Skip to content
Permalink
Browse files

8236098: AlgorithmConstraints:permits method not throwing IAEx when p…

…rimitives are empty

Reviewed-by: xuelei
  • Loading branch information
Anthony Scarpino
Anthony Scarpino committed Jan 8, 2020
1 parent ba6cedc commit 7ed4930a8ef66e9c82523d83f88210b4bf9d780b
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,9 +28,11 @@
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.AlgorithmConstraints;
import java.security.CryptoPrimitive;
import java.security.GeneralSecurityException;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
@@ -434,7 +436,7 @@ private static KeyExchangeProperties chooseCipherSuite(
continue;
}
if (!ServerHandshakeContext.legacyAlgorithmConstraints.permits(
null, cs.name, null)) {
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), cs.name, null)) {
legacySuites.add(cs);
continue;
}
@@ -723,7 +725,9 @@ private static CipherSuite chooseCipherSuite(
}

if ((legacySuite == null) &&
!legacyConstraints.permits(null, cs.name, null)) {
!legacyConstraints.permits(
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
cs.name, null)) {
legacySuite = cs;
continue;
}
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -128,6 +128,11 @@ public DisabledAlgorithmConstraints(String propertyName,
@Override
public final boolean permits(Set<CryptoPrimitive> primitives,
String algorithm, AlgorithmParameters parameters) {
if (primitives == null || primitives.isEmpty()) {
throw new IllegalArgumentException("The primitives cannot be null" +
" or empty.");
}

if (!checkAlgorithm(disabledAlgorithms, algorithm, decomposer)) {
return false;
}
@@ -216,7 +221,11 @@ public boolean checkProperty(String param) {
private boolean checkConstraints(Set<CryptoPrimitive> primitives,
String algorithm, Key key, AlgorithmParameters parameters) {

// check the key parameter, it cannot be null.
if (primitives == null || primitives.isEmpty()) {
throw new IllegalArgumentException("The primitives cannot be null" +
" or empty.");
}

if (key == null) {
throw new IllegalArgumentException("The key cannot be null");
}
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -51,17 +51,29 @@ public LegacyAlgorithmConstraints(String propertyName,
@Override
public final boolean permits(Set<CryptoPrimitive> primitives,
String algorithm, AlgorithmParameters parameters) {
if (primitives == null || primitives.isEmpty()) {
throw new IllegalArgumentException("The primitives cannot be null" +
" or empty.");
}
return checkAlgorithm(legacyAlgorithms, algorithm, decomposer);
}

@Override
public final boolean permits(Set<CryptoPrimitive> primitives, Key key) {
if (primitives == null || primitives.isEmpty()) {
throw new IllegalArgumentException("The primitives cannot be null" +
" or empty.");
}
return true;
}

@Override
public final boolean permits(Set<CryptoPrimitive> primitives,
String algorithm, Key key, AlgorithmParameters parameters) {
if (primitives == null || primitives.isEmpty()) {
throw new IllegalArgumentException("The primitives cannot be null" +
" or empty.");
}
return checkAlgorithm(legacyAlgorithms, algorithm, decomposer);
}

0 comments on commit 7ed4930

Please sign in to comment.