On Tue, 11 Mar 2025 16:49:49 GMT, Anthony Scarpino <ascarp...@openjdk.org> wrote:
>> Hi, >> >> I need a review for the following change. Naming conventions for EdDSA and >> XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator. >> These internal changes help make it more consistent when parsing the actual >> curve being used vs the broader algorithm name. >> >> thanks >> >> Tony > > Anthony Scarpino has updated the pull request incrementally with one > additional commit since the last revision: > > check for dup src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java line 210: > 208: new CertPathConstraintsParameters(trustedPubKey, > variant, > 209: anchor, date); > 210: dac.permits(KeyUtil.getAlgorithm(trustedPubKey), Do you plan to have a unit test for `AlgorithmChecker` changes? It looks like certificates using `ED25519` algorithm didn't match that check before. It would be useful to have a test where disable `ED25519` in java.security and then try to use a certificate with `ED25519` algorithm. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23647#discussion_r2001818398
