From c0dc8e53b5d367ca6d2902111060233ed4ba99e2 Mon Sep 17 00:00:00 2001
From: Sean Mullan <mullan@openjdk.org>
Date: Fri, 10 Aug 2012 09:12:12 -0400
Subject: [PATCH] 7187962:
 sun.security.pkcs11.P11DSAKeyFactory.implTranslatePublicKey doesn't check if
 params is null

Reviewed-by: valeriep
---
 .../security/provider/certpath/BasicChecker.java | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/jdk/src/share/classes/sun/security/provider/certpath/BasicChecker.java b/jdk/src/share/classes/sun/security/provider/certpath/BasicChecker.java
index b568c8aaffa..bde99af65b7 100644
--- a/jdk/src/share/classes/sun/security/provider/certpath/BasicChecker.java
+++ b/jdk/src/share/classes/sun/security/provider/certpath/BasicChecker.java
@@ -101,6 +101,14 @@ class BasicChecker extends PKIXCertPathChecker {
     public void init(boolean forward) throws CertPathValidatorException {
         if (!forward) {
             prevPubKey = trustedPubKey;
+            if (prevPubKey instanceof DSAPublicKey &&
+                ((DSAPublicKey)prevPubKey).getParams() == null)
+            {
+                // If TrustAnchor is a DSA public key and it has no params, it
+                // cannot be used to verify the signature of the first cert,
+                // so throw exception
+                throw new CertPathValidatorException("Key parameters missing");
+            }
             prevSubject = caName;
         } else {
             throw new
@@ -242,7 +250,7 @@ class BasicChecker extends PKIXCertPathChecker {
         }
         if (cKey instanceof DSAPublicKey &&
             ((DSAPublicKey)cKey).getParams() == null) {
-            //cKey needs to inherit DSA parameters from prev key
+            // cKey needs to inherit DSA parameters from prev key
             cKey = makeInheritedParamsKey(cKey, prevPubKey);
             if (debug != null) debug.println("BasicChecker.updateState Made " +
                                              "key with inherited params");
@@ -252,7 +260,7 @@ class BasicChecker extends PKIXCertPathChecker {
     }
 
     /**
-     * Internal method to create a new key with inherited key parameters
+     * Internal method to create a new key with inherited key parameters.
      *
      * @param keyValueKey key from which to obtain key value
      * @param keyParamsKey key from which to obtain key parameters
@@ -263,7 +271,6 @@ class BasicChecker extends PKIXCertPathChecker {
     static PublicKey makeInheritedParamsKey(PublicKey keyValueKey,
         PublicKey keyParamsKey) throws CertPathValidatorException
     {
-        PublicKey usableKey;
         if (!(keyValueKey instanceof DSAPublicKey) ||
             !(keyParamsKey instanceof DSAPublicKey))
             throw new CertPathValidatorException("Input key is not " +
@@ -279,13 +286,12 @@ class BasicChecker extends PKIXCertPathChecker {
                                                        params.getP(),
                                                        params.getQ(),
                                                        params.getG());
-            usableKey = kf.generatePublic(ks);
+            return kf.generatePublic(ks);
         } catch (GeneralSecurityException e) {
             throw new CertPathValidatorException("Unable to generate key with" +
                                                  " inherited parameters: " +
                                                  e.getMessage(), e);
         }
-        return usableKey;
     }
 
     /**