RFR: 8160655 Fix denyAfter and usage types for security properties

Xuelei Fan xuelei.fan at oracle.com
Thu Jan 26 21:09:47 UTC 2017


DisabledAlgorithmConstraints.java
=================================
      public final boolean permits(Set<CryptoPrimitive> primitives, Key 
key) {
-        return checkConstraints(primitives, "", key, null);
+        try {
+            permits(new ConstraintsParameters(key.getAlgorithm(), null, 
key,
+                    null));
+            return true;
+        } catch (CertPathValidatorException e) {
+            return false;
+        }
      }
Looks like there are some overlap if this method is not used for cert. 
What's the point for this update?

@@ -172,56 +180,21 @@
-        // check the key algorithm
-        if (!permits(primitives, key.getAlgorithm(), null)) {
-            return false;
-        }
This block cannot be removed as the standard permits() (seel line 130) 
still need to this check.

Otherwise, looks fine to me.

Xuelei

On 1/23/2017 3:27 PM, Anthony Scarpino wrote:
> Hi,
>
> I need a code review of this change that brings more detail constraints
> checking and control to certpath and jar disabled algorithm Security
> properties.
>
> http://cr.openjdk.java.net/~ascarpino/8160655/webrev/
>
> thanks
>
> Tony


More information about the security-dev mailing list