RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v2]

[Weijun Wang]

On Thu, 28 Apr 2022 06:46:35 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> Please review these changes to add DES/3DES/MD5 to `jdk.security.legacyAlgorithms` security property, and to add the legacy algorithm constraint checking to `keytool` commands that are associated with secret key entries stored in the keystore. These `keytool` commands are -genseckey, -importpass, -list, and -importkeystore. As a result, `keytool` will be able to generate warnings when it detects that the secret key based algorithms and PBE based Mac and cipher algorithms are weak. Also removes the "This algorithm will be disabled in a future update.” from the existing warnings for the asymmetric keys/certificates.
>> Will also file a CSR.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
> 
>   SecretKeyConstraintsParameters subclass created and property description updated

There is no way to `-genseckey` an RC2 key in a PKCS12 keystore but the only reason is that we don't have a known RC2 OID registered. (In fact, I was preparing to add one in the attempted code change to add OIDs into the standard names doc). You can add an RC4 key to PKCS12. Also, you can add both RC2 and RC4 to a JCEKS keystore.

-------------

PR: https://git.openjdk.java.net/jdk/pull/8300