RFR: 8244336: Restrict algorithms at JCE layer [v5]
Artur Barashev
abarashev at openjdk.org
Wed Aug 6 19:25:19 UTC 2025
On Wed, 6 Aug 2025 18:07:13 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java line 62:
>>
>>> 60: }
>>> 61:
>>> 62: public static boolean permits(String service, String algo) {
>>
>> I think in other places of our code we don't separate the service and the algo in 2 strings, those are being used as a single string. So this method's signature should be `public static boolean permits(String algo)` for consistency.
>
> I don't want the caller classes to have to do the `service` +"." + `algo` String concatenation. It's cleaner to provide 2 arguments. Given this `permits(...)` method is already very different from the other `permits(...)` methods in the super interface, I don't think it really matters. Or, I can rename the method to something like `isAllowed` if you prefer a different method name.
I see. It's not about method's name though, just a consistency and supporting `anyService` check. Alternatively we can accept null or `*` for a service name to check for all services.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2258068646
More information about the security-dev
mailing list