On 8/9/12 4:09 PM, Valerie (Yu-Ching) Peng wrote: > > Yes, various places assume that the params being non-null since they are > needed for crypto operations. > I think what you have here is the right fix for the particular test failure. > Do you know if Certificate.getPublicKey() is called on a certificate > contains a DSA key whose DSA params should be inherited from the signing > CA, will the returned DSA public key has the necessary params?
Yes, in this case BasicChecker already has logic to check for and inherit the DSA Params from the certificate issuer's key, if necessary. It basically recreates a new DSA key with the inherited params before using it to verify a signature on the next cert in the chain. Thanks for the quick review. --Sean > > Thanks, > Valerie > > On 08/09/12 06:53, Sean Mullan wrote: >> I have re-worked this fix so that our PKIX CertPathValidator implementation >> detects if a TrustAnchor's DSA key has no parameters *before* using it to >> verify >> a signature. This is a cleaner fix, as it turns out there is quite a bit of >> existing code in JCE that already assumes a DSA key has parameters, and will >> throw an NPE if it doesn't. >> >> Please review: >> >> http://cr.openjdk.java.net/~mullan/webrevs/7187962/webrev.01/ >> >> Thanks, >> Sean >> >> On 8/6/12 10:43 AM, Sean Mullan wrote: >>> Hi Valerie, >>> >>> Could you please review this simple fix to >>> P11DSAKeyFactory.implTranslatePublicKey? >>> >>> http://cr.openjdk.java.net/~mullan/webrevs/7187962/webrev.00/ >>> >>> Thanks, >>> Sean >>> >
