RFR: 8346129: Simplify EdDSA & XDH curve name usage

[Anthony Scarpino]

On Fri, 21 Feb 2025 22:05:03 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> This is complicated by `KeyPairGenerator.getInstance("EdDSA")` returning an Ed25519 key
>> 
>> If someone were to check permits() with "EdDSA" the above code recognizes that "Ed25519" on the disabled algorithm list overlaps with "EdDSA".  This is the first test in the test coded included in the PR.
>
> Do we call `permits` before instantiating a `KeyPairGenerator`? What if people call `kpg.initialize(NPS.Ed448)` after the instantiation?
> 
> In reality, I think it depends on how many `permits` calls there are. Modern algorithms have the key same algorithm name and signature algorithm name. When a signature operation is carried out, do we check on both the signature algorithm and the key? It seems only checking on the key is enough. It's actually more precise, since you can get the exact parameter set name there. This is why I asked if the method is "never called on a family algorithm name". When checking a key, if we always call `permits` on the parameter set name, we get the precise result.

`permits()` are used in situations for jdk[tls|certpath|jar].disabledAlgorithms, and the SSLAlgorithmConstraints.  It's not called for APIs like KPG, Signature, etc.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/23647#discussion_r1966279183