RFR 10 (XS): 8184673: Fix compatibility issue in AlgorithmChecker for 3rd party JCE providers

Anthony Scarpino anthony.scarpino at oracle.com
Fri Jul 14 18:49:41 UTC 2017


I'm working on a test so we avoid this in the future.

Tony

On 07/14/2017 11:05 AM, Sean Mullan wrote:
> It would be nice to write a regression test for this, but I suspect it 
> is quite a bit of work or not practical. Please consider it, or add an 
> appropriate noreg label to the bug.
> 
> --Sean
> 
> On 7/14/17 12:56 PM, Anthony Scarpino wrote:
>> On 07/14/2017 08:37 AM, Langer, Christoph wrote:
>>> Hi,
>>>
>>> after the discussion in thread 
>>> http://mail.openjdk.java.net/pipermail/security-dev/2017-July/016068.html, 
>>> please review my proposed change:
>>>
>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8184673
>>>
>>> Change:
>>>
>>> *diff -r 76fca9438ee9 -r 9c2438e0a823 
>>> src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java* 
>>>
>>>
>>> --- 
>>> a/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java 
>>> Thu Jul 13 13:42:39 2017 +0200
>>> +++ 
>>> b/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java 
>>> Fri Jul 14 17:35:36 2017 +0200
>>>
>>> @@ -270,7 +270,7 @@
>>>
>>>           AlgorithmParameters currSigAlgParams = 
>>> algorithmId.getParameters();
>>>
>>>          PublicKey currPubKey = cert.getPublicKey();
>>> -        String currSigAlg = ((X509Certificate)cert).getSigAlgName(); 
>>> +        currSigAlg = x509Cert.getSigAlgName();
>>
>> I think you need to prepend with "String " to your change.
>>
>>>
>>>           // Check the signature algorithm and parameters against 
>>> constraints.
>>>
>>>           if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg,
>>
>> Otherwise it looks fine.
>>
>> Tony
>>



More information about the security-dev mailing list