Google Git
Sign in
android / platform / libcore / f192521c7e788a1f2443e976ca9cdfecba0913fe^! / .
commitf192521c7e788a1f2443e976ca9cdfecba0913fe[log] [tgz]
authorAlex Klyubin <klyubin@google.com>Wed Jun 10 09:12:53 2015 -0700
committerThe Android Automerger <android-build@google.com>Wed Jun 10 14:29:58 2015 -0700
tree5e5e01088a50d26baaa881e5c33c5e821d9ba914
parent6831aa45aacb1fb2d19e7fa74984309351c9e361 [diff]
Fix X509CertificateTest.testVerifyPublicKeyString failure.

The test was failing because it was making the wrong assumption that
JCA's Signature implementation will select the implementation from the
highest priority provider which offers the matching signature
algorithm. This assumption is wrong because it does not take into
consideration that JCA also filters providers using
SupportedKeyClasses and SupportedKeyFormats attributes.

In this particular case, AndroidKeyStore Provider happens to be the
highest priority Provider which offers Signature.MD5withRSA. However,
according to its declaration, it offers that only for public keys
which are instances of AndroidKeyStorePublicKey.

The fix is to rely on JCA's Signature implementation selection
mechanism to find the highest priority provider which supports the
desired public key.

Bug: 21735869
Change-Id: Ie40f8a1cbf898966614a290c2d6cfe8350a1e99f

diff --git a/harmony-tests/src/test/java/org/apache/harmony/tests/javax/security/cert/X509CertificateTest.java b/harmony-tests/src/test/java/org/apache/harmony/tests/javax/security/cert/X509CertificateTest.java
index 26403f5..093e2e1 100644
--- a/harmony-tests/src/test/java/org/apache/harmony/tests/javax/security/cert/X509CertificateTest.java
+++ b/harmony-tests/src/test/java/org/apache/harmony/tests/javax/security/cert/X509CertificateTest.java

@@ -39,6 +39,7 @@
 import java.security.Provider;
 import java.security.PublicKey;
 import java.security.Security;
+import java.security.Signature;
 import java.security.SignatureException;
 import java.security.Provider.Service;
 import java.security.cert.CertificateFactory;
@@ -763,16 +764,16 @@
         }
         Security.addProvider(myProvider);
 
-        Provider[] providers = Security.getProviders("Signature.MD5withRSA");
-        if (providers == null || providers.length == 0) {
-            fail("no Provider for Signature.MD5withRSA");
-            return;
-        }
+        // Find the Provider which offers MD5withRSA for the certificate's
+        // public key.
+        Signature signature = Signature.getInstance("MD5withRSA");
+        signature.initVerify(javaxSSCert.getPublicKey());
+        Provider provider = signature.getProvider();
 
         // self signed cert: should verify with provider
         try {
             javaxSSCert.verify(javaxSSCert.getPublicKey(),
-                    providers[0].getName());
+                    provider.getName());
         } catch (SignatureException e) {
             fail("blu");
         }