RFR: 8346129: Simplify EdDSA & XDH curve name usage [v5]
Anthony Scarpino
ascarpino at openjdk.org
Thu Mar 20 16:34:12 UTC 2025
On Tue, 18 Mar 2025 19:14:40 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision:
>>
>> check for dup
>
> src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java line 210:
>
>> 208: new CertPathConstraintsParameters(trustedPubKey, variant,
>> 209: anchor, date);
>> 210: dac.permits(KeyUtil.getAlgorithm(trustedPubKey),
>
> Do you plan to have a unit test for `AlgorithmChecker` changes? It looks like certificates using `ED25519` algorithm didn't match that check before. It would be useful to have a test where we disable `ED25519` in java.security and then try to use a certificate with `ED25519` algorithm.
This is checked by an existing test
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23647#discussion_r2006034135
More information about the security-dev
mailing list