RFR: 8284926: Share the certificate NamedGroup in SignatureScheme::getSignerOfPreferableAlgorithm [v2]

[Xue-Lei Andrew Fan]

On Mon, 18 Apr 2022 12:37:15 GMT, John Jiang <jjiang at openjdk.org> wrote:

>> It would not to generate the certificate's ECParameterSpec and NamedGroup multiple times in method `SignatureScheme::getSignerOfPreferableAlgorithm`.
>
> John Jiang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   cache ParamSpec and NamedGroup in X509Possession

src/java.base/share/classes/sun/security/ssl/ECDHClientKeyExchange.java line 274:

> 272:             // Iteratively determine the X509Possession type's ParameterSpec.
> 273:             ECParameterSpec ecParams = x509Possession.getECParameterSpec();
> 274:             NamedParameterSpec namedParams = x509Possession.getXECParameterSpec();

It may not necessary to define 'ecParams' and 'namedParams' any longer, which was used to find out the named group.  Now, the checking could be placed on the "namedGroup" (if the named group is EC/CDH) around line 293.

src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 476:

> 474:         PrivateKey signingKey = x509Possession.popPrivateKey;
> 475: 
> 476:         ECParameterSpec params = x509Possession.getECParameterSpec();

This 'params' variable is used for debug only.  Maybe, it could be moved to the debug log block.

src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 157:

> 155:         }
> 156: 
> 157:         private ECParameterSpec getECParams() {

'getECParamSpec' may be a better method name.

src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 182:

> 180: 
> 181:         // Similar to above, but for XEC.
> 182:         private NamedParameterSpec getXECParams() {

'getXECParamSpec' may be a better method name.

-------------

PR: https://git.openjdk.java.net/jdk/pull/8271