8131291: Perfect parameter patterning

Reviewed-by: mullan

8131291: Perfect parameter patterning
Reviewed-by: mullan
26b55337 · igerasim · db527289 · 26b55337
隐藏空白更改
内联并排

Showing with 22 addition and 9 deletion

src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java ...sses/sun/security/provider/certpath/AlgorithmChecker.java +22 -9

未找到文件。
--- a/src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
+++ b/src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
 /*
- * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -77,6 +77,13 @@ final public class AlgorithmChecker extends PKIXCertPathChecker {
    private final static Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET =
        Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));
+    private final static Set<CryptoPrimitive> KU_PRIMITIVE_SET =
+        Collections.unmodifiableSet(EnumSet.of(
+            CryptoPrimitive.SIGNATURE,
+            CryptoPrimitive.KEY_ENCAPSULATION,
+            CryptoPrimitive.PUBLIC_KEY_ENCRYPTION,
+            CryptoPrimitive.KEY_AGREEMENT));
    private final static DisabledAlgorithmConstraints
        certPathDefaultConstraints = new DisabledAlgorithmConstraints(
            DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS);
@@ -210,9 +217,11 @@ final public class AlgorithmChecker extends PKIXCertPathChecker {
                null, null, -1, PKIXReason.INVALID_KEY_USAGE);
        }
+        // Assume all key usage bits are set if key usage is not present
+        Set<CryptoPrimitive> primitives = KU_PRIMITIVE_SET;
        if (keyUsage != null) {
-            Set<CryptoPrimitive> primitives =
+                primitives = EnumSet.noneOf(CryptoPrimitive.class);
-                        EnumSet.noneOf(CryptoPrimitive.class);
            if (keyUsage[0] || keyUsage[1] || keyUsage[5] || keyUsage[6]) {
                // keyUsage[0]: KeyUsage.digitalSignature
@@ -237,15 +246,19 @@ final public class AlgorithmChecker extends PKIXCertPathChecker {
            // KeyUsage.encipherOnly and KeyUsage.decipherOnly are
            // undefined in the absence of the keyAgreement bit.
-            if (!primitives.isEmpty()) {
+            if (primitives.isEmpty()) {
-                if (!constraints.permits(primitives, currPubKey)) {
+                throw new CertPathValidatorException(
-                    throw new CertPathValidatorException(
+                    "incorrect KeyUsage extension",
-                        "algorithm constraints check failed",
+                    null, null, -1, PKIXReason.INVALID_KEY_USAGE);
-                        null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
-                }
            }
        }
+        if (!constraints.permits(primitives, currPubKey)) {
+            throw new CertPathValidatorException(
+                "algorithm constraints check failed",
+                null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
+        }
        // Check with previous cert for signature algorithm and public key
        if (prevPubKey != null) {
            if (currSigAlg != null) {