On Wed, 27 Apr 2022 19:34:04 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> SecretKeyConstraintsParameters subclass created and property description
>> updated
>
> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1876:
>
>> 1874:
>> 1875: CertPathConstraintsParameters cpcp =
>> 1876: new CertPathConstraintsParameters(secKey, null, null,
>> null);
>
> Using `CertPathConstraintsParameters` is a little odd here, even though it
> works. I suggest creating a local `SecretKeyConstraintsParameters` subclass
> with a ctor with just the parameters you need and overriding the methods as
> needed. And changing `checkWeakConstraint` to take a `ConstraintsParameters`
> instead of `CertPathConstraintsParameters`.
Created `SecretKeyConstraintsParameter` subclass for keytool.
> src/java.base/share/conf/security/java.security line 657:
>
>> 655: # implementations.
>> 656:
>> 657: jdk.security.legacyAlgorithms=SHA1, \
>
> Since we are now warning about weak symmetric key algorithms, we should make
> the description of this property more general. I would change lines 641-2 to
> "Legacy cryptographic algorithms and key lengths".
Updated the description.
> test/jdk/sun/security/tools/keytool/ReadJar.java line 162:
>
>> 160: .shouldContain("Certificate #2:")
>> 161: .shouldContain("Signer #2:")
>> 162: .shouldNotMatch("The certificate #.* of signer #.*" +
>> "uses the SHA1withRSA.*will be disabled")
>
> You probably don't need to check for a non-occurrence here since the message
> has been changed and can no longer occur.
Removed the checking for a non-occurrence from the tests.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8300
