8243549: sun/security/ssl/CipherSuite/NamedGroupsWithCipherSuite.java failed with Unsupported signature algorithm: DSA
Reviewed-by: xuelei
This commit is contained in:
John Jiang
parent
f8ab03fa04
commit
5fc5cb9f25
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -808,6 +808,40 @@ public class SSLSocketTemplate {
|
||||
"tXHs6lmu6+uBmtJ5I9ZMJHEao4E4icdDcJ1F6+/FQFxYVRfefjt5X6ob3bRBrZIQ" +
|
||||
"xj4OzQQjAiEAsceWOM8do4etxp2zgnoNXV8PUUyqWhz1+0srcKV7FR4="),
|
||||
|
||||
CA_DSA_1024(
|
||||
"DSA",
|
||||
// dsaWithSHA1, 1024 bits
|
||||
// Validity
|
||||
// Not Before: Apr 24 12:25:43 2020 GMT
|
||||
// Not After : Apr 22 12:25:43 2030 GMT
|
||||
// Authority Key Identifier:
|
||||
// E1:3C:01:52:EB:D1:38:F7:CF:F1:E3:5E:DB:54:75:7F:5E:AB:2D:36
|
||||
"-----BEGIN CERTIFICATE-----\n" +
|
||||
"MIIC9TCCArWgAwIBAgIUd52yKk0OxQuxdaYRAfq5VLuF1ZAwCQYHKoZIzjgEAzAu\n" +
|
||||
"MQswCQYDVQQGEwJVUzENMAsGA1UECgwESmF2YTEQMA4GA1UECwwHU3VuSlNTRTAe\n" +
|
||||
"Fw0yMDA0MjQxMjI1NDJaFw0zMDA0MjIxMjI1NDJaMC4xCzAJBgNVBAYTAlVTMQ0w\n" +
|
||||
"CwYDVQQKDARKYXZhMRAwDgYDVQQLDAdTdW5KU1NFMIIBtjCCASsGByqGSM44BAEw\n" +
|
||||
"ggEeAoGBAKgyb2XpANq43T8yBf5v0PTBOddLPxd0f0FotASron5rQr86JjBTfgIW\n" +
|
||||
"oE4u7nYlO6bp/M4Dw6qZr+HaDu9taIDOj6LL51eUShVsOgS7XZcUzLT8vPnkEDDo\n" +
|
||||
"u326x0B7fuNCbMLm+ipM2d4FhLUTt4Qb5TcY6l7dOGHeWiL7nl43AhUAoGr8DY2m\n" +
|
||||
"WHZPHk2XbZ5wpaM2lLcCgYBKiFbFFViH/ylHJRPtYtjtJw4ls1scbVP4TRHnKoZc\n" +
|
||||
"HPAird1fDYgGC2b0GQNAMABhI+L+ogxS7qakySpJCheuN25AjiSyilygQdlXoWRt\n" +
|
||||
"Mggsh8EQZT7iP4V4e9m3xRHzb5ECvsSTdZB1BQMcC90W2Avq+orqgBnr2in9UEd8\n" +
|
||||
"qwOBhAACgYAgVWxjYWlWIv7s4BnNMQoPKppi205f3aC6wv6Rqk4BnYYYrFONEmzQ\n" +
|
||||
"hzj6lSXfxLpTu4lg2zNeIraZggoS0ztkbZNNADEmAHx+OLshiJJxu2/KfoopJOZg\n" +
|
||||
"8ARmuaKOkWbkW9y4hWhfBlVwZbckG3Eibff0xronIXXy7B7UKaccyqNTMFEwHQYD\n" +
|
||||
"VR0OBBYEFOE8AVLr0Tj3z/HjXttUdX9eqy02MB8GA1UdIwQYMBaAFOE8AVLr0Tj3\n" +
|
||||
"z/HjXttUdX9eqy02MA8GA1UdEwEB/wQFMAMBAf8wCQYHKoZIzjgEAwMvADAsAhRC\n" +
|
||||
"YLduLniBEJ51SfBWIkvNW6OG7QIUSKaTY6rgEFDEMoTqOjFChR22nkk=\n" +
|
||||
"-----END CERTIFICATE-----",
|
||||
"MIIBSgIBADCCASsGByqGSM44BAEwggEeAoGBAKgyb2XpANq43T8yBf5v0PTBOddL\n" +
|
||||
"Pxd0f0FotASron5rQr86JjBTfgIWoE4u7nYlO6bp/M4Dw6qZr+HaDu9taIDOj6LL\n" +
|
||||
"51eUShVsOgS7XZcUzLT8vPnkEDDou326x0B7fuNCbMLm+ipM2d4FhLUTt4Qb5TcY\n" +
|
||||
"6l7dOGHeWiL7nl43AhUAoGr8DY2mWHZPHk2XbZ5wpaM2lLcCgYBKiFbFFViH/ylH\n" +
|
||||
