[14] RFR: 8233228: Support named curves for all disabledAlgorithms

[Weijun Wang]

In ConstraintsParameters.java:

You added curveStr assignment in the ConstraintsParameters(X509Certificate,...). Is it also necessary to do the same in the next constructor ConstraintsParameters(...,Key,...)? You can get curve name from the key.

Also, now that a key has a parameter that needs to checked, in the following public method in DisabledAlgorithmConstraints.java

public boolean permits(Key key) {
    List<Constraint> list = getConstraints(key.getAlgorithm());
    if (list == null) {
        return true;
    }
    for (Constraint constraint : list) {
        if (!constraint.permits(key)) {
            if (debug != null) {
                debug.println("Constraints: failed key size" +
                        "constraint check " + KeyUtil.getKeySize(key));
            }
            return false;
        }
    }
    return true;
}

should getConstraints() be called on both the algorithm name and the group name?

Thanks,
Max



> On Nov 20, 2019, at 3:44 AM, Anthony Scarpino <anthony.scarpino at oracle.com> wrote:
> 
> I need a review of a disabled algorithms code change that allows EC curve names to be disabled for all the disabledAlgorithm properties.
> 
> https://cr.openjdk.java.net/~ascarpino/8233228/webrev/
> 
> Tony