-
Type:
Bug
-
Resolution: Duplicate
-
Priority:
P3
-
None
-
Affects Version/s: 5.0
-
Component/s: security-libs
-
sparc
-
solaris_8
Name: akR10050 Date: 08/28/2003
According to the javadoc specification of SignedObject class,
InvalidKeyException must be thrown in case the key is invalid. However, when the
key is null, SunJSSE signature engine throws InvalidParameterException which is
invalid behaviour.
This testcase demonstrates the described behaviour:
----------------- Test26.java -------------------------
import java.security.*;
public class Test26 {
public static void main(String[] args) {
Signature sign = null;
Signature sign1 = null;
try {
sign = Signature.getInstance("MD5andSHA1withRSA", "SunJSSE");
sign1 = Signature.getInstance("SHA1withDSA", "SUN");
} catch (Exception e) {
e.printStackTrace(System.err);
}
String testObject = "test";
System.out.print("Trying a SunJSSE signature with null key... ");
try {
new SignedObject(testObject, null, sign);
} catch (InvalidKeyException ike) {
System.out.println("Right: InvalidKeyException");
} catch (InvalidParameterException ipe) {
System.out.println("Wrong: InvalidParameterException");
} catch (Exception e) {
System.out.println("Extremely wrong: " + e);
}
System.out.print("Trying a SUN signature with null key... ");
try {
new SignedObject(testObject, null, sign1);
} catch (InvalidKeyException ike) {
System.out.println("Right: InvalidKeyException");
} catch (InvalidParameterException ipe) {
System.out.println("Wrong: InvalidParameterException");
} catch (Exception e) {
System.out.println("Extremely wrong: " + e);
}
}
}
-------------------------------------------------------
Here is sample output from the testcase:
$ java Test26
Trying a SunJSSE signature with null key... Wrong: InvalidParameterException
Trying a SUN signature with null key... Right: InvalidKeyException
======================================================================