Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8242556

Cannot load RSASSA-PSS public key with non-null params from byte array

XMLWordPrintable

    • b19
    • Verified

        The following piece of code fails with an InvalidKeySpecException:

        -------------
                KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSASSA-PSS");
                KeyFactory kf = KeyFactory.getInstance("RSASSA-PSS");
                kpg.initialize(new RSAKeyGenParameterSpec(2048,
                        RSAKeyGenParameterSpec.F4,
                        new PSSParameterSpec(
                                "SHA-384", "MGF1",
                                new MGF1ParameterSpec("SHA-384"),
                                48, PSSParameterSpec.TRAILER_FIELD_BC)));
                kf.generatePublic(new X509EncodedKeySpec(
                        kpg.generateKeyPair().getPublic().getEncoded()));
        ---------------

        Caused by: java.security.ProviderException: Unsupported algorithm 1.2.840.113549.1.1.10
        at java.base/sun.security.rsa.RSAUtil$KeyType.lookup(RSAUtil.java:66)
        at java.base/sun.security.rsa.RSAUtil.getParamSpec(RSAUtil.java:142)
        at java.base/sun.security.rsa.RSAUtil.getParamSpec(RSAUtil.java:133)
        at java.base/sun.security.rsa.RSAPublicKeyImpl.<init>(RSAPublicKeyImpl.java:130)

        Cause
        =====

        This is because when the key is read, the parameters of the AlgorithmId is instantiated with the OID (in AlgorithmId::decodeParams, algParams = AlgorithmParameters.getInstance(algidString)), so its getAlgorithm() always returns the OID string, and cannot be recognized by RSAUtil::lookup.

        Suggested fix:
        ===========

        diff --git a/src/java.base/share/classes/sun/security/rsa/RSAUtil.java b/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
        --- a/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
        +++ b/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
        @@ -63,6 +63,9 @@
                         }
                     }
                     // no match
        + if (name.equals(AlgorithmId.RSASSA_PSS_oid.toString())) {
        + return PSS;
        + }
                     throw new ProviderException("Unsupported algorithm " + name);
                 }
             }

              valeriep Valerie Peng
              weijun Weijun Wang
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: