[jdk11u-dev] RFR: 8242151: Improve OID mapping and reuse among JDK security providers for aliases registration [v4]
Martin Balao
mbalao at openjdk.org
Tue Jun 13 15:34:57 UTC 2023
On Tue, 13 Jun 2023 13:45:00 GMT, Goetz Lindenmaier <goetz at openjdk.org> wrote:
>> This change required some work to get it backported.
>> I touched the following files to resolve or get the code/test working:
>>
>> src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
>>
>> These entries are not in 11:
>> List<String> macSHA512_224Aliases = createAliasesWithOid(macOidBase + "12");
>> List<String> macSHA512_256Aliases = createAliasesWithOid(macOidBase + "13");
>>
>> String nistHashAlgsOidBase = "2.16.840.1.101.3.4.2.";
>> List<String> macSHA3_224Aliases =
>> createAliasesWithOid(nistHashAlgsOidBase + "13");
>> List<String> macSHA3_256Aliases =
>> createAliasesWithOid(nistHashAlgsOidBase + "14");
>> List<String> macSHA3_384Aliases =
>> createAliasesWithOid(nistHashAlgsOidBase + "15");
>> List<String> macSHA3_512Aliases =
>> createAliasesWithOid(nistHashAlgsOidBase + "16");
>>
>> Thus I could not remove them.
>> Also, the Hmac keys differ. Some are not in 11.
>>
>> src/java.base/share/classes/java/security/cert/CertificateRevokedException.java
>> Copyright.
>>
>> src/java.base/share/classes/sun/security/pkcs/PKCS7.java
>> src/java.base/share/classes/sun/security/pkcs/PKCS9Attribute.java
>> Already applied in "8268801: Improve PKCS attribute handling"
>>
>> src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
>> Resolve imports due to context.
>>
>> src/java.base/share/classes/sun/security/provider/KeyProtector.java
>> Copyright
>>
>> src/java.base/share/classes/sun/security/ssl/SunJSSE.java
>> Resolved due to context.
>>
>> src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java
>> Copyright.
>>
>> src/java.base/share/classes/sun/security/tools/keytool/Main.java
>> Basically applied by hand.
>>
>> src/java.base/share/classes/sun/security/util/ConstraintsParameters.java
>> This file was turned into an interface by "8249906: Enhance opening JARs" which
>> moved the implementation to CertPathConstraintsParameters.java and DisabledAlgorithmConstraints.
>> 8249906 was applied later than this change, but is already in 11.
>>
>> The method getNamedCurveFromKey(Key key) was moved to DisabledAlgorithmConstraints, I
>> applied the hunk there similar as in 17.
>>
>> src/java.base/share/classes/sun/security/util/CurveDB.java
>> I had to resolve because "8226307: Curve names should be case-insensitive" is not in 11.
>>
>> src/java.base/share/classes/sun/security/util/KnownOIDs.java,
>> Already in 11, a small difference in line 428 which seem fine to ...
>
> Goetz Lindenmaier has updated the pull request incrementally with one additional commit since the last revision:
>
> Incorporate Martin's review comments
Looks good to me.
-------------
Marked as reviewed by mbalao (Reviewer).
PR Review: https://git.openjdk.org/jdk11u-dev/pull/1908#pullrequestreview-1477482928
More information about the jdk-updates-dev
mailing list