On Fri, 27 Aug 2021 14:36:52 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> This code change collects all key types and runs `chooseClientAlias` only
>> once.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> reorg src, new test case
Looks good to me, except a minion naming comment.
src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 271:
> 269:
> 270: PublicKey clientPublicKey = clientCerts[0].getPublicKey();
> 271: if
> (!clientPrivateKey.getAlgorithm().equals(clientPublicKey.getAlgorithm())) {
See above comment, the specified keyType is not checked against. The check
here is for the matching of private key and public key, rather the match of key
and the specified keyType. Maybe, an additional check could be added to check
the key type of the cert if one of the specified key types.
-------------
Marked as reviewed by xuelei (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/5257