"JRPtYtjtJw4ls1scbVP4TRHnKoZcHPAird1fDYgGC2b0GQNAMABhI+L+ogxS7qak\n" +
|
||||
"ySpJCheuN25AjiSyilygQdlXoWRtMggsh8EQZT7iP4V4e9m3xRHzb5ECvsSTdZB1\n" +
|
||||
"BQMcC90W2Avq+orqgBnr2in9UEd8qwQWAhQ7rSn+WvIxeuZ/CK4p04eMe5JzpA=="),
|
||||
|
||||
EE_ECDSA_SECP256R1(
|
||||
"EC",
|
||||
// SHA256withECDSA, curve secp256r1
|
||||
@ -1017,7 +1051,42 @@ public class SSLSocketTemplate {
|
||||
"mSU5PvEaI4y3M5NraSgLPkq4gEv7/A8orGbKmj1Whj3F9t1Tosxdm/+WkPldMz2t\n" +
|
||||
"gev+9RM2S6S9XoembRgwRaFVkpQmKoKpOoZcdqV47FLDq5BYH/5POeJ9wLuAHjxQ\n" +
|
||||
"5CMKo4p/lW7BCd4kuGWFT+OFFXfG2v6EtlqFbXBiFWLxyMsOtkUqWARCqEHhyucl\n" +
|
||||
"TSYlj60EIgIgLfA75+8KcKxdN8mr6gzGjQe7jPFGG42Ejhd7Q2F4wuw=");
|
||||
"TSYlj60EIgIgLfA75+8KcKxdN8mr6gzGjQe7jPFGG42Ejhd7Q2F4wuw="),
|
||||
|
||||
EE_DSA_1024(
|
||||
"DSA",
|
||||
// dsaWithSHA1, 1024 bits
|
||||
// Validity
|
||||
// Not Before: Apr 24 12:25:43 2020 GMT
|
||||
// Not After : Apr 22 12:25:43 2030 GMT
|
||||
// Authority Key Identifier:
|
||||
// E1:3C:01:52:EB:D1:38:F7:CF:F1:E3:5E:DB:54:75:7F:5E:AB:2D:36
|
||||
"-----BEGIN CERTIFICATE-----\n" +
|
||||
"MIIDADCCAr+gAwIBAgIUd2XJ5F2VTbk9a92w/NzLXR5zjUQwCQYHKoZIzjgEAzAu\n" +
|
||||
"MQswCQYDVQQGEwJVUzENMAsGA1UECgwESmF2YTEQMA4GA1UECwwHU3VuSlNTRTAe\n" +
|
||||
"Fw0yMDA0MjQxMjI1NDNaFw0zMDA0MjIxMjI1NDNaMEgxCzAJBgNVBAYTAlVTMQ0w\n" +
|
||||
"CwYDVQQKDARKYXZhMRAwDgYDVQQLDAdTdW5KU1NFMRgwFgYDVQQDDA9SZWdyZXNz\n" +
|
||||
"aW9uIFRlc3QwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA7fSkxYISlMJT+i8N5VOb\n" +
|
||||
"lHhjrPYAy3oR2/YXQW6T0hCMhm8jmxgk1bDId9ZKHrxsM05EkCtRYaqag4ZZeGde\n" +
|
||||
"ywv3IwwYqCQfGtkPwT9QAsdSABYwGOrlhEtZtBG1yQ44c+Rz/Vs+PtkAyZbf5VG1\n" +
|
||||
"iSxFb9bI5QFJWJ9a2VpZh58CFQCCGALQoK4MsQP8V72WlB7Bvt9erwKBgQDCxu0G\n" +
|
||||
"M2iZr0J8DaAo9/ChS4m7E7h6Jz9KOm2cFhzYGekkUXNzny7nyz6Qpgbuf8KNFKjt\n" +
|
||||
"qoUDC8tlcVQAUlTcESC0TZXR3h21hl9wzIBhE+kJ1j8v1KAxfOaJOxObk5QEvIaA\n" +
|
||||
"5j+jiHGwRS5tDqywOatz+emwMZv1wKnCNBElNgOBhAACgYBHjuQKucCuuvy/4DpG\n" +
|
||||
"rSIzdueK+HrzOW8h2pfvz3lzpsyV6XJPC6we9CjaQjU01VcjwN2PoYtbGyml0pbK\n" +
|
||||
"We4sdgn6LDL1aCM/WKRSxGHVTx+wkhKQ719YtiC0T6sA+eLirc6VT3/6+FbQWC+2\n" +
|
||||
"bG7N19sGpV/RAXMBpRXUnBJSQaNCMEAwHQYDVR0OBBYEFNNZxyxuQmKvWowofr/S\n" +
|
||||
"HdCIS+W8MB8GA1UdIwQYMBaAFOE8AVLr0Tj3z/HjXttUdX9eqy02MAkGByqGSM44\n" +
|
||||
"BAMDMAAwLQIUUzzMhZ9St/Vo/YdgNTHdTw4cm14CFQCE6tWG157Wl5YFyYsGHsLY\n" +
|
||||
"NN8uCA==\n" +
|
||||
