Skip to content

Commit

Permalink
8309214: sun/security/pkcs11/KeyStore/CertChainRemoval.java fails aft…
Browse files Browse the repository at this point in the history 
…er 8301154

Backport-of: ba6cdbe2c2897a0fdc266119f0fe4545c3352b8e
  • Loading branch information
Valerie Peng committed Aug 24, 2023
1 parent 4729fad commit c849fa5
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 14 deletions.
53 changes: 40 additions & 13 deletions src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1559,22 +1559,50 @@ private void storeCert(String alias, X509Certificate cert)
cert.getSerialNumber().toByteArray()));
attrList.add(new CK_ATTRIBUTE(CKA_VALUE, cert.getEncoded()));

if (alias != null) {
attrList.add(new CK_ATTRIBUTE(CKA_LABEL, alias));
attrList.add(new CK_ATTRIBUTE(CKA_ID, alias));
} else {
// ibutton requires something to be set
// - alias must be unique
attrList.add(new CK_ATTRIBUTE(CKA_ID,
getID(cert.getSubjectX500Principal().getName
(X500Principal.CANONICAL), cert)));
}

Session session = null;
try {
session = token.getOpSession();
long[] ch = findObjects(session,
attrList.toArray(new CK_ATTRIBUTE[attrList.size()]));
if (ch.length != 0) { // found a match
if (debug != null) {
String certInfo = (alias == null?
"CA cert " + cert.getSubjectX500Principal() :
"EE cert for alias " + alias);
debug.println("storeCert: found a match for " + certInfo);
}
if (alias != null) {
// Add the alias to the existing cert
CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_LABEL, alias),
new CK_ATTRIBUTE(CKA_ID, alias) };
token.p11.C_SetAttributeValue
(session.id(), ch[0], attrs);
if (debug != null) {
debug.println("storeCert: added alias: " + alias);
}
}
// done; no need to create the cert
return;
}
if (alias != null) {
attrList.add(new CK_ATTRIBUTE(CKA_LABEL, alias));
attrList.add(new CK_ATTRIBUTE(CKA_ID, alias));
} else {
// ibutton requires something to be set
// - alias must be unique
attrList.add(new CK_ATTRIBUTE(CKA_ID,
getID(cert.getSubjectX500Principal().getName
(X500Principal.CANONICAL), cert)));
}
token.p11.C_CreateObject(session.id(),
attrList.toArray(new CK_ATTRIBUTE[attrList.size()]));
attrList.toArray(new CK_ATTRIBUTE[attrList.size()]));
if (debug != null) {
String certInfo = (alias == null?
"CA cert " + cert.getSubjectX500Principal() :
"EE cert for alias " + alias);
debug.println("storeCert: created " + certInfo);
}
} finally {
token.releaseSession(session);
}
Expand All @@ -1587,7 +1615,6 @@ private void storeChain(String alias, X509Certificate[] chain)
//
// end cert has CKA_LABEL and CKA_ID set to alias.
// other certs in chain have neither set.

storeCert(alias, chain[0]);
storeCaCerts(chain, 1);
}
Expand Down
2 changes: 1 addition & 1 deletion test/jdk/sun/security/pkcs11/KeyStore/CertChainRemoval.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
*/

/* @test
* @bug 8301154
* @bug 8301154 8309214
* @summary test cert chain deletion logic w/ NSS PKCS11 KeyStore
* @library /test/lib ..
* @run testng/othervm CertChainRemoval
Expand Down

1 comment on commit c849fa5

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review

Issues

Please sign in to comment.