On 11/27/19 5:26 PM, Weijun Wang wrote:
In ConstraintsParameters.java:
You added curveStr assignment in the
ConstraintsParameters(X509Certificate,...). Is it also necessary to do the same
in the next constructor ConstraintsParameters(...,Key,...)? You can get curve
name from the key.
I do not believe it is necessary because the algorithm, such as EC or
AES, checks the key length . Also named curves do not have variable key
lengths that I know of
Tony
Also, now that a key has a parameter that needs to checked, in the following
public method in DisabledAlgorithmConstraints.java
public boolean permits(Key key) {
List<Constraint> list = getConstraints(key.getAlgorithm());
if (list == null) {
return true;
}
for (Constraint constraint : list) {
if (!constraint.permits(key)) {
if (debug != null) {
debug.println("Constraints: failed key size" +
"constraint check " + KeyUtil.getKeySize(key));
}
return false;
}
}
return true;
}
should getConstraints() be called on both the algorithm name and the group name?
Thanks,
Max
On Nov 20, 2019, at 3:44 AM, Anthony Scarpino <anthony.scarp...@oracle.com>
wrote:
I need a review of a disabled algorithms code change that allows EC curve names
to be disabled for all the disabledAlgorithm properties.
https://cr.openjdk.java.net/~ascarpino/8233228/webrev/
Tony
f
