JDK 8 Code Review Request: 7187962: sun.security.pkcs11.P11DSAKeyFactory.implTranslatePublicKey doesn't check if params is null
Valerie (Yu-Ching) Peng
valerie.peng at oracle.com
Thu Aug 9 20:09:16 UTC 2012
Yes, various places assume that the params being non-null since they are
needed for crypto operations.
I think what you have here is the right fix for the particular test failure.
Do you know if Certificate.getPublicKey() is called on a certificate
contains a DSA key whose DSA params should be inherited from the signing
CA, will the returned DSA public key has the necessary params?
Thanks,
Valerie
On 08/09/12 06:53, Sean Mullan wrote:
> I have re-worked this fix so that our PKIX CertPathValidator implementation
> detects if a TrustAnchor's DSA key has no parameters *before* using it to verify
> a signature. This is a cleaner fix, as it turns out there is quite a bit of
> existing code in JCE that already assumes a DSA key has parameters, and will
> throw an NPE if it doesn't.
>
> Please review:
>
> http://cr.openjdk.java.net/~mullan/webrevs/7187962/webrev.01/
>
> Thanks,
> Sean
>
> On 8/6/12 10:43 AM, Sean Mullan wrote:
>> Hi Valerie,
>>
>> Could you please review this simple fix to
>> P11DSAKeyFactory.implTranslatePublicKey?
>>
>> http://cr.openjdk.java.net/~mullan/webrevs/7187962/webrev.00/
>>
>> Thanks,
>> Sean
>>
More information about the security-dev
mailing list