archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-20 19:14:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11

Browse source 
Reviewed-by: valeriep
This commit is contained in:
Xue-Lei Andrew Fan 2019-04-03 16:23:22 -07:00
parent 2f20909d10
commit 661b5f1534
7 changed files with 36 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

21
src/java.base/share/classes/sun/security/ssl/X509Authentication.java
View file

@ -28,6 +28,7 @@ package sun.security.ssl;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.util.AbstractMap.SimpleImmutableEntry;
@ -127,6 +128,26 @@ enum X509Authentication implements SSLAuthentication {
this.popCerts = popCerts;
this.popPrivateKey = popPrivateKey;
}
ECParameterSpec getECParameterSpec() {
if (popPrivateKey == null ||
!"EC".equals(popPrivateKey.getAlgorithm())) {
return null;
}
if (popPrivateKey instanceof ECKey) {
return ((ECKey)popPrivateKey).getParams();
} else if (popCerts != null && popCerts.length != 0) {
// The private key not extractable, get the parameters from
// the X.509 certificate.
PublicKey publicKey = popCerts[0].getPublicKey();
if (publicKey instanceof ECKey) {
return ((ECKey)publicKey).getParams();
}
}
return null;
}
}
static final class X509Credentials implements SSLCredentials {