changeset 58888:7d1a101636e0

8242811: AlgorithmId::getDefaultAlgorithmParameterSpec returns incompatible PSSParameterSpec for an RSASSA-PSS key Reviewed-by: valeriep, hchao
author weijun
date Sat, 18 Apr 2020 11:13:14 +0800
parents ed5d312d82b6
children a48c2df5440b
files src/java.base/share/classes/sun/security/x509/AlgorithmId.java test/jdk/sun/security/rsa/pss/DefaultParamSpec.java
diffstat 2 files changed, 64 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/x509/AlgorithmId.java	Fri Apr 17 14:48:11 2020 +0800
+++ b/src/java.base/share/classes/sun/security/x509/AlgorithmId.java	Sat Apr 18 11:13:14 2020 +0800
@@ -26,6 +26,7 @@
 package sun.security.x509;
 
 import java.io.*;
+import java.security.interfaces.RSAKey;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
 import java.security.spec.MGF1ParameterSpec;
@@ -1105,9 +1106,15 @@
         }
     }
 
-    public static PSSParameterSpec getDefaultAlgorithmParameterSpec(
+    public static AlgorithmParameterSpec getDefaultAlgorithmParameterSpec(
             String sigAlg, PrivateKey k) {
         if (sigAlg.equalsIgnoreCase("RSASSA-PSS")) {
+            if (k instanceof RSAKey) {
+                AlgorithmParameterSpec spec = ((RSAKey) k).getParams();
+                if (spec instanceof PSSParameterSpec) {
+                    return spec;
+                }
+            }
             switch (ifcFfcStrength(KeyUtil.getKeySize(k))) {
                 case "SHA256":
                     return PSSParamsHolder.PSS_256_SPEC;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/rsa/pss/DefaultParamSpec.java	Sat Apr 18 11:13:14 2020 +0800
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import sun.security.x509.X500Name;
+import sun.security.x509.X509CRLImpl;
+
+import java.security.KeyFactory;
+import java.security.KeyPairGenerator;
+import java.security.spec.MGF1ParameterSpec;
+import java.security.spec.PSSParameterSpec;
+import java.security.spec.RSAKeyGenParameterSpec;
+import java.util.Date;
+
+/**
+ * @test
+ * @bug 8242811
+ * @modules java.base/sun.security.x509
+ * @summary AlgorithmId::getDefaultAlgorithmParameterSpec returns incompatible
+ *          PSSParameterSpec for an RSASSA-PSS key
+ */
+public class DefaultParamSpec {
+    public static void main(String[] args) throws Exception {
+        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSASSA-PSS");
+        KeyFactory kf = KeyFactory.getInstance("RSASSA-PSS");
+        kpg.initialize(new RSAKeyGenParameterSpec(2048,
+                RSAKeyGenParameterSpec.F4,
+                new PSSParameterSpec(
+                        "SHA-384", "MGF1",
+                        new MGF1ParameterSpec("SHA-384"),
+                        48, PSSParameterSpec.TRAILER_FIELD_BC)));
+
+        X509CRLImpl crl = new X509CRLImpl(
+                new X500Name("CN=Issuer"), new Date(), new Date());
+        crl.sign(kpg.generateKeyPair().getPrivate(), "RSASSA-PSS");
+    }
+}