7187962: sun.security.pkcs11.P11DSAKeyFactory.implTranslatePublicKey doesn't...

7187962: sun.security.pkcs11.P11DSAKeyFactory.implTranslatePublicKey doesn't check if params is null Reviewed-by: valeriep

7187962: sun.security.pkcs11.P11DSAKeyFactory.implTranslatePublicKey doesn't...
7187962: sun.security.pkcs11.P11DSAKeyFactory.implTranslatePublicKey doesn't check if params is null Reviewed-by: valeriep
35507b2b · mullan · cd762851 · 35507b2b
隐藏空白更改
内联并排

Showing with 11 addition and 5 deletion

src/share/classes/sun/security/provider/certpath/BasicChecker.java .../classes/sun/security/provider/certpath/BasicChecker.java +11 -5

未找到文件。
--- a/src/share/classes/sun/security/provider/certpath/BasicChecker.java
+++ b/src/share/classes/sun/security/provider/certpath/BasicChecker.java
@@ -101,6 +101,14 @@ class BasicChecker extends PKIXCertPathChecker {
    public void init(boolean forward) throws CertPathValidatorException {
        if (!forward) {
            prevPubKey = trustedPubKey;
+            if (prevPubKey instanceof DSAPublicKey &&
+                ((DSAPublicKey)prevPubKey).getParams() == null)
+            {
+                // If TrustAnchor is a DSA public key and it has no params, it
+                // cannot be used to verify the signature of the first cert,
+                // so throw exception
+                throw new CertPathValidatorException("Key parameters missing");
+            }
            prevSubject = caName;
        } else {
            throw new
@@ -242,7 +250,7 @@ class BasicChecker extends PKIXCertPathChecker {
        }
        if (cKey instanceof DSAPublicKey &&
            ((DSAPublicKey)cKey).getParams() == null) {
-            //cKey needs to inherit DSA parameters from prev key
+            // cKey needs to inherit DSA parameters from prev key
            cKey = makeInheritedParamsKey(cKey, prevPubKey);
            if (debug != null) debug.println("BasicChecker.updateState Made " +
                                             "key with inherited params");
@@ -252,7 +260,7 @@ class BasicChecker extends PKIXCertPathChecker {
    }
    /**
-     * Internal method to create a new key with inherited key parameters
+     * Internal method to create a new key with inherited key parameters.
     *
     * @param keyValueKey key from which to obtain key value
     * @param keyParamsKey key from which to obtain key parameters
@@ -263,7 +271,6 @@ class BasicChecker extends PKIXCertPathChecker {
    static PublicKey makeInheritedParamsKey(PublicKey keyValueKey,
        PublicKey keyParamsKey) throws CertPathValidatorException
    {
-        PublicKey usableKey;
        if (!(keyValueKey instanceof DSAPublicKey) ||
            !(keyParamsKey instanceof DSAPublicKey))
            throw new CertPathValidatorException("Input key is not " +
@@ -279,13 +286,12 @@ class BasicChecker extends PKIXCertPathChecker {
                                                       params.getP(),
                                                       params.getQ(),
                                                       params.getG());
-            usableKey = kf.generatePublic(ks);
+            return kf.generatePublic(ks);
        } catch (GeneralSecurityException e) {
            throw new CertPathValidatorException("Unable to generate key with" +
                                                 " inherited parameters: " +
                                                 e.getMessage(), e);
        }
-        return usableKey;
    }
    /**