archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8299746: Accept unknown signatureAlgorithm in PKCS7 SignerInfo

Browse source 
Reviewed-by: kdriver, ascarpino, hchao
This commit is contained in:
Weijun Wang 2023-01-06 18:46:37 +00:00
parent 3dcf700161
commit ba03f42a50
2 changed files with 62 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/java.base/share/classes/sun/security/pkcs/SignerInfo.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -537,7 +537,16 @@ public class SignerInfo implements DerEncoder {
digAlg = "SHA" + digAlg.substring(4); digAlg = "SHA" + digAlg.substring(4);
} }
if (keyAlg.equals("EC")) keyAlg = "ECDSA"; if (keyAlg.equals("EC")) keyAlg = "ECDSA";
return digAlg + "with" + keyAlg; String sigAlg = digAlg + "with" + keyAlg;
try {
Signature.getInstance(sigAlg);
return sigAlg;
} catch (NoSuchAlgorithmException e) {
// Possibly an unknown modern signature algorithm,
// in this case, encAlg should already be a signature
// algorithm.
return encAlg;
}
} }
} }

51
test/jdk/sun/security/pkcs/pkcs7/NewSigAlg.java Normal file
View file

@ -0,0 +1,51 @@
/*
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8299746
* @summary Accept unknown signatureAlgorithm in PKCS7 SignerInfo
* @modules java.base/sun.security.pkcs
* java.base/sun.security.x509
* @library /test/lib
*/
import jdk.test.lib.Asserts;
import sun.security.pkcs.SignerInfo;
import sun.security.x509.AlgorithmId;
public class NewSigAlg {
public static void main(String[] args) throws Exception {
test("SHA-1", "RSA", "SHA1withRSA");
test("SHA-1", "SHA1withRSA", "SHA1withRSA");
test("SHA-1", "SHA256withRSA", "SHA1withRSA");
// Sorry I have to use something that has an OID but not known
// as a signature algorithm.
test("SHA-1", "PBES2", "PBES2");
}
static void test(String d, String e, String s) throws Exception {
Asserts.assertEQ(s, SignerInfo.makeSigAlg(
AlgorithmId.get(d), AlgorithmId.get(s), false));
}
}