256), this method
+     * returns null because {@link #getName()} has already returned the "full"
+     * signature algorithm (Ex: SHA256withECDSA).
     *
     * @return DER encoded parameters, or null not present.
     */
    public byte[] getEncodedParams() throws IOException {
-        return (params == null) ? null : params.toByteArray();
+        return (params == null || algid.equals(specifiedWithECDSA_oid))
+                ? null
+                : params.toByteArray();
    }

    /**

--- a/test/jdk/sun/security/pkcs11/PKCS11Test.java
+++ b/test/jdk/sun/security/pkcs11/PKCS11Test.java
@@ -79,11 +79,11 @@ public abstract class PKCS11Test {
    static {
        // hack
        String absBase = new File(BASE).getAbsolutePath();
-        int k = absBase.indexOf(SEP + "test" + SEP + "sun" + SEP);
+        int k = absBase.indexOf(SEP + "test" + SEP + "jdk" + SEP);
        if (k < 0) k = 0;
-        String p1 = absBase.substring(0, k + 6);
-        String p2 = absBase.substring(k + 5);
-        CLOSED_BASE = p1 + "closed" + p2;
+        String p1 = absBase.substring(0, k);
+        String p2 = absBase.substring(k);
+        CLOSED_BASE = p1 + "/../closed" + p2;

        // set it as a system property to make it available in policy file
        System.setProperty("closed.base", CLOSED_BASE);