src/share/classes/sun/security/pkcs10/PKCS10.java

rev 12532 : 8171319: keytool should print out warnings when reading or generating cert/cert req using weak algorithms
Reviewed-by: coffeys

@@ -165,11 +165,12 @@
         //
         // OK, we parsed it all ... validate the signature using the
         // key and signature algorithm we found.
         //
         try {
-            sig = Signature.getInstance(id.getName());
+            sigAlg = id.getName();
+            sig = Signature.getInstance(sigAlg);
             sig.initVerify(subjectPublicKeyInfo);
             sig.update(data);
             if (!sig.verify(sigData))
                 throw new SignatureException("Invalid PKCS #10 signature");
         } catch (InvalidKeyException e) {

@@ -216,10 +217,11 @@
          * Sign it ...
          */
         signature.update(certificateRequestInfo, 0,
                 certificateRequestInfo.length);
         sig = signature.sign();
+        sigAlg = signature.getAlgorithm();
 
         /*
          * Build guts of SIGNED macro
          */
         AlgorithmId algId = null;

@@ -249,10 +251,15 @@
      */
     public PublicKey getSubjectPublicKeyInfo()
         { return subjectPublicKeyInfo; }
 
     /**
+     * Returns the signature algorithm.
+     */
+    public String getSigAlg() { return sigAlg; }
+
+    /**
      * Returns the additional attributes requested.
      */
     public PKCS10Attributes getAttributes()
         { return attributeSet; }
 

@@ -346,8 +353,9 @@
         return(retval);
     }
 
     private X500Name            subject;
     private PublicKey           subjectPublicKeyInfo;
+    private String              sigAlg;
     private PKCS10Attributes    attributeSet;
     private byte[]              encoded;        // signed
 }