archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8234042: Better factory production of certificates

Browse source 
Reviewed-by: weijun, rhalade, mschoene
This commit is contained in:
Sean Mullan 2020-01-17 08:04:14 -05:00
parent 1bfcf768f5
commit da6daad2e5
7 changed files with 44 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

22
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
View file

@ -383,6 +383,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
DerInputStream in = val.toDerInputStream();
int i = in.getInteger();
DerValue[] value = in.getSequence(2);
if (value.length < 1 || value.length > 2) {
throw new IOException("Invalid length for AlgorithmIdentifier");
}
AlgorithmId algId = new AlgorithmId(value[0].getOID());
String keyAlgo = algId.getName();
@ -2034,11 +2037,17 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
DerInputStream edi =
safeContents.getContent().toDerInputStream();
int edVersion = edi.getInteger();
DerValue[] seq = edi.getSequence(2);
DerValue[] seq = edi.getSequence(3);
if (seq.length != 3) {
// We require the encryptedContent field, even though
// it is optional
throw new IOException("Invalid length for EncryptedContentInfo");
}
ObjectIdentifier edContentType = seq[0].getOID();
eAlgId = seq[1].toByteArray();
if (!seq[2].isContextSpecific((byte)0)) {
throw new IOException("encrypted content not present!");
throw new IOException("unsupported encrypted content type "
+ seq[2].tag);
}
byte newTag = DerValue.tag_OctetString;
if (seq[2].isConstructed())
@ -2379,6 +2388,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
} else if (bagId.equals(CertBag_OID)) {
DerInputStream cs = new DerInputStream(bagValue.toByteArray());
DerValue[] certValues = cs.getSequence(2);
if (certValues.length != 2) {
throw new IOException("Invalid length for CertBag");
}
ObjectIdentifier certId = certValues[0].getOID();
if (!certValues[1].isContextSpecific((byte)0)) {
throw new IOException("unsupported PKCS12 cert value type "
@ -2394,6 +2406,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
} else if (bagId.equals(SecretBag_OID)) {
DerInputStream ss = new DerInputStream(bagValue.toByteArray());
DerValue[] secretValues = ss.getSequence(2);
if (secretValues.length != 2) {
throw new IOException("Invalid length for SecretBag");
}
ObjectIdentifier secretId = secretValues[0].getOID();
if (!secretValues[1].isContextSpecific((byte)0)) {
throw new IOException(
@ -2432,6 +2447,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
byte[] encoded = attrSet[j].toByteArray();
DerInputStream as = new DerInputStream(encoded);
DerValue[] attrSeq = as.getSequence(2);
if (attrSeq.length != 2) {
throw new IOException("Invalid length for Attribute");
}
ObjectIdentifier attrId = attrSeq[0].getOID();
DerInputStream vs =
new DerInputStream(attrSeq[1].toByteArray());