RFR: 8262186: Call X509KeyManager.chooseClientAlias once for all key types [v2]

[Weijun Wang]

On Mon, 30 Aug 2021 15:45:00 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Good suggestion.
>> 
>> One more thing: `checkedKeyTypes` only looks at `ss.keyAlgorithm`. I know the other checks (`SignatureScheme.getPreferableAlgorithm` and `X509Authentication.valueOf`) also only look at `ss.keyAlgorithm`, but are we going to check for more (Ex: group name) later? In the meantime, I would suggest changing the parameter type of these methods from `SignatureScheme` to `String` so we know only `keyAlgorithm` is checked.
>
> Did you mean to change hc.peerRequestedCertSignSchemes to String?  This field would be used for algorithm constraints and more parameters are required there.

No, I meant changing the type of the `certScheme` argument in

    static SignatureScheme getPreferableAlgorithm(
            AlgorithmConstraints constraints,
            List<SignatureScheme> schemes,
            SignatureScheme certScheme,
            ProtocolVersion version) {

to `String`. Since we are only putting `ss.keyAlgorithm` value into the checked type list, we need to make sure we only check on about `keyAlgorithm` now. My concern is that suppose one day we decide to check on `ss.namedGroup` as well, then we will remember to update this method and the checked list at the same time.

-------------

PR: https://git.openjdk.java.net/jdk/pull/5257