diff --git a/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2Core.java b/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2Core.java index c9e75468582..0502f2cbe8c 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2Core.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2Core.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -63,11 +63,11 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi { protected SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException { - if (!(keySpec instanceof PBEKeySpec)) { - throw new InvalidKeySpecException("Invalid key spec"); + if (keySpec instanceof PBEKeySpec ks) { + return new PBKDF2KeyImpl(ks, prfAlgo); + } else { + throw new InvalidKeySpecException("Only PBEKeySpec is accepted"); } - PBEKeySpec ks = (PBEKeySpec) keySpec; - return new PBKDF2KeyImpl(ks, prfAlgo); } /** @@ -89,12 +89,10 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi { */ protected KeySpec engineGetKeySpec(SecretKey key, Class keySpecCl) throws InvalidKeySpecException { - if (key instanceof javax.crypto.interfaces.PBEKey) { + if (key instanceof javax.crypto.interfaces.PBEKey pKey) { // Check if requested key spec is amongst the valid ones if ((keySpecCl != null) && keySpecCl.isAssignableFrom(PBEKeySpec.class)) { - javax.crypto.interfaces.PBEKey pKey = - (javax.crypto.interfaces.PBEKey) key; char[] passwd = pKey.getPassword(); byte[] encoded = pKey.getEncoded(); try { @@ -107,11 +105,11 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi { Arrays.fill(encoded, (byte)0); } } else { - throw new InvalidKeySpecException("Invalid key spec"); + throw new InvalidKeySpecException + ("Only PBEKeySpec is accepted"); } } else { - throw new InvalidKeySpecException("Invalid key " + - "format/algorithm"); + throw new InvalidKeySpecException("Only PBEKey is accepted"); } } @@ -138,9 +136,7 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi { return key; } // Check if key implements the PBEKey - if (key instanceof javax.crypto.interfaces.PBEKey) { - javax.crypto.interfaces.PBEKey pKey = - (javax.crypto.interfaces.PBEKey) key; + if (key instanceof javax.crypto.interfaces.PBEKey pKey) { char[] password = pKey.getPassword(); byte[] encoding = pKey.getEncoded(); PBEKeySpec spec = @@ -160,9 +156,12 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi { } Arrays.fill(encoding, (byte)0); } + } else { + throw new InvalidKeyException("Only PBEKey is accepted"); } } - throw new InvalidKeyException("Invalid key format/algorithm"); + throw new InvalidKeyException("Only PBKDF2With" + prfAlgo + + " key with RAW format is accepted"); } public static final class HmacSHA1 extends PBKDF2Core { diff --git a/test/jdk/com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java b/test/jdk/com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java index d9ccf5cf7c1..d2479addfd0 100644 --- a/test/jdk/com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java +++ b/test/jdk/com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,6 +30,7 @@ import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.interfaces.PBEKey; import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; /** * @test @@ -68,7 +69,8 @@ public class PBKDF2Translate { try { if (!theTest.testMyOwnSecretKey() || !theTest.generateAndTranslateKey() - || !theTest.translateSpoiledKey()) { + || !theTest.translateSpoiledKey() + || !theTest.testGeneralSecretKey()) { // we don't want to set failed to false failed = true; } @@ -188,6 +190,45 @@ public class PBKDF2Translate { return false; } + /** + * The test case scenario implemented in the method: - create a general + * secret key (does not implement PBEKey) - try calling + * translate and getKeySpec methods and see if the expected + * InvalidKeyException and InvalidKeySpecException is thrown. + * + * @return true if the expected Exception occurred; false - otherwise + * @throws NoSuchAlgorithmException + */ + public boolean testGeneralSecretKey() throws NoSuchAlgorithmException { + SecretKey key = new SecretKeySpec("random#s".getBytes(), algoToTest); + SecretKeyFactory skf = SecretKeyFactory.getInstance(algoToTest); + try { + skf.translateKey(key); + System.out.println("Error: expected IKE not thrown"); + return false; + } catch (InvalidKeyException e) { + if (e.getMessage().indexOf("PBEKey") == -1) { + System.out.println("Error: IKE message should " + + "indicate that PBEKey is required"); + return false; + } + } + + try { + skf.getKeySpec(key, PBEKeySpec.class); + System.out.println("Error: expected IKSE not thrown"); + return false; + } catch (InvalidKeySpecException e) { + if (e.getMessage().indexOf("PBEKey") == -1) { + System.out.println("Error: IKSE message should " + + "indicate that PBEKey is required"); + return false; + } + } + + return true; + } + /** * Generate a PBKDF2 secret key using given algorithm. *