stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8147931: Incorrect edits for JDK-8064330

Browse Source 
Reviewed-by: coffeys
This commit is contained in:
Rob McKenna 2016-01-21 10:31:45 +00:00
parent 08694bb7e1
commit 9ed7f82314
1 changed files with 33 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
jdk/src/java.base/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java
View File

@ -166,10 +166,13 @@ final class SignatureAndHashAlgorithm {
// Get supported algorithm collection from an untrusted collection // Get supported algorithm collection from an untrusted collection
static Collection<SignatureAndHashAlgorithm> getSupportedAlgorithms( static Collection<SignatureAndHashAlgorithm> getSupportedAlgorithms(
AlgorithmConstraints constraints,
Collection<SignatureAndHashAlgorithm> algorithms ) { Collection<SignatureAndHashAlgorithm> algorithms ) {
Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>(); Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
for (SignatureAndHashAlgorithm sigAlg : algorithms) { for (SignatureAndHashAlgorithm sigAlg : algorithms) {
if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) { if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
constraints.permits(SIGNATURE_PRIMITIVE_SET,
sigAlg.algorithm, null)) {
supported.add(sigAlg); supported.add(sigAlg);
} }
} }
@ -233,30 +236,42 @@ final class SignatureAndHashAlgorithm {
} }
static SignatureAndHashAlgorithm getPreferableAlgorithm( static SignatureAndHashAlgorithm getPreferableAlgorithm(
Collection<SignatureAndHashAlgorithm> algorithms, Collection<SignatureAndHashAlgorithm> algorithms,
String expected, PrivateKey signingKey) { String expected, PrivateKey signingKey) {
if (expected == null && !algorithms.isEmpty()) { int maxDigestLength = getMaxDigestLength(signingKey);
for (SignatureAndHashAlgorithm sigAlg : algorithms) { for (SignatureAndHashAlgorithm algorithm : algorithms) {
if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) { int signValue = algorithm.id & 0xFF;
return sigAlg; if ((expected == null) ||
(expected.equalsIgnoreCase("rsa") &&
signValue == SignatureAlgorithm.RSA.value) ||
(expected.equalsIgnoreCase("dsa") &&
signValue == SignatureAlgorithm.DSA.value) ||
(expected.equalsIgnoreCase("ecdsa") &&
signValue == SignatureAlgorithm.ECDSA.value) ||
(expected.equalsIgnoreCase("ec") &&
signValue == SignatureAlgorithm.ECDSA.value)) {
if (algorithm.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
algorithm.hash.length <= maxDigestLength) {
return algorithm;
} }
} }
return null; // no supported algorithm
} }
if (expected == null ) { return null;
return null; // no expected algorithm, no supported algorithm }
}
/* /*
* Need to check RSA key length to match the length of hash value * Need to check key length to match the length of hash value
*/ */
private static int getMaxDigestLength(PrivateKey signingKey) {
int maxDigestLength = Integer.MAX_VALUE; int maxDigestLength = Integer.MAX_VALUE;
// only need to check RSA algorithm at present.
if (signingKey != null && if (signingKey != null &&
"rsa".equalsIgnoreCase(signingKey.getAlgorithm()) && "rsa".equalsIgnoreCase(signingKey.getAlgorithm())) {
expected.equalsIgnoreCase("rsa")) {
/* /*
* RSA keys of 512 bits have been shown to be practically * RSA keys of 512 bits have been shown to be practically
* breakable, it does not make much sense to use the strong * breakable, it does not make much sense to use the strong
@ -284,25 +299,7 @@ final class SignatureAndHashAlgorithm {
// preferable hash algorithm. // preferable hash algorithm.
} }
for (SignatureAndHashAlgorithm algorithm : algorithms) { return maxDigestLength;
int signValue = algorithm.id & 0xFF;
if (expected.equalsIgnoreCase("rsa") &&
signValue == SignatureAlgorithm.RSA.value) {
if (algorithm.hash.length <= maxDigestLength) {
return algorithm;
}
} else if (
(expected.equalsIgnoreCase("dsa") &&
signValue == SignatureAlgorithm.DSA.value) ||
(expected.equalsIgnoreCase("ecdsa") &&
signValue == SignatureAlgorithm.ECDSA.value) ||
(expected.equalsIgnoreCase("ec") &&
signValue == SignatureAlgorithm.ECDSA.value)) {
return algorithm;
}
}
return null;
} }
static enum HashAlgorithm { static enum HashAlgorithm {