8236098: AlgorithmConstraints:permits method not throwing IAEx when primitives are empty

Reviewed-by: xuelei
2025-08-28 15:24:43 +02:00 · 2020-01-08 13:25:03 -08:00 · 2020-01-08 13:25:03 -08:00 · 7ed4930a8e
commit 7ed4930a8e
parent ba6cedcf24
3 changed files with 31 additions and 6 deletions
--- a/src/java.base/share/classes/sun/security/ssl/ServerHello.java
+++ b/src/java.base/share/classes/sun/security/ssl/ServerHello.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -28,9 +28,11 @@ package sun.security.ssl;
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.security.AlgorithmConstraints;
 import java.security.CryptoPrimitive;
 import java.security.GeneralSecurityException;
 import java.text.MessageFormat;
 import java.util.Arrays;
 import java.util.EnumSet;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Locale;
@ -434,7 +436,7 @@ final class ServerHello {
                    continue;
                }
                if (!ServerHandshakeContext.legacyAlgorithmConstraints.permits(
-                        null, cs.name, null)) {
+                        EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), cs.name, null)) {
                    legacySuites.add(cs);
                    continue;
                }
@ -723,7 +725,9 @@ final class ServerHello {
                }
                if ((legacySuite == null) &&
-                        !legacyConstraints.permits(null, cs.name, null)) {
+                        !legacyConstraints.permits(
                                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
                                cs.name, null)) {
                    legacySuite = cs;
                    continue;
                }
--- a/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
+++ b/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -128,6 +128,11 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
    @Override
    public final boolean permits(Set<CryptoPrimitive> primitives,
            String algorithm, AlgorithmParameters parameters) {
        if (primitives == null || primitives.isEmpty()) {
            throw new IllegalArgumentException("The primitives cannot be null" +
                    " or empty.");
        }
        if (!checkAlgorithm(disabledAlgorithms, algorithm, decomposer)) {
            return false;
        }
@ -216,7 +221,11 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
    private boolean checkConstraints(Set<CryptoPrimitive> primitives,
            String algorithm, Key key, AlgorithmParameters parameters) {
-        // check the key parameter, it cannot be null.
+        if (primitives == null || primitives.isEmpty()) {
            throw new IllegalArgumentException("The primitives cannot be null" +
                    " or empty.");
        }
        if (key == null) {
            throw new IllegalArgumentException("The key cannot be null");
        }
--- a/src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
+++ b/src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -51,17 +51,29 @@ public class LegacyAlgorithmConstraints extends AbstractAlgorithmConstraints {
    @Override
    public final boolean permits(Set<CryptoPrimitive> primitives,
            String algorithm, AlgorithmParameters parameters) {
        if (primitives == null || primitives.isEmpty()) {
            throw new IllegalArgumentException("The primitives cannot be null" +
                    " or empty.");
        }
        return checkAlgorithm(legacyAlgorithms, algorithm, decomposer);
    }
    @Override
    public final boolean permits(Set<CryptoPrimitive> primitives, Key key) {
         if (primitives == null || primitives.isEmpty()) {
            throw new IllegalArgumentException("The primitives cannot be null" +
            " or empty.");
        }
        return true;
    }
    @Override
    public final boolean permits(Set<CryptoPrimitive> primitives,
            String algorithm, Key key, AlgorithmParameters parameters) {
        if (primitives == null || primitives.isEmpty()) {
            throw new IllegalArgumentException("The primitives cannot be null" +
                    " or empty.");
        }
        return checkAlgorithm(legacyAlgorithms, algorithm, decomposer);
    }