8147931: Incorrect edits for JDK-8064330
Reviewed-by: coffeys
This commit is contained in:
Rob McKenna
parent
08694bb7e1
commit
9ed7f82314
@ -166,10 +166,13 @@ final class SignatureAndHashAlgorithm {
|
||||
|
||||
// Get supported algorithm collection from an untrusted collection
|
||||
static Collection<SignatureAndHashAlgorithm> getSupportedAlgorithms(
|
||||
AlgorithmConstraints constraints,
|
||||
Collection<SignatureAndHashAlgorithm> algorithms ) {
|
||||
Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
|
||||
for (SignatureAndHashAlgorithm sigAlg : algorithms) {
|
||||
if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) {
|
||||
if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
|
||||
constraints.permits(SIGNATURE_PRIMITIVE_SET,
|
||||
sigAlg.algorithm, null)) {
|
||||
supported.add(sigAlg);
|
||||
}
|
||||
}
|
||||
@ -233,30 +236,42 @@ final class SignatureAndHashAlgorithm {
|
||||
}
|
||||
|
||||
static SignatureAndHashAlgorithm getPreferableAlgorithm(
|
||||
Collection<SignatureAndHashAlgorithm> algorithms,
|
||||
String expected, PrivateKey signingKey) {
|
||||
Collection<SignatureAndHashAlgorithm> algorithms,
|
||||
String expected, PrivateKey signingKey) {
|
||||
|
||||
if (expected == null && !algorithms.isEmpty()) {
|
||||
for (SignatureAndHashAlgorithm sigAlg : algorithms) {
|
||||
if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) {
|
||||
return sigAlg;
|
||||
int maxDigestLength = getMaxDigestLength(signingKey);
|
||||
for (SignatureAndHashAlgorithm algorithm : algorithms) {
|
||||
int signValue = algorithm.id & 0xFF;
|
||||
if ((expected == null) ||
|
||||
(expected.equalsIgnoreCase("rsa") &&
|
||||
signValue == SignatureAlgorithm.RSA.value) ||
|
||||
(expected.equalsIgnoreCase("dsa") &&
|
||||
signValue == SignatureAlgorithm.DSA.value) ||
|
||||
(expected.equalsIgnoreCase("ecdsa") &&
|
||||
signValue == SignatureAlgorithm.ECDSA.value) ||
|
||||
(expected.equalsIgnoreCase("ec") &&
|
||||
signValue == SignatureAlgorithm.ECDSA.value)) {
|
||||
|
||||
if (algorithm.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
|
||||
algorithm.hash.length <= maxDigestLength) {
|
||||
|
||||
return algorithm;
|
||||
}
|
||||
}
|
||||
|
||||
return null; // no supported algorithm
|
||||
}
|
||||
|
||||
if (expected == null ) {
|
||||
return null; // no expected algorithm, no supported algorithm
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/*
|
||||
* Need to check RSA key length to match the length of hash value
|
||||
*/
|
||||
/*
|
||||
* Need to check key length to match the length of hash value
|
||||
*/
|
||||
private static int getMaxDigestLength(PrivateKey signingKey) {
|
||||
int maxDigestLength = Integer.MAX_VALUE;
|
||||
|
||||
// only need to check RSA algorithm at present.
|
||||
if (signingKey != null &&
|
||||
"rsa".equalsIgnoreCase(signingKey.getAlgorithm()) &&
|
||||
expected.equalsIgnoreCase("rsa")) {
|
||||
"rsa".equalsIgnoreCase(signingKey.getAlgorithm())) {
|
||||
/*
|
||||
* RSA keys of 512 bits have been shown to be practically
|
||||
* breakable, it does not make much sense to use the strong
|
||||
@ -284,25 +299,7 @@ final class SignatureAndHashAlgorithm {
|
||||
// preferable hash algorithm.
|
||||
}
|
||||
|
||||
for (SignatureAndHashAlgorithm algorithm : algorithms) {
|
||||
int signValue = algorithm.id & 0xFF;
|
||||
if (expected.equalsIgnoreCase("rsa") &&
|
||||
signValue == SignatureAlgorithm.RSA.value) {
|
||||
if (algorithm.hash.length <= maxDigestLength) {
|
||||
return algorithm;
|
||||
}
|
||||
} else if (
|
||||
(expected.equalsIgnoreCase("dsa") &&
|
||||
signValue == SignatureAlgorithm.DSA.value) ||
|
||||
(expected.equalsIgnoreCase("ecdsa") &&
|
||||
signValue == SignatureAlgorithm.ECDSA.value) ||
|
||||
(expected.equalsIgnoreCase("ec") &&
|
||||
signValue == SignatureAlgorithm.ECDSA.value)) {
|
||||
return algorithm;
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
return maxDigestLength;
|
||||
}
|
||||
|
||||
static enum HashAlgorithm {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user