Mercurial > jdk8-mips64-public > jdk / changeset

changeset

8244479: Further constrain certificates

Wed, 20 May 2020 08:07:25 -0400

author
mullan
date
Wed, 20 May 2020 08:07:25 -0400
changeset 14217
a9306ab5534a
parent 14216
f6804947798c
child 14218
1c438aec6cb7

8244479: Further constrain certificates
Reviewed-by: ascarpino, ahgross, rhalade

src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java file | annotate | diff | comparison | revisions 
     1.1 --- a/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java	Wed Jun 17 08:48:03 2020 +0000
     1.2 +++ b/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java	Wed May 20 08:07:25 2020 -0400
     1.3 @@ -246,15 +246,16 @@
     1.4                  int space = constraintEntry.indexOf(' ');
     1.5                  String algorithm = AlgorithmDecomposer.hashName(
     1.6                          ((space > 0 ? constraintEntry.substring(0, space) :
     1.7 -                                constraintEntry).
     1.8 -                                toUpperCase(Locale.ENGLISH)));
     1.9 +                                constraintEntry)));
    1.10                  List<Constraint> constraintList =
    1.11 -                        constraintsMap.getOrDefault(algorithm,
    1.12 +                        constraintsMap.getOrDefault(
    1.13 +                                algorithm.toUpperCase(Locale.ENGLISH),
    1.14                                  new ArrayList<>(1));
    1.15  
    1.16                  // Consider the impact of algorithm aliases.
    1.17                  for (String alias : AlgorithmDecomposer.getAliases(algorithm)) {
    1.18 -                    constraintsMap.putIfAbsent(alias, constraintList);
    1.19 +                    constraintsMap.putIfAbsent(
    1.20 +                            alias.toUpperCase(Locale.ENGLISH), constraintList);
    1.21                  }
    1.22  
    1.23                  if (space <= 0) {
    1.24 @@ -344,7 +345,7 @@
    1.25  
    1.26          // Get applicable constraints based off the signature algorithm
    1.27          private List<Constraint> getConstraints(String algorithm) {
    1.28 -            return constraintsMap.get(algorithm);
    1.29 +            return constraintsMap.get(algorithm.toUpperCase(Locale.ENGLISH));
    1.30          }
    1.31  
    1.32          // Check if KeySizeConstraints permit the specified key
    1.33 @@ -400,6 +401,7 @@
    1.34              Set<String> algorithms = new HashSet<>();
    1.35              if (algorithm != null) {
    1.36                  algorithms.addAll(AlgorithmDecomposer.decomposeOneHash(algorithm));
    1.37 +                algorithms.add(algorithm);
    1.38              }
    1.39  
    1.40              // Attempt to add the public key algorithm if cert provided

Mercurial Repository: jdk8-mips64-public/jdk

mercurial