On Fri, 11 Jun 2021 04:21:15 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
>> The collection required when new Constraints() should retain the default
>> case of the elements, because some code will depend on this, for example, .
>> [entry.startsWith("keySize")](https://github.com/openjdk/jdk/blob/dd1cbadc82bcecf718b96c833a5845fde79db061/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java#L383).
>> But the set required by the permits should unify the case of the elements,
>> because algorithm may be uppercase or lowercase, but the Set:contains()
>> cannot handle this situation.
>> So we need to create a new Set that ignores the default case of elements.
>
> For the entry.startsWith("keySize") example, I don't think keySize is an
> algorithm that could be listed individually in the list. The "keySize" may
> be just a part one algorithm, for example "RSA keySize < 1024".
>
> It's a good point about the lowercase and upper case. Did you check how
> constraints like the "keySize" are expressed in the list or set?
Yes, you're right. The "keySize" is not an independent algorithm listed in
list, it exists in a form like "ec keysize <224".
In the case of "keySize", the object in the list stored in
`algorithmConstraints` is `KeySizeConstraint`, then keysize will be checked in
[algorithmConstraints.permits(algorithm,
parameters)](https://github.com/openjdk/jdk/blob/dd1cbadc82bcecf718b96c833a5845fde79db061/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java#L169)
by `KeySizeConstraint:permits`.
-------------
PR: https://git.openjdk.java.net/jdk/pull/4424
