8205720: KeyFactory#getKeySpec and translateKey thorws NullPointerException with Invalid key

Updated SunRsaSign provider to check and throw InvalidKeyException for null key algo/format/encoding Reviewed-by: xuelei
2025-08-27 06:45:07 +02:00 · 2018-06-30 00:33:05 +00:00 · 2018-06-30 00:33:05 +00:00 · ecc5979769
commit ecc5979769
parent 11184615a8
4 changed files with 33 additions and 21 deletions
--- a/src/java.base/share/classes/sun/security/rsa/RSAKeyFactory.java
+++ b/src/java.base/share/classes/sun/security/rsa/RSAKeyFactory.java
@ -100,7 +100,7 @@ public class RSAKeyFactory extends KeyFactorySpi {
    private static void checkKeyAlgo(Key key, String expectedAlg)
            throws InvalidKeyException {
        String keyAlg = key.getAlgorithm();
-        if (!(keyAlg.equalsIgnoreCase(expectedAlg))) {
+        if (keyAlg == null || !(keyAlg.equalsIgnoreCase(expectedAlg))) {
            throw new InvalidKeyException("Expected a " + expectedAlg
                    + " key, but got " + keyAlg);
        }
@ -123,8 +123,7 @@ public class RSAKeyFactory extends KeyFactorySpi {
            return (RSAKey)key;
        } else {
            try {
-                String keyAlgo = key.getAlgorithm();
-                KeyType type = KeyType.lookup(keyAlgo);
+                KeyType type = KeyType.lookup(key.getAlgorithm());
                RSAKeyFactory kf = RSAKeyFactory.getInstance(type);
                return (RSAKey) kf.engineTranslateKey(key);
            } catch (ProviderException e) {
@ -268,8 +267,7 @@ public class RSAKeyFactory extends KeyFactorySpi {
                throw new InvalidKeyException("Invalid key", e);
            }
        } else if ("X.509".equals(key.getFormat())) {
-            byte[] encoded = key.getEncoded();
-            RSAPublicKey translated = new RSAPublicKeyImpl(encoded);
+            RSAPublicKey translated = new RSAPublicKeyImpl(key.getEncoded());
            // ensure the key algorithm matches the current KeyFactory instance
            checkKeyAlgo(translated, type.keyAlgo());
            return translated;
@ -313,8 +311,8 @@ public class RSAKeyFactory extends KeyFactorySpi {
                throw new InvalidKeyException("Invalid key", e);
            }
        } else if ("PKCS#8".equals(key.getFormat())) {
-            byte[] encoded = key.getEncoded();
-            RSAPrivateKey translated = RSAPrivateCrtKeyImpl.newKey(encoded);
+            RSAPrivateKey translated =
+                RSAPrivateCrtKeyImpl.newKey(key.getEncoded());
            // ensure the key algorithm matches the current KeyFactory instance
            checkKeyAlgo(translated, type.keyAlgo());
            return translated;
--- a/src/java.base/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
+++ b/src/java.base/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
@ -123,6 +123,10 @@ public final class RSAPrivateCrtKeyImpl
     * Construct a key from its encoding. Called from newKey above.
     */
    RSAPrivateCrtKeyImpl(byte[] encoded) throws InvalidKeyException {
+        if (encoded == null || encoded.length == 0) {
+            throw new InvalidKeyException("Missing key encoding");
+        }
+
        decode(encoded);
        RSAKeyFactory.checkRSAProviderKeyLengths(n.bitLength(), e);
        try {
--- a/src/java.base/share/classes/sun/security/rsa/RSAPublicKeyImpl.java
+++ b/src/java.base/share/classes/sun/security/rsa/RSAPublicKeyImpl.java
@ -116,6 +116,9 @@ public final class RSAPublicKeyImpl extends X509Key implements RSAPublicKey {
     * Construct a key from its encoding. Used by RSAKeyFactory.
     */
    RSAPublicKeyImpl(byte[] encoded) throws InvalidKeyException {
+        if (encoded == null || encoded.length == 0) {
+            throw new InvalidKeyException("Missing key encoding");
+        }
        decode(encoded); // this sets n and e value
        RSAKeyFactory.checkRSAProviderKeyLengths(n.bitLength(), e);
        checkExponentRange(n, e);
--- a/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
+++ b/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
@ -52,7 +52,11 @@ public class RSAUtil {
        public String keyAlgo() {
            return algo;
        }
-        public static KeyType lookup(String name) {
+        public static KeyType lookup(String name)
+                throws InvalidKeyException, ProviderException {
+            if (name == null) {
+                throw new InvalidKeyException("Null key algorithm");
+            }
            for (KeyType kt : KeyType.values()) {
                if (kt.keyAlgo().equalsIgnoreCase(name)) {
                    return kt;
@ -133,21 +137,24 @@ public class RSAUtil {
            throws ProviderException {
        if (params == null) return null;

-        String algName = params.getAlgorithm();
-        KeyType type = KeyType.lookup(algName);
-        Class<? extends AlgorithmParameterSpec> specCls;
-        switch (type) {
-            case RSA:
-                throw new ProviderException("No params accepted for " +
-                    type.keyAlgo());
-            case PSS:
-                specCls = PSSParameterSpec.class;
-                break;
-            default:
-                throw new ProviderException("Unsupported RSA algorithm: " + algName);
-        }
        try {
+            String algName = params.getAlgorithm();
+            KeyType type = KeyType.lookup(algName);
+            Class<? extends AlgorithmParameterSpec> specCls;
+            switch (type) {
+                case RSA:
+                    throw new ProviderException("No params accepted for " +
+                        type.keyAlgo());
+                case PSS:
+                    specCls = PSSParameterSpec.class;
+                    break;
+                default:
+                    throw new ProviderException("Unsupported RSA algorithm: " + algName);
+            }
            return params.getParameterSpec(specCls);
+        } catch (ProviderException pe) {
+            // pass it up
+            throw pe;
        } catch (Exception e) {
            throw new ProviderException(e);
        }