RFR: 8367104: Check for RSASSA-PSS parameters when validating certificates against algorithm constraints [v2]
Artur Barashev
abarashev at openjdk.org
Tue Sep 9 17:38:18 UTC 2025
On Tue, 9 Sep 2025 16:41:57 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> More test cases
>
> src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java line 422:
>
>> 420: } catch (InvalidParameterSpecException e) {
>> 421: throw new IllegalArgumentException(
>> 422: "Invalid AlgorithmParameters", e);
>
> I'd be more inclined to log a warning message here, but otherwise return true. This case should only occur if the RSASSS-PSS key is from some 3rd party provider that doesn't implement `AlgorithmParameters` correctly. I don't think that should result in a runtime exception - those should only be thrown if there is an issue with the `java.security` syntax for the disabled properties.
Will do, thanks! I also wasn't sure whether to log it or to throw an exception.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2334322077
More information about the security-dev
mailing list