Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
5d4a4c61
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
3
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
5d4a4c61
编写于
12月 06, 2010
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
6896700: Validation of signatures succeed when it should fail
Reviewed-by: wetmore
上级
d908ce95
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
150 addition
and
3 deletion
+150
-3
src/share/classes/sun/security/rsa/RSASignature.java
src/share/classes/sun/security/rsa/RSASignature.java
+5
-0
test/sun/security/rsa/InvalidBitString.java
test/sun/security/rsa/InvalidBitString.java
+138
-0
test/sun/security/rsa/TestKeyPairGenerator.java
test/sun/security/rsa/TestKeyPairGenerator.java
+7
-3
未找到文件。
src/share/classes/sun/security/rsa/RSASignature.java
浏览文件 @
5d4a4c61
...
...
@@ -185,6 +185,11 @@ public abstract class RSASignature extends SignatureSpi {
// verify the data and return the result. See JCA doc
protected
boolean
engineVerify
(
byte
[]
sigBytes
)
throws
SignatureException
{
if
(
sigBytes
.
length
!=
RSACore
.
getByteLength
(
publicKey
))
{
throw
new
SignatureException
(
"Signature length not correct: got "
+
sigBytes
.
length
+
" but was expecting "
+
RSACore
.
getByteLength
(
publicKey
));
}
byte
[]
digest
=
getDigestValue
();
try
{
byte
[]
decrypted
=
RSACore
.
rsa
(
sigBytes
,
publicKey
);
...
...
test/sun/security/rsa/InvalidBitString.java
0 → 100644
浏览文件 @
5d4a4c61
/*
* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/* @test
* @summary Validation of signatures succeed when it should fail
* @bug 6896700
*/
import
java.io.InputStream
;
import
java.io.ByteArrayInputStream
;
import
java.security.cert.Certificate
;
import
java.security.cert.CertificateFactory
;
import
java.security.PublicKey
;
import
java.security.SignatureException
;
public
class
InvalidBitString
{
// Test cert for CN=CA
static
String
signerCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIIBtDCCAR2gAwIBAgIEemxRHjANBgkqhkiG9w0BAQUFADANMQswCQYDVQQDEwJDQTAeFw0xMDA2\n"
+
"MDMwODA2MjlaFw0xMDA5MDEwODA2MjlaMA0xCzAJBgNVBAMTAkNBMIGfMA0GCSqGSIb3DQEBAQUA\n"
+
"A4GNADCBiQKBgQCp2G7pGwMOw4oM7zFFeRKrByuPLNAXClGsh+itdRiOeUgEby6OB9IAgXm93086\n"
+
"Z9dWCfRYbzJbDRSnUE7FS1iQsIRIeOEuFMIMogcBK+sOf364ONwMXsI4gtYVmxn4BaaajVWt6C/g\n"
+
"FBGZQxp81aORDyUIrlCkMIxhZBSsNPIJYwIDAQABoyEwHzAdBgNVHQ4EFgQUKrvzNhJmdKoqq2li\n"
+
"utCzKkwA1N0wDQYJKoZIhvcNAQEFBQADgYEAEIaegsW7fWWjXk4YOMlcl893vx6tnU8ThuQSjwGI\n"
+
"rIs93sBYuY7lQIpQw8+XM89WT1XuBB6R2SsnxeW+gHtsU/EE6iJJAEMeCILwEGUL02blwHBQWmpa\n"
+
"i3YeGXw+IFe/4OAysPT7ZRbUb7mPt37Ht6hIjain71ShR5anXIuawVE=\n"
+
"-----END CERTIFICATE-----\n"
;
// Test cert for CN=A, happens to have a zero at the beginning of signature
static
String
normalCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIIB1DCCAT2gAwIBAgIEae+u1TANBgkqhkiG9w0BAQUFADANMQswCQYDVQQDEwJDQTAeFw0xMDA2\n"
+
"MDMwODA2NTNaFw0xMDA5MDEwODA2NTNaMAwxCjAIBgNVBAMTAUEwgZ8wDQYJKoZIhvcNAQEBBQAD\n"
+
"gY0AMIGJAoGBAKZ7C6bC8AJmXIRNwuPJcgIPW1ygN3rE5PIKPAkeK/dYnPmUJNuiSxOFPJCrLMuL\n"
+
"sweQh82Dq/viu+KBb27xVzJ4pK02fbcWdJDo7cIms0Wm+HckK5myA6xmqnpmPOjb/vWCLE6pN2Xg\n"
+
"pJyrdeWV77eBvqE9OiCsMTP8WgHI9zLvAgMBAAGjQjBAMB0GA1UdDgQWBBTtIKqCHnL9QeFn+YrX\n"
+
"+k00NUk9mjAfBgNVHSMEGDAWgBQqu/M2EmZ0qiqraWK60LMqTADU3TANBgkqhkiG9w0BAQUFAAOB\n"
+
"gQAAOcQsEruDAY/z3eXJ7OtWSZlLC0yTVNVdUVNLQ58xNqPrmKNBXNpj/72N8xrTB++ApW+DLgLy\n"
+
"cwGU5PVRtsYeiV6prUkpqUf62SQgwI4guAQy1ileeP1CNQJI3cHQExMAHvQT8fJtlD0WZD3nfesq\n"
+
"mmQDOpoJLkmO/73Z7IibVA==\n"
+
"-----END CERTIFICATE-----\n"
;
// normalCertStr with an extra zero at the beginning of signature
static
String
longerCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIIB1TCCAT2gAwIBAgIEae+u1TANBgkqhkiG9w0BAQUFADANMQswCQYDVQQDEwJDQTAeFw0xMDA2\n"
