RFR: 8262186: Call X509KeyManager.chooseClientAlias once for all key types [v3]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Mon Aug 30 21:07:35 UTC 2021


On Mon, 30 Aug 2021 20:19:00 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> This code change collects all key types and runs `chooseClientAlias` only once.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   after feedback

src/java.base/share/classes/sun/security/ssl/CertificateMessage.java line 1046:

> 1044: 
> 1045:             Collection<String> checkedKeyTypes = new HashSet<>();
> 1046:             List<String> allAuths = new ArrayList<>();

The name is not clear enough to me.  I may use something like "supportedKeyTypes" or "availableKeyAlgs.

src/java.base/share/classes/sun/security/ssl/CertificateRequest.java line 734:

> 732: 
> 733:             Collection<String> checkedKeyTypes = new HashSet<>();
> 734:             List<String> allAuths = new ArrayList<>();

The name is not clear enough to me.  I may use something like "supportedKeyAlgs" or "availableKeyTypes".

src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 274:

> 272:             PublicKey clientPublicKey = clientCerts[0].getPublicKey();
> 273:             if ((!clientPrivateKey.getAlgorithm().equals(keyType))
> 274:                     || (!clientPublicKey.getAlgorithm().equals(keyType))) {

The keyType is checked here.  The update may miss this.

-------------

PR: https://git.openjdk.java.net/jdk/pull/5257


More information about the security-dev mailing list