On Mon, 18 Apr 2022 12:37:15 GMT, John Jiang <jji...@openjdk.org> wrote:
>> It would not to generate the certificate's ECParameterSpec and NamedGroup
>> multiple times in method `SignatureScheme::getSignerOfPreferableAlgorithm`.
>
> John Jiang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> cache ParamSpec and NamedGroup in X509Possession
src/java.base/share/classes/sun/security/ssl/ECDHClientKeyExchange.java line
274:
> 272: // Iteratively determine the X509Possession type's
> ParameterSpec.
> 273: ECParameterSpec ecParams =
> x509Possession.getECParameterSpec();
> 274: NamedParameterSpec namedParams =
> x509Possession.getXECParameterSpec();
It may not necessary to define 'ecParams' and 'namedParams' any longer, which
was used to find out the named group. Now, the checking could be placed on the
"namedGroup" (if the named group is EC/CDH) around line 293.
src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 476:
> 474: PrivateKey signingKey = x509Possession.popPrivateKey;
> 475:
> 476: ECParameterSpec params = x509Possession.getECParameterSpec();
This 'params' variable is used for debug only. Maybe, it could be moved to the
debug log block.
src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 157:
> 155: }
> 156:
> 157: private ECParameterSpec getECParams() {
'getECParamSpec' may be a better method name.
src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 182:
> 180:
> 181: // Similar to above, but for XEC.
> 182: private NamedParameterSpec getXECParams() {
'getXECParamSpec' may be a better method name.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8271
