RFR 10 (XS): 8184673: Fix compatibility issue in AlgorithmChecker for 3rd party JCE providers
Anthony Scarpino
anthony.scarpino at oracle.com
Fri Jul 14 16:56:28 UTC 2017
On 07/14/2017 08:37 AM, Langer, Christoph wrote:
> Hi,
>
> after the discussion in thread
> http://mail.openjdk.java.net/pipermail/security-dev/2017-July/016068.html,
> please review my proposed change:
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8184673
>
> Change:
>
> *diff -r 76fca9438ee9 -r 9c2438e0a823
> src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java*
>
> --- a/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
> Thu Jul 13 13:42:39 2017 +0200
> +++ b/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
> Fri Jul 14 17:35:36 2017 +0200
>
> @@ -270,7 +270,7 @@
>
> AlgorithmParameters currSigAlgParams =
> algorithmId.getParameters();
>
> PublicKey currPubKey = cert.getPublicKey();
> - String currSigAlg = ((X509Certificate)cert).getSigAlgName();
> + currSigAlg = x509Cert.getSigAlgName();
I think you need to prepend with "String " to your change.
>
> // Check the signature algorithm and parameters against constraints.
>
> if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg,
Otherwise it looks fine.
Tony
More information about the security-dev
mailing list