RFR: 8268427: Improve AlgorithmConstraints:checkAlgorithm performance
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Fri Jun 11 04:23:50 UTC 2021
On Thu, 10 Jun 2021 06:59:25 GMT, Dongbo He <dongbohe at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java line 130:
>>
>>> 128: AlgorithmDecomposer decomposer) {
>>> 129: super(decomposer);
>>> 130: List<String> disabledAlgorithmsList = getAlgorithms(propertyName);
>>
>> Is it doable to have the getAlgorithms() method return a Set?
>
> The collection required when new Constraints() should retain the default case of the elements, because some code will depend on this, for example, .
> [entry.startsWith("keySize")](https://github.com/openjdk/jdk/blob/dd1cbadc82bcecf718b96c833a5845fde79db061/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java#L383).
> But the set required by the permits should unify the case of the elements, because algorithm may be uppercase or lowercase, but the Set:contains() cannot handle this situation.
> So we need to create a new Set that ignores the default case of elements.
For the entry.startsWith("keySize") example, I don't think keySize is an algorithm that could be listed individually in the list. The "keySize" may be just a part one algorithm, for example "RSA keySize < 1024".
It's a good point about the lowercase and upper case. Did you check how constraints like the "keySize" are expressed in the list or set?
-------------
PR: https://git.openjdk.java.net/jdk/pull/4424
More information about the security-dev
mailing list