Sorry, it's been a busy day on something else and I haven't looked at your webrev.01 yet. Will look at it tomorrow.
> On Apr 30, 2020, at 8:15 AM, Valerie Peng <valerie.p...@oracle.com> wrote: > > > If you look at the original SunJCE impl, it also did not register oid for RC4 > cipher. So, that's why I didn't include RC4 oid in SecurityProviderConstants > in the aliases for RC4. > > If I recall correctly, "RC4" is the algorithm name, however, due to some > patent(?) concern, non-RSA vendors register their impl under "ARCFOUR" and > set "RC4" to be the alias. So, that's the convention that I continue to use, > i.e. use "ARCFOUR" as the standard name and "RC4" as the alias. > > I can add the oid as the RC4 alias for completeness sake. (Will update in > webrev.02) Since ARCFOUR is the standard name, does it make sense to rewrite the OidString to ARCFOUR("1.2.840.113549.3.4", "RC4"), --Max > > Thanks, > Valerie > On 4/28/2020 2:39 AM, Weijun Wang wrote: >> I found two algorithm names in a very twisted relation, in >> SecurityProviderConstants.java: >> >> store("ARCFOUR", "RC4"); >> >> and in OidString.java: >> >> RC4("1.2.840.113549.3.4", "ARCFOUR") >> >> So each is the other's alias, and because of this, Cipher.ARCFOUR does not >> have OID aliases. >> >> I can see in >> https://download.java.net/java/early_access/jdk15/docs/specs/security/standard-names.html >> that both ARCFOUR and RC4 are standard names. In my understanding, this >> means both must be supported and it looks like some kind of "required" >> alias. Is this the reason we have to define them in this way? >> >> Thanks, >> Max >> >> >>> On Apr 28, 2020, at 4:53 PM, Weijun Wang <weijun.w...@oracle.com> wrote: >>> >>> Where is the following OID used >>> >>> RSAEncryption("1.2.840.113549.1.1.1", "RSA"), // in RSA Cipher >>> >>> I only found in RSAUtil.java: >>> >>> case RSA: >>> oid = AlgorithmId.RSAEncryption_oid; >>> break; >>> >>> What if we do not give it a different stdName? Or, should we make it an >>> alias in SunJCE for Cipher.RSA? >>> >>> --Max >>> >>> >>>> On Apr 24, 2020, at 7:11 AM, Valerie Peng <valerie.p...@oracle.com> wrote: >>>> >>>> Hi Max, >>>> >>>> Would you have time to review this change? The current webrev attempts to >>>> cover all security classes where hard-coded oid strings and consolidate >>>> these known oid string values into a single enum type. The changes are >>>> quite extensive, I can trim back and only cover the provider algorithm >>>> oids if you prefer. There are pros and cons for both approach. >>>> >>>> I know that the naming convention is to use all upper case for enum >>>> constants, but choose to use the same naming convention as standard names >>>> to simplify the code. SecurityProviderConstants class defines the common >>>> mappings which are general to providers. Provider-specific alias mappings >>>> are handled in specific provider class, e.g. SunJSSE class. >>>> >>>> RFE: https://bugs.openjdk.java.net/browse/JDK-8242151 >>>> >>>> Webrev: http://cr.openjdk.java.net/~valeriep/8242151/webrev.00/ >>>> >>>> Mach5 runs clean. >>>> >>>> Valerie >>>>