--- a/src/java.base/share/classes/sun/security/ssl/CertificateVerify.java Fri Jun 22 07:49:27 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/CertificateVerify.java Fri Jun 22 15:37:46 2018 -0700
@@ -76,8 +76,8 @@
byte[] temproary = null;
String algorithm = x509Possession.popPrivateKey.getAlgorithm();
try {
- Signature signer = getSignature(algorithm);
- signer.initSign(x509Possession.popPrivateKey);
+ Signature signer =
+ getSignature(algorithm, x509Possession.popPrivateKey);
byte[] hashes = chc.handshakeHash.digest(algorithm,
chc.handshakeSession.getMasterSecret());
signer.update(hashes);
@@ -134,8 +134,8 @@
String algorithm = x509Credentials.popPublicKey.getAlgorithm();
try {
- Signature signer = getSignature(algorithm);
- signer.initVerify(x509Credentials.popPublicKey);
+ Signature signer =
+ getSignature(algorithm, x509Credentials.popPublicKey);
byte[] hashes = shc.handshakeHash.digest(algorithm,
shc.handshakeSession.getMasterSecret());
signer.update(hashes);
@@ -191,19 +191,33 @@
* Get the Signature object appropriate for verification using the
* given signature algorithm.
*/
- private static Signature getSignature(
- String algorithm) throws GeneralSecurityException {
+ private static Signature getSignature(String algorithm,
+ Key key) throws GeneralSecurityException {
+ Signature signer = null;
switch (algorithm) {
case "RSA":
- return JsseJce.getSignature(JsseJce.SIGNATURE_RAWRSA);
+ signer = JsseJce.getSignature(JsseJce.SIGNATURE_RAWRSA);
+ break;
case "DSA":
- return JsseJce.getSignature(JsseJce.SIGNATURE_RAWDSA);
+ signer = JsseJce.getSignature(JsseJce.SIGNATURE_RAWDSA);
+ break;
case "EC":
- return JsseJce.getSignature(JsseJce.SIGNATURE_RAWECDSA);
+ signer = JsseJce.getSignature(JsseJce.SIGNATURE_RAWECDSA);
+ break;
default:
throw new SignatureException("Unrecognized algorithm: "
+ algorithm);
}
+
+ if (signer != null) {
+ if (key instanceof PublicKey) {
+ signer.initVerify((PublicKey)(key));
+ } else {
+ signer.initSign((PrivateKey)key);
+ }
+ }
+
+ return signer;
}
}
@@ -307,8 +321,8 @@
byte[] temproary = null;
String algorithm = x509Possession.popPrivateKey.getAlgorithm();
try {
- Signature signer = getSignature(algorithm);
- signer.initSign(x509Possession.popPrivateKey);
+ Signature signer =
+ getSignature(algorithm, x509Possession.popPrivateKey);
byte[] hashes = chc.handshakeHash.digest(algorithm);
signer.update(hashes);
temproary = signer.sign();
@@ -364,8 +378,8 @@
String algorithm = x509Credentials.popPublicKey.getAlgorithm();
try {
- Signature signer = getSignature(algorithm);
- signer.initVerify(x509Credentials.popPublicKey);
+ Signature signer =
+ getSignature(algorithm, x509Credentials.popPublicKey);
byte[] hashes = shc.handshakeHash.digest(algorithm);
signer.update(hashes);
if (!signer.verify(signature)) {
@@ -420,19 +434,33 @@
* Get the Signature object appropriate for verification using the
* given signature algorithm.
*/
- private static Signature getSignature(
- String algorithm) throws GeneralSecurityException {
+ private static Signature getSignature(String algorithm,
+ Key key) throws GeneralSecurityException {
+ Signature signer = null;
switch (algorithm) {
case "RSA":
- return JsseJce.getSignature(JsseJce.SIGNATURE_RAWRSA);
+ signer = JsseJce.getSignature(JsseJce.SIGNATURE_RAWRSA);
+ break;
case "DSA":
- return JsseJce.getSignature(JsseJce.SIGNATURE_RAWDSA);
+ signer = JsseJce.getSignature(JsseJce.SIGNATURE_RAWDSA);
+ break;
case "EC":
- return JsseJce.getSignature(JsseJce.SIGNATURE_RAWECDSA);
+ signer = JsseJce.getSignature(JsseJce.SIGNATURE_RAWECDSA);
+ break;
default:
throw new SignatureException("Unrecognized algorithm: "
+ algorithm);
}
+
+ if (signer != null) {
+ if (key instanceof PublicKey) {
+ signer.initVerify((PublicKey)(key));
+ } else {
+ signer.initSign((PrivateKey)key);
+ }
+ }
+
+ return signer;
}
}
@@ -548,8 +576,8 @@
byte[] temproary = null;
try {
- Signature signer = signatureScheme.getSignature();
- signer.initSign(x509Possession.popPrivateKey);
+ Signature signer =
+ signatureScheme.getSignature(x509Possession.popPrivateKey);
signer.update(chc.handshakeHash.archived());
temproary = signer.sign();
} catch (NoSuchAlgorithmException |
@@ -617,8 +645,8 @@
// opaque signature<0..2^16-1>;
this.signature = Record.getBytes16(m);
try {
- Signature signer = signatureScheme.getSignature();
- signer.initVerify(x509Credentials.popPublicKey);
+ Signature signer =
+ signatureScheme.getSignature(x509Credentials.popPublicKey);
signer.update(shc.handshakeHash.archived());
if (!signer.verify(signature)) {
shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
@@ -863,8 +891,8 @@
byte[] temproary = null;
try {
- Signature signer = signatureScheme.getSignature();
- signer.initSign(x509Possession.popPrivateKey);
+ Signature signer =
+ signatureScheme.getSignature(x509Possession.popPrivateKey);
signer.update(contentCovered);
temproary = signer.sign();
} catch (NoSuchAlgorithmException |
@@ -943,8 +971,8 @@
}
try {
- Signature signer = signatureScheme.getSignature();
- signer.initVerify(x509Credentials.popPublicKey);
+ Signature signer =
+ signatureScheme.getSignature(x509Credentials.popPublicKey);
signer.update(contentCovered);
if (!signer.verify(signature)) {
context.conContext.fatal(Alert.HANDSHAKE_FAILURE,