RFR: 8244336: Restrict algorithms at JCE layer [v6]
Artur Barashev
abarashev at openjdk.org
Thu Aug 7 20:50:14 UTC 2025
On Thu, 7 Aug 2025 20:26:42 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java line 99:
>>
>>> 97: throw new IllegalArgumentException("Invalid entry: " + dk);
>>> 98: }
>>> 99: if (SUPPORTED_SERVICES.stream().anyMatch(e->e.equalsIgnoreCase
>>
>> Nit:
>> - Spaces around `->`
>> - Look up will be faster if we do `Set.contains` on upper-cased strings instead of iteration with `equalsIgnoreCase`. Although probably not noticeable with just 4 services we currently have.
>
> Yes, I will add space around "->".
> As for performance differences, the `Set,.contains`, approach will require an additional `toUpperCase()` call for every lookup. Or we can also use a `TreeSet` w/ case-insensitive ordering. Anyway, probably not difference when there are just 4 services?
Yes, if we don't expect a large number of services it's a moot point, especially since current 4 services all start with different letters.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2261366192
More information about the security-dev
mailing list