In ConstraintsParameters.java:
You added curveStr assignment in the
ConstraintsParameters(X509Certificate,...). Is it also necessary to do the same
in the next constructor ConstraintsParameters(...,Key,...)? You can get curve
name from the key.
Also, now that a key has a parameter that needs to checked, in the following
public method in DisabledAlgorithmConstraints.java
public boolean permits(Key key) {
List<Constraint> list = getConstraints(key.getAlgorithm());
if (list == null) {
return true;
}
for (Constraint constraint : list) {
if (!constraint.permits(key)) {
if (debug != null) {
debug.println("Constraints: failed key size" +
"constraint check " + KeyUtil.getKeySize(key));
}
return false;
}
}
return true;
}
should getConstraints() be called on both the algorithm name and the group name?
Thanks,
Max
> On Nov 20, 2019, at 3:44 AM, Anthony Scarpino <[email protected]>
> wrote:
>
> I need a review of a disabled algorithms code change that allows EC curve
> names to be disabled for all the disabledAlgorithm properties.
>
> https://cr.openjdk.java.net/~ascarpino/8233228/webrev/
>
> Tony
