RFR 8154005: Add algorithm constraint that specifies the restriction date

Sean Mullan sean.mullan at oracle.com
Thu May 26 15:12:03 UTC 2016


On 05/11/2016 06:46 PM, Anthony Scarpino wrote:
> Please review the changes related to 8154005.  This is a continuation
> JEP-288.  It adds a denyAfter constraint the stops PKIX algorithm
> support at a specified date.
>
> http://cr.openjdk.java.net/~ascarpino/8154005/webrev/

A few minor comments on the updated webrev: 
http://cr.openjdk.java.net/~ascarpino/8154005/webrev.01/

* AlgorithmChecker

186      * given {@code TrustAnchor} and {@code PKIXParameter}.

s/{@code PKIXParameter}/{@code PKIXParameter} date/

* DisabledAlgorithmConstraints

393      * If the class constains multiple constraints, the next constraint

s/constains/contains/

446          * CertConstraintParameter.
449          * {@code next()} with the same {@code CertConstraintParameter}

s/CertConstraintParameter/CertConstraintParameters/

448          * If the check inside of {@code permit()} fails, it must call
463          * call {@code nextConstraint}'s {@code permit()} to check 
if the
465          * {@code permit()} is allowed, this method will exit this 
and any

s/permit/permits/

453          * @return 'true' if constraint is allowed, 'false' if 
disallowed.

This should be an @throws.

460          * Recursively check the constraints is allowed.

s/check the constraints is allowed/check if the constraints are allowed/

472          * we are at the end of the constraint list, {@code 
nextConstraint} is

s/list,/list or/

543      private static class denyAfterConstraint extends Constraint {

s/denyAfterConstraint/DenyAfterConstraint/

607                   throw new CertPathValidatorException(

indented one space too far

619           * in UTC timezone,

s/,/./

--Sean



More information about the security-dev mailing list