7181214: Need specify SKF translateKey(SecurityKey) method requires instance of PBEKey for PBKDF2 algorithms

Reviewed-by: xuelei, weijun
2025-08-26 14:24:46 +02:00 · 2022-11-23 18:49:35 +00:00 · 2022-11-23 18:49:35 +00:00 · 6dc4d891c3
commit 6dc4d891c3
parent 2afb4c3327
2 changed files with 57 additions and 17 deletions
--- a/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2Core.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2Core.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -63,11 +63,11 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi {
    protected SecretKey engineGenerateSecret(KeySpec keySpec)
        throws InvalidKeySpecException
    {
-        if (!(keySpec instanceof PBEKeySpec)) {
-            throw new InvalidKeySpecException("Invalid key spec");
+        if (keySpec instanceof PBEKeySpec ks) {
+            return new PBKDF2KeyImpl(ks, prfAlgo);
+        } else {
+            throw new InvalidKeySpecException("Only PBEKeySpec is accepted");
        }
-        PBEKeySpec ks = (PBEKeySpec) keySpec;
-        return new PBKDF2KeyImpl(ks, prfAlgo);
    }

    /**
@ -89,12 +89,10 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi {
     */
    protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpecCl)
        throws InvalidKeySpecException {
-        if (key instanceof javax.crypto.interfaces.PBEKey) {
+        if (key instanceof javax.crypto.interfaces.PBEKey pKey) {
            // Check if requested key spec is amongst the valid ones
            if ((keySpecCl != null)
                    && keySpecCl.isAssignableFrom(PBEKeySpec.class)) {
-                javax.crypto.interfaces.PBEKey pKey =
-                    (javax.crypto.interfaces.PBEKey) key;
                char[] passwd = pKey.getPassword();
                byte[] encoded = pKey.getEncoded();
                try {
@ -107,11 +105,11 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi {
                    Arrays.fill(encoded, (byte)0);
                }
            } else {
-                throw new InvalidKeySpecException("Invalid key spec");
+                throw new InvalidKeySpecException
+                        ("Only PBEKeySpec is accepted");
            }
        } else {
-            throw new InvalidKeySpecException("Invalid key " +
-                                               "format/algorithm");
+            throw new InvalidKeySpecException("Only PBEKey is accepted");
        }
    }

@ -138,9 +136,7 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi {
                return key;
            }
            // Check if key implements the PBEKey
-            if (key instanceof javax.crypto.interfaces.PBEKey) {
-                javax.crypto.interfaces.PBEKey pKey =
-                    (javax.crypto.interfaces.PBEKey) key;
+            if (key instanceof javax.crypto.interfaces.PBEKey pKey) {
                char[] password = pKey.getPassword();
                byte[] encoding = pKey.getEncoded();
                PBEKeySpec spec =
@ -160,9 +156,12 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi {
                    }
                    Arrays.fill(encoding, (byte)0);
                }
+            } else {
+                throw new InvalidKeyException("Only PBEKey is accepted");
            }
        }
-        throw new InvalidKeyException("Invalid key format/algorithm");
+        throw new InvalidKeyException("Only PBKDF2With" + prfAlgo +
+                " key with RAW format is accepted");
    }

    public static final class HmacSHA1 extends PBKDF2Core {