changeset 57487:302f1716fc83

8236098: AlgorithmConstraints:permits method not throwing IAEx when primitives are empty Reviewed-by: xuelei
author ascarpino
date Wed, 08 Jan 2020 13:25:03 -0800
parents 129ba7bcbe21
children ad330fb00d2f
files src/java.base/share/classes/sun/security/ssl/ServerHello.java src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
diffstat 3 files changed, 31 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/ssl/ServerHello.java	Tue Jan 07 21:53:52 2020 +0100
+++ b/src/java.base/share/classes/sun/security/ssl/ServerHello.java	Wed Jan 08 13:25:03 2020 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,9 +28,11 @@
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.security.AlgorithmConstraints;
+import java.security.CryptoPrimitive;
 import java.security.GeneralSecurityException;
 import java.text.MessageFormat;
 import java.util.Arrays;
+import java.util.EnumSet;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Locale;
@@ -434,7 +436,7 @@
                     continue;
                 }
                 if (!ServerHandshakeContext.legacyAlgorithmConstraints.permits(
-                        null, cs.name, null)) {
+                        EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), cs.name, null)) {
                     legacySuites.add(cs);
                     continue;
                 }
@@ -723,7 +725,9 @@
                 }
 
                 if ((legacySuite == null) &&
-                        !legacyConstraints.permits(null, cs.name, null)) {
+                        !legacyConstraints.permits(
+                                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
+                                cs.name, null)) {
                     legacySuite = cs;
                     continue;
                 }
--- a/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java	Tue Jan 07 21:53:52 2020 +0100
+++ b/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java	Wed Jan 08 13:25:03 2020 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -128,6 +128,11 @@
     @Override
     public final boolean permits(Set<CryptoPrimitive> primitives,
             String algorithm, AlgorithmParameters parameters) {
+        if (primitives == null || primitives.isEmpty()) {
+            throw new IllegalArgumentException("The primitives cannot be null" +
+                    " or empty.");
+        }
+
         if (!checkAlgorithm(disabledAlgorithms, algorithm, decomposer)) {
             return false;
         }
@@ -216,7 +221,11 @@
     private boolean checkConstraints(Set<CryptoPrimitive> primitives,
             String algorithm, Key key, AlgorithmParameters parameters) {
 
-        // check the key parameter, it cannot be null.
+        if (primitives == null || primitives.isEmpty()) {
+            throw new IllegalArgumentException("The primitives cannot be null" +
+                    " or empty.");
+        }
+
         if (key == null) {
             throw new IllegalArgumentException("The key cannot be null");
         }
--- a/src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java	Tue Jan 07 21:53:52 2020 +0100
+++ b/src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java	Wed Jan 08 13:25:03 2020 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -51,17 +51,29 @@
     @Override
     public final boolean permits(Set<CryptoPrimitive> primitives,
             String algorithm, AlgorithmParameters parameters) {
+        if (primitives == null || primitives.isEmpty()) {
+            throw new IllegalArgumentException("The primitives cannot be null" +
+                    " or empty.");
+        }
         return checkAlgorithm(legacyAlgorithms, algorithm, decomposer);
     }
 
     @Override
     public final boolean permits(Set<CryptoPrimitive> primitives, Key key) {
+         if (primitives == null || primitives.isEmpty()) {
+            throw new IllegalArgumentException("The primitives cannot be null" +
+            " or empty.");
+        }
         return true;
     }
 
     @Override
     public final boolean permits(Set<CryptoPrimitive> primitives,
             String algorithm, Key key, AlgorithmParameters parameters) {
+        if (primitives == null || primitives.isEmpty()) {
+            throw new IllegalArgumentException("The primitives cannot be null" +
+                    " or empty.");
+        }
         return checkAlgorithm(legacyAlgorithms, algorithm, decomposer);
     }