--- a/src/java.base/share/classes/sun/security/pkcs10/PKCS10.java Fri May 11 14:55:56 2018 -0700
+++ b/src/java.base/share/classes/sun/security/pkcs10/PKCS10.java Fri May 11 15:53:12 2018 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,11 +31,8 @@
import java.math.BigInteger;
import java.security.cert.CertificateException;
-import java.security.NoSuchAlgorithmException;
-import java.security.InvalidKeyException;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.PublicKey;
+import java.security.*;
+import java.security.spec.AlgorithmParameterSpec;
import java.util.Base64;
@@ -43,6 +40,8 @@
import sun.security.x509.AlgorithmId;
import sun.security.x509.X509Key;
import sun.security.x509.X500Name;
+import sun.security.util.SignatureUtil;
+
/**
* A PKCS #10 certificate request is created and sent to a Certificate
@@ -169,12 +168,23 @@
try {
sigAlg = id.getName();
sig = Signature.getInstance(sigAlg);
+
+ // set parameters before Signature.initSign/initVerify call,
+ // so key can be checked when it's set
+ SignatureUtil.specialSetParameter(sig, id.getParameters());
+
sig.initVerify(subjectPublicKeyInfo);
sig.update(data);
- if (!sig.verify(sigData))
+ if (!sig.verify(sigData)) {
throw new SignatureException("Invalid PKCS #10 signature");
+ }
} catch (InvalidKeyException e) {
- throw new SignatureException("invalid key");
+ throw new SignatureException("Invalid key");
+ } catch (InvalidAlgorithmParameterException e) {
+ throw new SignatureException("Invalid signature parameters", e);
+ } catch (ProviderException e) {
+ throw new SignatureException("Error parsing signature parameters",
+ e.getCause());
}
}