Skip to content
Permalink
Browse files

Fix algorithm check to not assume software key instances to work with…

… PKCS#11 (#76)

* DSS-2046: Fix algorithm check to not assume software key instances.

* Removed now unused imports.
  • Loading branch information...
netmackan authored and ibauersachs committed Sep 30, 2019
1 parent 0b21553 commit 2213c76f0ba5590867b8291db60f0a4137bc3794
Showing with 3 additions and 6 deletions.
  1. +3 −6 src/main/java/org/xbill/DNS/DNSSEC.java
@@ -11,11 +11,8 @@
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.ECFieldFp;
@@ -1047,20 +1044,20 @@ static void checkAlgorithm(PrivateKey key, int alg) throws UnsupportedAlgorithmE
case Algorithm.RSA_NSEC3_SHA1:
case Algorithm.RSASHA256:
case Algorithm.RSASHA512:
if (!(key instanceof RSAPrivateKey)) {
if (!("RSA".equals(key.getAlgorithm()))) {
throw new IncompatibleKeyException();
}
break;
case Algorithm.DSA:
case Algorithm.DSA_NSEC3_SHA1:
if (!(key instanceof DSAPrivateKey)) {
if (!("DSA".equals(key.getAlgorithm()))) {
throw new IncompatibleKeyException();
}
break;
case Algorithm.ECC_GOST:
case Algorithm.ECDSAP256SHA256:
case Algorithm.ECDSAP384SHA384:
if (!(key instanceof ECPrivateKey)) {
if (!("EC".equals(key.getAlgorithm()))) {
throw new IncompatibleKeyException();
}
break;

0 comments on commit 2213c76

Please sign in to comment.
You can’t perform that action at this time.