This fix improves the exception message to better indicate when the key (and 
not the signature algorithm) is restricted. This change also includes a few 
other improvements:

- The constraints checking in `AlgorithmChecker.check()` has been improved. If 
the `AlgorithmConstraints` are an instance of `DisabledAlgorithmConstraints`, 
the internal `permits` methods are always called; otherwise the public 
`permits` methods are called. This makes the code easier to understand, and 
fixes at least one case where duplicate checks were being done.

- The above change caused some of the exception messages to be slightly 
different, so some tests that checked the error messages had to be updated to 
reflect that.

- AlgorithmDecomposer now stores the canonical algorithm names in a Map, which 
fixed a bug where "RSASSA-PSS" was not being restricted properly.

-------------

Commit messages:
 - Remove trailing whitespace.
 - 8243585: AlgorithmChecker::check throws confusing exception when it rejects 
the signer key

Changes: https://git.openjdk.java.net/jdk/pull/5928/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=5928&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8243585
  Stats: 175 lines in 8 files changed: 66 ins; 57 del; 52 mod
  Patch: https://git.openjdk.java.net/jdk/pull/5928.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/5928/head:pull/5928

PR: https://git.openjdk.java.net/jdk/pull/5928

Reply via email to