changeset 57462:d54ce919da90 jdk-14+30

8236470: Deal with ECDSA using ecdsa-with-SHA2 plus hash algorithm as AlgorithmId Reviewed-by: xuelei
author weijun
date Wed, 25 Dec 2019 07:17:25 +0800
parents 2877992dadf9
children 249100958693
files src/java.base/share/classes/sun/security/x509/AlgorithmId.java test/jdk/sun/security/pkcs11/PKCS11Test.java
diffstat 2 files changed, 16 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/x509/AlgorithmId.java	Tue Dec 24 16:49:37 2019 +0300
+++ b/src/java.base/share/classes/sun/security/x509/AlgorithmId.java	Wed Dec 25 07:17:25 2019 +0800
@@ -239,6 +239,9 @@
      * return a name such as "MD5withRSA" for a signature algorithm on
      * some systems.  It also returns names like "OID.1.2.3.4", when
      * no particular name for the algorithm is known.
+     *
+     * Note: for ecdsa-with-SHA2 plus hash algorithm (Ex: SHA-256), this method
+     * returns the "full" signature algorithm (Ex: SHA256withECDSA) directly.
      */
     public String getName() {
         String algName = nameTable.get(algid);
@@ -248,7 +251,7 @@
         if ((params != null) && algid.equals((Object)specifiedWithECDSA_oid)) {
             try {
                 AlgorithmId paramsId =
-                        AlgorithmId.parse(new DerValue(getEncodedParams()));
+                        AlgorithmId.parse(new DerValue(params.toByteArray()));
                 String paramsName = paramsId.getName();
                 algName = makeSigAlg(paramsName, "EC");
             } catch (IOException e) {
@@ -264,12 +267,18 @@
 
     /**
      * Returns the DER encoded parameter, which can then be
-     * used to initialize java.security.AlgorithmParamters.
+     * used to initialize java.security.AlgorithmParameters.
+     *
+     * Note: for ecdsa-with-SHA2 plus hash algorithm (Ex: SHA-256), this method
+     * returns null because {@link #getName()} has already returned the "full"
+     * signature algorithm (Ex: SHA256withECDSA).
      *
      * @return DER encoded parameters, or null not present.
      */
     public byte[] getEncodedParams() throws IOException {
-        return (params == null) ? null : params.toByteArray();
+        return (params == null || algid.equals(specifiedWithECDSA_oid))
+                ? null
+                : params.toByteArray();
     }
 
     /**
--- a/test/jdk/sun/security/pkcs11/PKCS11Test.java	Tue Dec 24 16:49:37 2019 +0300
+++ b/test/jdk/sun/security/pkcs11/PKCS11Test.java	Wed Dec 25 07:17:25 2019 +0800
@@ -83,11 +83,11 @@
     static {
         // hack
         String absBase = new File(BASE).getAbsolutePath();
-        int k = absBase.indexOf(SEP + "test" + SEP + "sun" + SEP);
+        int k = absBase.indexOf(SEP + "test" + SEP + "jdk" + SEP);
         if (k < 0) k = 0;
-        String p1 = absBase.substring(0, k + 6);
-        String p2 = absBase.substring(k + 5);
-        CLOSED_BASE = p1 + "closed" + p2;
+        String p1 = absBase.substring(0, k);
+        String p2 = absBase.substring(k);
+        CLOSED_BASE = p1 + "/../closed" + p2;
 
         // set it as a system property to make it available in policy file
         System.setProperty("closed.base", CLOSED_BASE);