8236098: AlgorithmConstraints:permits method not throwing IAEx when p…

…rimitives are empty Reviewed-by: xuelei
openjdk · Jan 8, 2020 · 7ed4930a8ef66e9c82523d83f88210b4bf9d780b · 7ed4930
1 parent ba6cedc
commit 7ed4930a8ef66e9c82523d83f88210b4bf9d780b
diff --git a/src/java.base/share/classes/sun/security/ssl/ServerHello.java b/src/java.base/share/classes/sun/security/ssl/ServerHello.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,9 +28,11 @@
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.security.AlgorithmConstraints;
+import java.security.CryptoPrimitive;
 import java.security.GeneralSecurityException;
 import java.text.MessageFormat;
 import java.util.Arrays;
+import java.util.EnumSet;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Locale;
@@ -434,7 +436,7 @@ private static KeyExchangeProperties chooseCipherSuite(
                     continue;
                 }
                 if (!ServerHandshakeContext.legacyAlgorithmConstraints.permits(
-                        null, cs.name, null)) {
+                        EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), cs.name, null)) {
                     legacySuites.add(cs);
                     continue;
                 }
@@ -723,7 +725,9 @@ private static CipherSuite chooseCipherSuite(
                 }
 
                 if ((legacySuite == null) &&
-                        !legacyConstraints.permits(null, cs.name, null)) {
+                        !legacyConstraints.permits(
+                                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
+                                cs.name, null)) {
                     legacySuite = cs;
                     continue;
                 }

diff --git a/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java b/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -128,6 +128,11 @@ public DisabledAlgorithmConstraints(String propertyName,
     @Override
     public final boolean permits(Set<CryptoPrimitive> primitives,
             String algorithm, AlgorithmParameters parameters) {
+        if (primitives == null || primitives.isEmpty()) {
+            throw new IllegalArgumentException("The primitives cannot be null" +
+                    " or empty.");
+        }
+
         if (!checkAlgorithm(disabledAlgorithms, algorithm, decomposer)) {
             return false;
         }
@@ -216,7 +221,11 @@ public boolean checkProperty(String param) {
     private boolean checkConstraints(Set<CryptoPrimitive> primitives,
             String algorithm, Key key, AlgorithmParameters parameters) {
 
-        // check the key parameter, it cannot be null.
+        if (primitives == null || primitives.isEmpty()) {
+            throw new IllegalArgumentException("The primitives cannot be null" +
+                    " or empty.");
+        }
+
         if (key == null) {
             throw new IllegalArgumentException("The key cannot be null");
         }

diff --git a/src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java b/src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -51,17 +51,29 @@ public LegacyAlgorithmConstraints(String propertyName,
     @Override
     public final boolean permits(Set<CryptoPrimitive> primitives,
             String algorithm, AlgorithmParameters parameters) {
+        if (primitives == null || primitives.isEmpty()) {
+            throw new IllegalArgumentException("The primitives cannot be null" +
+                    " or empty.");
+        }
         return checkAlgorithm(legacyAlgorithms, algorithm, decomposer);
     }
 
     @Override
     public final boolean permits(Set<CryptoPrimitive> primitives, Key key) {
+         if (primitives == null || primitives.isEmpty()) {
+            throw new IllegalArgumentException("The primitives cannot be null" +
+            " or empty.");
+        }
         return true;
     }
 
     @Override
     public final boolean permits(Set<CryptoPrimitive> primitives,
             String algorithm, Key key, AlgorithmParameters parameters) {
+        if (primitives == null || primitives.isEmpty()) {
+            throw new IllegalArgumentException("The primitives cannot be null" +
+                    " or empty.");
+        }
         return checkAlgorithm(legacyAlgorithms, algorithm, decomposer);
     }