RFR: 8262186: Call X509KeyManager.chooseClientAlias once for all key types [v3]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Mon Aug 30 21:07:35 UTC 2021
On Mon, 30 Aug 2021 20:19:00 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> This code change collects all key types and runs `chooseClientAlias` only once.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> after feedback
src/java.base/share/classes/sun/security/ssl/CertificateMessage.java line 1046:
> 1044:
> 1045: Collection<String> checkedKeyTypes = new HashSet<>();
> 1046: List<String> allAuths = new ArrayList<>();
The name is not clear enough to me. I may use something like "supportedKeyTypes" or "availableKeyAlgs.
src/java.base/share/classes/sun/security/ssl/CertificateRequest.java line 734:
> 732:
> 733: Collection<String> checkedKeyTypes = new HashSet<>();
> 734: List<String> allAuths = new ArrayList<>();
The name is not clear enough to me. I may use something like "supportedKeyAlgs" or "availableKeyTypes".
src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 274:
> 272: PublicKey clientPublicKey = clientCerts[0].getPublicKey();
> 273: if ((!clientPrivateKey.getAlgorithm().equals(keyType))
> 274: || (!clientPublicKey.getAlgorithm().equals(keyType))) {
The keyType is checked here. The update may miss this.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5257
More information about the security-dev
mailing list