On 08/25/2016 09:47 AM, Xuelei Fan wrote:
http://cr.openjdk.java.net/~mullan/webrevs/8151893/webrev.01/
Looks fine to me except the following minor comment.
java.security
-------------
818 # AlgConstraint
819 # "disallowAlg" Uri
...
829 # For AlgConstraint, Uri is the algorithm URI String that is not
allowed.
The "disallowAlg" has said the same thing as line 829. As you did not
explain other options, may be this one can also be removed. Minor comment.
I thought this one deserved a little bit of explanation, since unlike
our other JCE APIs, XML Signature algorithms are specified as URIs and
not Strings like "MD5", so I wanted to avoid confusion with the other
properties that take algorithm Strings. I'd like to leave this one in.
As previously mentioned, the plan is still to add a section to one of
our user guides which will go into more details on what each restriction
means.
Policy.java
-----------
73 StringTokenizer st = new StringTokenizer(entry);
StringTokenizer is a legacy class per its specification, may be better
to use String.split:
String[] st = entry.split("\\s");
Ok.
103 disallowedRefUriSchemes.add(scheme.toLowerCase());
Better to use toLowerCase(Locale.ENGLISH). There are issues to use
toUpperCase/toLowerCase when comparing two case-insensitive strings. See
JDK-6972387.
Ok.
The same comment for other use of toLowerCase().
Ok.
Thanks,
Sean
