RFR 10 (XS): 8184673: Fix compatibility issue in AlgorithmChecker for 3rd party JCE providers

Anthony Scarpino anthony.scarpino at oracle.com
Fri Jul 14 16:56:28 UTC 2017


On 07/14/2017 08:37 AM, Langer, Christoph wrote:
> Hi,
> 
> after the discussion in thread 
> http://mail.openjdk.java.net/pipermail/security-dev/2017-July/016068.html, 
> please review my proposed change:
> 
> Bug: https://bugs.openjdk.java.net/browse/JDK-8184673
> 
> Change:
> 
> *diff -r 76fca9438ee9 -r 9c2438e0a823 
> src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java*
> 
> ---  a/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java  
> Thu Jul 13 13:42:39 2017 +0200
> +++  b/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java  
> Fri Jul 14 17:35:36 2017 +0200
> 
> @@ -270,7 +270,7 @@
> 
>           AlgorithmParameters currSigAlgParams = 
> algorithmId.getParameters();
> 
>          PublicKey currPubKey = cert.getPublicKey();
> -        String currSigAlg = ((X509Certificate)cert).getSigAlgName(); 
> +        currSigAlg = x509Cert.getSigAlgName();

I think you need to prepend with "String " to your change.

> 
>           // Check the signature algorithm and parameters against constraints.
> 
>           if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg,

Otherwise it looks fine.

Tony



More information about the security-dev mailing list