RFR 8154005: Add algorithm constraint that specifies the restriction date
Sean Mullan
sean.mullan at oracle.com
Thu May 26 15:12:03 UTC 2016
On 05/11/2016 06:46 PM, Anthony Scarpino wrote:
> Please review the changes related to 8154005. This is a continuation
> JEP-288. It adds a denyAfter constraint the stops PKIX algorithm
> support at a specified date.
>
> http://cr.openjdk.java.net/~ascarpino/8154005/webrev/
A few minor comments on the updated webrev:
http://cr.openjdk.java.net/~ascarpino/8154005/webrev.01/
* AlgorithmChecker
186 * given {@code TrustAnchor} and {@code PKIXParameter}.
s/{@code PKIXParameter}/{@code PKIXParameter} date/
* DisabledAlgorithmConstraints
393 * If the class constains multiple constraints, the next constraint
s/constains/contains/
446 * CertConstraintParameter.
449 * {@code next()} with the same {@code CertConstraintParameter}
s/CertConstraintParameter/CertConstraintParameters/
448 * If the check inside of {@code permit()} fails, it must call
463 * call {@code nextConstraint}'s {@code permit()} to check
if the
465 * {@code permit()} is allowed, this method will exit this
and any
s/permit/permits/
453 * @return 'true' if constraint is allowed, 'false' if
disallowed.
This should be an @throws.
460 * Recursively check the constraints is allowed.
s/check the constraints is allowed/check if the constraints are allowed/
472 * we are at the end of the constraint list, {@code
nextConstraint} is
s/list,/list or/
543 private static class denyAfterConstraint extends Constraint {
s/denyAfterConstraint/DenyAfterConstraint/
607 throw new CertPathValidatorException(
indented one space too far
619 * in UTC timezone,
s/,/./
--Sean
More information about the security-dev
mailing list