avoid verifying the security provider when creating a cipher instance

when using reflection to create an instance of a cipher then we had already a SecurityException while using the javax Cipher factory. so avoid verifying the provider when creating the cipher instance via reflection. Sponsored by Lookout Inc.
jruby · Sep 30, 2015 · 43be800 · 43be800
1 parent 1c02ff6
commit 43be800
Showing 1 changed file with 14 additions and 16 deletions.
diff --git a/src/main/java/org/jruby/ext/openssl/SecurityHelper.java b/src/main/java/org/jruby/ext/openssl/SecurityHelper.java
@@ -107,7 +107,7 @@ public abstract class SecurityHelper {
      * classes are getting used.
      *
      * @param name the name under which the class gets registered
-     * @param the CipherSpi class
+     * @param clazz the CipherSpi class
      */
     public static void addCipher(String name, Class<? extends CipherSpi> clazz) {
         implEngines.put("Cipher:" + name, clazz);
@@ -118,7 +118,7 @@ public static void addCipher(String name, Class<? extends CipherSpi> clazz) {
      * inject under a given name a signature
      *
      * @param name the name under which the class gets registered
-     * @param the SignaturSpi class
+     * @param clazz the SignaturSpi class
      */
     public static void addSignature(String name, Class<? extends SignatureSpi> clazz) {
         implEngines.put("Signature:" + name, clazz);
@@ -431,22 +431,20 @@ private static Cipher getCipherInternal(String transformation, final Provider pr
 
         }
         try {
-            return newInstance(Cipher.class,
-                new Class[] { CipherSpi.class, Provider.class, String.class },
-                new Object[] { spi, provider, transformation }
-            );
-        }
-        catch( IllegalStateException e ) {
-            // this can be due to trusted check in Cipher constructor
-            if (e.getCause().getClass() == NullPointerException.class) {
-                Cipher cipher = newInstance(Cipher.class,
+            // this constructor does not verify the provider
+            Cipher cipher = newInstance(Cipher.class,
                     new Class[] { CipherSpi.class, String.class },
                     new Object[] { spi, transformation }
-                );
-                setField(cipher, Cipher.class, "provider", provider);
-                return cipher;
-            }
-            throw e;
+            );
+            setField(cipher, Cipher.class, "provider", provider);
+            return cipher;
+        }
+        catch( Exception e ) {
+            // this constructor does verify the provider which might fail
+            return newInstance(Cipher.class,
+                    new Class[] { CipherSpi.class, Provider.class, String.class },
+                    new Object[] { spi, provider, transformation }
+            );
         }
     }