RFR 10 (XS): 8184673: Fix compatibility issue in AlgorithmChecker for 3rd party JCE providers

Sean Mullan sean.mullan at oracle.com
Fri Jul 14 18:05:55 UTC 2017


It would be nice to write a regression test for this, but I suspect it 
is quite a bit of work or not practical. Please consider it, or add an 
appropriate noreg label to the bug.

--Sean

On 7/14/17 12:56 PM, Anthony Scarpino wrote:
> On 07/14/2017 08:37 AM, Langer, Christoph wrote:
>> Hi,
>>
>> after the discussion in thread 
>> http://mail.openjdk.java.net/pipermail/security-dev/2017-July/016068.html, 
>> please review my proposed change:
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8184673
>>
>> Change:
>>
>> *diff -r 76fca9438ee9 -r 9c2438e0a823 
>> src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java* 
>>
>>
>> ---  
>> a/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java 
>> Thu Jul 13 13:42:39 2017 +0200
>> +++  
>> b/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java 
>> Fri Jul 14 17:35:36 2017 +0200
>>
>> @@ -270,7 +270,7 @@
>>
>>           AlgorithmParameters currSigAlgParams = 
>> algorithmId.getParameters();
>>
>>          PublicKey currPubKey = cert.getPublicKey();
>> -        String currSigAlg = ((X509Certificate)cert).getSigAlgName(); 
>> +        currSigAlg = x509Cert.getSigAlgName();
> 
> I think you need to prepend with "String " to your change.
> 
>>
>>           // Check the signature algorithm and parameters against 
>> constraints.
>>
>>           if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg,
> 
> Otherwise it looks fine.
> 
> Tony
> 


More information about the security-dev mailing list