"-----END CERTIFICATE-----",
|
||||
"MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAO30pMWCEpTCU/ovDeVTm5R4Y6z2\n" +
|
||||
"AMt6Edv2F0Fuk9IQjIZvI5sYJNWwyHfWSh68bDNORJArUWGqmoOGWXhnXssL9yMM\n" +
|
||||
"GKgkHxrZD8E/UALHUgAWMBjq5YRLWbQRtckOOHPkc/1bPj7ZAMmW3+VRtYksRW/W\n" +
|
||||
"yOUBSVifWtlaWYefAhUAghgC0KCuDLED/Fe9lpQewb7fXq8CgYEAwsbtBjNoma9C\n" +
|
||||
"fA2gKPfwoUuJuxO4eic/SjptnBYc2BnpJFFzc58u58s+kKYG7n/CjRSo7aqFAwvL\n" +
|
||||
"ZXFUAFJU3BEgtE2V0d4dtYZfcMyAYRPpCdY/L9SgMXzmiTsTm5OUBLyGgOY/o4hx\n" +
|
||||
"sEUubQ6ssDmrc/npsDGb9cCpwjQRJTYEFgIUNRiLmNzfTYOuVsjkySPzP5gPImM=");
|
||||
|
||||
final String keyAlgo;
|
||||
final String certStr;
|
||||
|
||||
@ -81,13 +81,13 @@ public class NamedGroupsWithCipherSuite extends SSLSocketTemplate {
|
||||
private SSLSocketTemplate.Cert[] endEntityCerts = END_ENTITY_CERTS;
|
||||
|
||||
NamedGroupsWithCipherSuite(
|
||||
String protocol,
|
||||
String cipher,
|
||||
Protocol protocol,
|
||||
CipherSuite cipher,
|
||||
String namedGroup) {
|
||||
this.protocol = protocol;
|
||||
this.cipher = cipher;
|
||||
this.protocol = protocol.name;
|
||||
this.cipher = cipher.name();
|
||||
|
||||
if (cipher.startsWith("TLS_ECDHE_ECDSA")) {
|
||||
if (cipher.keyExAlgorithm == KeyExAlgorithm.ECDHE_ECDSA) {
|
||||
switch (namedGroup) {
|
||||
case "secp256r1":
|
||||
trustedCerts = new SSLSocketTemplate.Cert[] {
|
||||
@ -107,6 +107,12 @@ public class NamedGroupsWithCipherSuite extends SSLSocketTemplate {
|
||||
endEntityCerts = new SSLSocketTemplate.Cert[] {
|
||||
SSLSocketTemplate.Cert.EE_ECDSA_SECP521R1 };
|
||||
}
|
||||
} else if (protocol.id < Protocol.TLSV1_2.id
|
||||
&& cipher.keyExAlgorithm == KeyExAlgorithm.DHE_DSS) {
|
||||
trustedCerts = new SSLSocketTemplate.Cert[] {
|
||||
SSLSocketTemplate.Cert.CA_DSA_1024 };
|
||||
endEntityCerts = new SSLSocketTemplate.Cert[] {
|
||||
SSLSocketTemplate.Cert.EE_DSA_1024 };
|
||||
}
|
||||
}
|
||||
|
||||
@ -150,8 +156,8 @@ public class NamedGroupsWithCipherSuite extends SSLSocketTemplate {
|
||||
protocol, cipherSuite);
|
||||
// Named group converted to lower case just
|
||||
// to satisfy Test condition
|
||||
new NamedGroupsWithCipherSuite(protocol.name,
|
||||
cipherSuite.name(), namedGroup.toLowerCase()).run();
|
||||
new NamedGroupsWithCipherSuite(protocol,
|
||||
cipherSuite, namedGroup.toLowerCase()).run();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user