+
"MDMwODA2NTNaFw0xMDA5MDEwODA2NTNaMAwxCjAIBgNVBAMTAUEwgZ8wDQYJKoZIhvcNAQEBBQAD\n"
+
"gY0AMIGJAoGBAKZ7C6bC8AJmXIRNwuPJcgIPW1ygN3rE5PIKPAkeK/dYnPmUJNuiSxOFPJCrLMuL\n"
+
"sweQh82Dq/viu+KBb27xVzJ4pK02fbcWdJDo7cIms0Wm+HckK5myA6xmqnpmPOjb/vWCLE6pN2Xg\n"
+
"pJyrdeWV77eBvqE9OiCsMTP8WgHI9zLvAgMBAAGjQjBAMB0GA1UdDgQWBBTtIKqCHnL9QeFn+YrX\n"
+
"+k00NUk9mjAfBgNVHSMEGDAWgBQqu/M2EmZ0qiqraWK60LMqTADU3TANBgkqhkiG9w0BAQUFAAOB\n"
+
"ggAAADnELBK7gwGP893lyezrVkmZSwtMk1TVXVFTS0OfMTaj65ijQVzaY/+9jfMa0wfvgKVvgy4C\n"
+
"8nMBlOT1UbbGHoleqa1JKalH+tkkIMCOILgEMtYpXnj9QjUCSN3B0BMTAB70E/HybZQ9FmQ9533r\n"
+
"KppkAzqaCS5Jjv+92eyIm1Q=\n"
+
"-----END CERTIFICATE-----\n"
;
// normalCertStr without the initial zero at the beginning of signature
static
String
shorterCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIIB0zCCAT2gAwIBAgIEae+u1TANBgkqhkiG9w0BAQUFADANMQswCQYDVQQDEwJDQTAeFw0xMDA2\n"
+
"MDMwODA2NTNaFw0xMDA5MDEwODA2NTNaMAwxCjAIBgNVBAMTAUEwgZ8wDQYJKoZIhvcNAQEBBQAD\n"
+
"gY0AMIGJAoGBAKZ7C6bC8AJmXIRNwuPJcgIPW1ygN3rE5PIKPAkeK/dYnPmUJNuiSxOFPJCrLMuL\n"
+
"sweQh82Dq/viu+KBb27xVzJ4pK02fbcWdJDo7cIms0Wm+HckK5myA6xmqnpmPOjb/vWCLE6pN2Xg\n"
+
"pJyrdeWV77eBvqE9OiCsMTP8WgHI9zLvAgMBAAGjQjBAMB0GA1UdDgQWBBTtIKqCHnL9QeFn+YrX\n"
+
"+k00NUk9mjAfBgNVHSMEGDAWgBQqu/M2EmZ0qiqraWK60LMqTADU3TANBgkqhkiG9w0BAQUFAAOB\n"
+
"gAA5xCwSu4MBj/Pd5cns61ZJmUsLTJNU1V1RU0tDnzE2o+uYo0Fc2mP/vY3zGtMH74Clb4MuAvJz\n"
+
"AZTk9VG2xh6JXqmtSSmpR/rZJCDAjiC4BDLWKV54/UI1AkjdwdATEwAe9BPx8m2UPRZkPed96yqa\n"
+
"ZAM6mgkuSY7/vdnsiJtU\n"
+
"-----END CERTIFICATE-----\n"
;
public
static
void
main
(
String
args
[])
throws
Exception
{
Certificate
signer
=
generate
(
signerCertStr
);
// the valid certificate
Certificate
normal
=
generate
(
normalCertStr
);
// the invalid certificate with extra signature bits
Certificate
longer
=
generate
(
longerCertStr
);
// the invalid certificate without enough signature bits
Certificate
shorter
=
generate
(
shorterCertStr
);
if
(!
test
(
normal
,
signer
,
" normal"
,
true
)
||
!
test
(
longer
,
signer
,
" longer"
,
false
)
||
!
test
(
shorter
,
signer
,
"shorter"
,
false
))
{
throw
new
Exception
(
"Test failed."
);
}
}
private
static
Certificate
generate
(
String
certStr
)
throws
Exception
{
InputStream
is
=
null
;
try
{
CertificateFactory
cf
=
CertificateFactory
.
getInstance
(
"X.509"
);
is
=
new
ByteArrayInputStream
(
certStr
.
getBytes
());
return
cf
.
generateCertificate
(
is
);
}
finally
{
if
(
is
!=
null
)
{
is
.
close
();
}
}
}
private
static
boolean
test
(
Certificate
target
,
Certificate
signer
,
String
title
,
boolean
expected
)
throws
Exception
{
System
.
out
.
print
(
"Checking "
+
title
+
": expected: "
+
(
expected
?
" verified"
:
"NOT verified"
));
boolean
actual
;
try
{
PublicKey
pubKey
=
signer
.
getPublicKey
();
target
.
verify
(
pubKey
);
actual
=
true
;
}
catch
(
SignatureException
se
)
{
actual
=
false
;
}
System
.
out
.
println
(
", actual: "
+
(
actual
?
" verified"
:
"NOT verified"
));
return
actual
==
expected
;
}
}
test/sun/security/rsa/TestKeyPairGenerator.java
浏览文件 @
5d4a4c61
/*
* Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003,
2010,
Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -85,8 +85,12 @@ public class TestKeyPairGenerator {
sig
.
initVerify
(
kp2
.
getPublic
());
sig
.
update
(
data
);
// verify needs to return false and not throw an Exception
if
(
sig
.
verify
(
signature
))
{
throw
new
Exception
(
"verification unexpectedly succeeded"
);
try
{
if
(
sig
.
verify
(
signature
))
{
throw
new
Exception
(
"verification unexpectedly succeeded"
);
}
}
catch
(
SignatureException
se
)
{
// Yet another kind of failure, OK.
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录