Wed, 20 May 2020 08:07:25 -0400
8244479: Further constrain certificates
Reviewed-by: ascarpino, ahgross, rhalade
src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java | file | annotate | diff | comparison | revisions |
1.1 --- a/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Wed Jun 17 08:48:03 2020 +0000 1.2 +++ b/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Wed May 20 08:07:25 2020 -0400 1.3 @@ -246,15 +246,16 @@ 1.4 int space = constraintEntry.indexOf(' '); 1.5 String algorithm = AlgorithmDecomposer.hashName( 1.6 ((space > 0 ? constraintEntry.substring(0, space) : 1.7 - constraintEntry). 1.8 - toUpperCase(Locale.ENGLISH))); 1.9 + constraintEntry))); 1.10 List<Constraint> constraintList = 1.11 - constraintsMap.getOrDefault(algorithm, 1.12 + constraintsMap.getOrDefault( 1.13 + algorithm.toUpperCase(Locale.ENGLISH), 1.14 new ArrayList<>(1)); 1.15 1.16 // Consider the impact of algorithm aliases. 1.17 for (String alias : AlgorithmDecomposer.getAliases(algorithm)) { 1.18 - constraintsMap.putIfAbsent(alias, constraintList); 1.19 + constraintsMap.putIfAbsent( 1.20 + alias.toUpperCase(Locale.ENGLISH), constraintList); 1.21 } 1.22 1.23 if (space <= 0) { 1.24 @@ -344,7 +345,7 @@ 1.25 1.26 // Get applicable constraints based off the signature algorithm 1.27 private List<Constraint> getConstraints(String algorithm) { 1.28 - return constraintsMap.get(algorithm); 1.29 + return constraintsMap.get(algorithm.toUpperCase(Locale.ENGLISH)); 1.30 } 1.31 1.32 // Check if KeySizeConstraints permit the specified key 1.33 @@ -400,6 +401,7 @@ 1.34 Set<String> algorithms = new HashSet<>(); 1.35 if (algorithm != null) { 1.36 algorithms.addAll(AlgorithmDecomposer.decomposeOneHash(algorithm)); 1.37 + algorithms.add(algorithm); 1.38 } 1.39 1.40 // Attempt to add the public key algorithm if cert provided