RFR: 8262186: Call X509KeyManager.chooseClientAlias once for all key types [v2]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Mon Aug 30 21:07:33 UTC 2021
On Fri, 27 Aug 2021 14:36:52 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> This code change collects all key types and runs `chooseClientAlias` only once.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> reorg src, new test case
Looks good to me, except a minion naming comment.
src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 271:
> 269:
> 270: PublicKey clientPublicKey = clientCerts[0].getPublicKey();
> 271: if (!clientPrivateKey.getAlgorithm().equals(clientPublicKey.getAlgorithm())) {
See above comment, the specified keyType is not checked against. The check here is for the matching of private key and public key, rather the match of key and the specified keyType. Maybe, an additional check could be added to check the key type of the cert if one of the specified key types.
-------------
Marked as reviewed by xuelei (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/5257
More information about the security-dev
mailing list