stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8131291: Perfect parameter patterning

Browse Source 
Reviewed-by: mullan
This commit is contained in:
Vinnie Ryan 2015-07-24 16:47:15 +01:00
parent f9c408224b
commit 86c8964df3
1 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
jdk/src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -77,6 +77,13 @@ public final class AlgorithmChecker extends PKIXCertPathChecker {
private static final Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET = private static final Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET =
Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE)); Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));
private static final Set<CryptoPrimitive> KU_PRIMITIVE_SET =
Collections.unmodifiableSet(EnumSet.of(
CryptoPrimitive.SIGNATURE,
CryptoPrimitive.KEY_ENCAPSULATION,
CryptoPrimitive.PUBLIC_KEY_ENCRYPTION,
CryptoPrimitive.KEY_AGREEMENT));
private static final DisabledAlgorithmConstraints private static final DisabledAlgorithmConstraints
certPathDefaultConstraints = new DisabledAlgorithmConstraints( certPathDefaultConstraints = new DisabledAlgorithmConstraints(
DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS); DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS);
@ -210,9 +217,11 @@ public final class AlgorithmChecker extends PKIXCertPathChecker {
null, null, -1, PKIXReason.INVALID_KEY_USAGE); null, null, -1, PKIXReason.INVALID_KEY_USAGE);
} }
// Assume all key usage bits are set if key usage is not present
Set<CryptoPrimitive> primitives = KU_PRIMITIVE_SET;
if (keyUsage != null) { if (keyUsage != null) {
Set<CryptoPrimitive> primitives = primitives = EnumSet.noneOf(CryptoPrimitive.class);
EnumSet.noneOf(CryptoPrimitive.class);
if (keyUsage[0] || keyUsage[1] || keyUsage[5] || keyUsage[6]) { if (keyUsage[0] || keyUsage[1] || keyUsage[5] || keyUsage[6]) {
// keyUsage[0]: KeyUsage.digitalSignature // keyUsage[0]: KeyUsage.digitalSignature
@ -237,14 +246,18 @@ public final class AlgorithmChecker extends PKIXCertPathChecker {
// KeyUsage.encipherOnly and KeyUsage.decipherOnly are // KeyUsage.encipherOnly and KeyUsage.decipherOnly are
// undefined in the absence of the keyAgreement bit. // undefined in the absence of the keyAgreement bit.
if (!primitives.isEmpty()) { if (primitives.isEmpty()) {
throw new CertPathValidatorException(
"incorrect KeyUsage extension",
null, null, -1, PKIXReason.INVALID_KEY_USAGE);
}
}
if (!constraints.permits(primitives, currPubKey)) { if (!constraints.permits(primitives, currPubKey)) {
throw new CertPathValidatorException( throw new CertPathValidatorException(
"algorithm constraints check failed", "algorithm constraints check failed",
null, null, -1, BasicReason.ALGORITHM_CONSTRAINED); null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
} }
}
}
// Check with previous cert for signature algorithm and public key // Check with previous cert for signature algorithm and public key
if (prevPubKey != null) { if (prevPubKey != null) {