-
Bug
-
Resolution: Cannot Reproduce
-
P3
-
7
-
None
-
generic
-
windows_xp
Affected jck8 test:
api/java_security/Signature/SignatureTests.html#signTests[003]
The test passed on jdk6, but failed on jdk7 with the unexpected SignatureException.
Here is the code segment:
=====================================================================
....
try {
sig = Signature.getInstance(algName, someProvider);
versig = Signature.getInstance(algName, someProvider);
sig.initSign(privateKey);
versig.initVerify(publicKey);
sig.sign(signbyte,0,signbyte.length);
versig.update(b);
if (versig.verify(signbyte)) {
return Status.failed("Failed");
} else {
return Status.passed("OK");
}
} catch (Exception e) {
//
}
==================================================================
In the above code, calling versig.verify(..) throw unexpected SignatureException.
The test expects that versig.verify(signbytes) return false since sign.update(b) is not called.
Worth to note that above code works ok if sig.sign() is called instead of sig.sign(signbyte,0,length) is called.
Here is the spec for verify(byte[]):
"
SignatureException - ... if this signature algorithm is unable to process the input data provided, etc."
I am just wondering if the test throws exception is due to "if this signature algorithm is unable to process the input data provided". However, if siganture is unable to process the input data,
should the sig.sign(..) also throw SignatureException ? by the way, the above code passes on jdk6.
api/java_security/Signature/SignatureTests.html#signTests[003]
The test passed on jdk6, but failed on jdk7 with the unexpected SignatureException.
Here is the code segment:
=====================================================================
....
try {
sig = Signature.getInstance(algName, someProvider);
versig = Signature.getInstance(algName, someProvider);
sig.initSign(privateKey);
versig.initVerify(publicKey);
sig.sign(signbyte,0,signbyte.length);
versig.update(b);
if (versig.verify(signbyte)) {
return Status.failed("Failed");
} else {
return Status.passed("OK");
}
} catch (Exception e) {
//
}
==================================================================
In the above code, calling versig.verify(..) throw unexpected SignatureException.
The test expects that versig.verify(signbytes) return false since sign.update(b) is not called.
Worth to note that above code works ok if sig.sign() is called instead of sig.sign(signbyte,0,length) is called.
Here is the spec for verify(byte[]):
"
SignatureException - ... if this signature algorithm is unable to process the input data provided, etc."
I am just wondering if the test throws exception is due to "if this signature algorithm is unable to process the input data provided". However, if siganture is unable to process the input data,
should the sig.sign(..) also throw SignatureException ? by the way, the above code passes on jdk6.