[jdk11u-dev] RFR: 8242151: Improve OID mapping and reuse among JDK security providers for aliases registration [v3]
Goetz Lindenmaier
goetz at openjdk.org
Tue Jun 13 09:21:13 UTC 2023
> This change required some work to get it backported.
> I touched the following files to resolve or get the code/test working:
>
> src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
>
> These entries are not in 11:
> List<String> macSHA512_224Aliases = createAliasesWithOid(macOidBase + "12");
> List<String> macSHA512_256Aliases = createAliasesWithOid(macOidBase + "13");
>
> String nistHashAlgsOidBase = "2.16.840.1.101.3.4.2.";
> List<String> macSHA3_224Aliases =
> createAliasesWithOid(nistHashAlgsOidBase + "13");
> List<String> macSHA3_256Aliases =
> createAliasesWithOid(nistHashAlgsOidBase + "14");
> List<String> macSHA3_384Aliases =
> createAliasesWithOid(nistHashAlgsOidBase + "15");
> List<String> macSHA3_512Aliases =
> createAliasesWithOid(nistHashAlgsOidBase + "16");
>
> Thus I could not remove them.
> Also, the Hmac keys differ. Some are not in 11.
>
> src/java.base/share/classes/java/security/cert/CertificateRevokedException.java
> Copyright.
>
> src/java.base/share/classes/sun/security/pkcs/PKCS7.java
> src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
> Already applied in "8268801: Improve PKCS attribute handling"
>
> src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
> Resolve imports due to context.
>
> src/java.base/share/classes/sun/security/provider/KeyProtector.java
> Copyright
>
> src/java.base/share/classes/sun/security/ssl/SunJSSE.java
> Resolved due to context.
>
> src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java
> Copyright.
>
> src/java.base/share/classes/sun/security/tools/keytool/Main.java
> Basically applied by hand.
>
> src/java.base/share/classes/sun/security/util/ConstraintsParameters.java
> This file was turned into an interface by "8249906: Enhance opening JARs" which
> moved the implementation to CertPathConstraintsParameters.java and DisabledAlgorithmConstraints.
> 8249906 was applied later than this change, but is already in 11.
>
> The method getNamedCurveFromKey(Key key) was moved to DisabledAlgorithmConstraints, I
> applied the hunk there similar as in 17.
>
> src/java.base/share/classes/sun/security/util/CurveDB.java
> I had to resolve because "8226307: Curve names should be case-insensitive" is not in 11.
>
> src/java.base/share/classes/sun/security/util/KnownOIDs.java,
> Already in 11, a small difference in line 428 which seem fine to me.
>
> src/java.base/share/classes/sun/security/util/ObjectIdentifier.java
> Most parts already backported by "8268801...
Goetz Lindenmaier has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 11 commits:
- Merge master after pushing 8239264
- Merge branch 'goetz_backport_8239264' into goetz_backport_8242151
- Add back newInternal()
- Fix build and tests
- Resolve
- Backport 080b3b83ebffe5149fbc9ac48e921fb51e9c3c63
- remove of1()
- Fix whitespace
- Make it compile
- Resolve patch
- ... and 1 more: https://git.openjdk.org/jdk11u-dev/compare/5067ea24...ef076a2a
-------------
Changes: https://git.openjdk.org/jdk11u-dev/pull/1908/files
Webrev: https://webrevs.openjdk.org/?repo=jdk11u-dev&pr=1908&range=02
Stats: 2060 lines in 75 files changed: 306 ins; 772 del; 982 mod
Patch: https://git.openjdk.org/jdk11u-dev/pull/1908.diff
Fetch: git fetch https://git.openjdk.org/jdk11u-dev.git pull/1908/head:pull/1908
PR: https://git.openjdk.org/jdk11u-dev/pull/1908
More information about the jdk-updates-dev
mailing list