stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8309214: sun/security/pkcs11/KeyStore/CertChainRemoval.java fails after 8301154

Browse Source 
Reviewed-by: mbaesken, jnimeh
This commit is contained in:
Valerie Peng 2023-08-22 23:49:03 +00:00
parent 9f4a9fe488
commit ba6cdbe2c2
2 changed files with 41 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java
View File

@ -1559,22 +1559,50 @@ final class P11KeyStore extends KeyStoreSpi {
cert.getSerialNumber().toByteArray())); cert.getSerialNumber().toByteArray()));
attrList.add(new CK_ATTRIBUTE(CKA_VALUE, cert.getEncoded())); attrList.add(new CK_ATTRIBUTE(CKA_VALUE, cert.getEncoded()));
if (alias != null) {
attrList.add(new CK_ATTRIBUTE(CKA_LABEL, alias));
attrList.add(new CK_ATTRIBUTE(CKA_ID, alias));
} else {
// ibutton requires something to be set
// - alias must be unique
attrList.add(new CK_ATTRIBUTE(CKA_ID,
getID(cert.getSubjectX500Principal().getName
(X500Principal.CANONICAL), cert)));
}
Session session = null; Session session = null;
try { try {
session = token.getOpSession(); session = token.getOpSession();
long[] ch = findObjects(session,
attrList.toArray(new CK_ATTRIBUTE[attrList.size()]));
if (ch.length != 0) { // found a match
if (debug != null) {
String certInfo = (alias == null?
"CA cert " + cert.getSubjectX500Principal() :
"EE cert for alias " + alias);
debug.println("storeCert: found a match for " + certInfo);
}
if (alias != null) {
// Add the alias to the existing cert
CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_LABEL, alias),
new CK_ATTRIBUTE(CKA_ID, alias) };
token.p11.C_SetAttributeValue
(session.id(), ch[0], attrs);
if (debug != null) {
debug.println("storeCert: added alias: " + alias);
}
}
// done; no need to create the cert
return;
}
if (alias != null) {
attrList.add(new CK_ATTRIBUTE(CKA_LABEL, alias));
attrList.add(new CK_ATTRIBUTE(CKA_ID, alias));
} else {
// ibutton requires something to be set
// - alias must be unique
attrList.add(new CK_ATTRIBUTE(CKA_ID,
getID(cert.getSubjectX500Principal().getName
(X500Principal.CANONICAL), cert)));
}
token.p11.C_CreateObject(session.id(), token.p11.C_CreateObject(session.id(),
attrList.toArray(new CK_ATTRIBUTE[attrList.size()])); attrList.toArray(new CK_ATTRIBUTE[attrList.size()]));
if (debug != null) {
String certInfo = (alias == null?
"CA cert " + cert.getSubjectX500Principal() :
"EE cert for alias " + alias);
debug.println("storeCert: created " + certInfo);
}
} finally { } finally {
token.releaseSession(session); token.releaseSession(session);
} }
@ -1587,7 +1615,6 @@ final class P11KeyStore extends KeyStoreSpi {
// //
// end cert has CKA_LABEL and CKA_ID set to alias. // end cert has CKA_LABEL and CKA_ID set to alias.
// other certs in chain have neither set. // other certs in chain have neither set.
storeCert(alias, chain[0]); storeCert(alias, chain[0]);
storeCaCerts(chain, 1); storeCaCerts(chain, 1);
} }

2
test/jdk/sun/security/pkcs11/KeyStore/CertChainRemoval.java
View File

@ -22,7 +22,7 @@
*/ */
/* @test /* @test
* @bug 8301154 * @bug 8301154 8309214
* @summary test cert chain deletion logic w/ NSS PKCS11 KeyStore * @summary test cert chain deletion logic w/ NSS PKCS11 KeyStore
* @library /test/lib .. * @library /test/lib ..
* @run testng/othervm CertChainRemoval * @run testng/othervm CertChainRemoval