# HG changeset patch # User mullan # Date 1589976445 14400 # Node ID 06c643a674d202f5a3ef16aedf225014f169079b # Parent 6bb641de4b96d897dcfaabdd13bd13f7ebc3c4e1 8244479: Further constrain certificates Reviewed-by: ascarpino, ahgross, rhalade diff -r 6bb641de4b96 -r 06c643a674d2 src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java --- a/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Mon Aug 17 15:36:13 2020 +0100 +++ b/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Wed May 20 08:07:25 2020 -0400 @@ -252,10 +252,10 @@ int space = constraintEntry.indexOf(' '); String algorithm = AlgorithmDecomposer.hashName( ((space > 0 ? constraintEntry.substring(0, space) : - constraintEntry). - toUpperCase(Locale.ENGLISH))); + constraintEntry))); - List constraintList = constraintsMap.get(algorithm); + List constraintList = constraintsMap.get( + algorithm.toUpperCase(Locale.ENGLISH)); if (constraintList == null) { constraintList = new ArrayList<>(1); } @@ -264,7 +264,8 @@ for (String alias : AlgorithmDecomposer.getAliases(algorithm)) { List aliasList = constraintsMap.get(alias); if (aliasList == null) { - constraintsMap.put(alias, constraintList); + constraintsMap.put( + alias.toUpperCase(Locale.ENGLISH), constraintList); } } if (space <= 0) { @@ -354,7 +355,7 @@ // Get applicable constraints based off the signature algorithm private List getConstraints(String algorithm) { - return constraintsMap.get(algorithm); + return constraintsMap.get(algorithm.toUpperCase(Locale.ENGLISH)); } // Check if KeySizeConstraints permit the specified key @@ -410,6 +411,7 @@ Set algorithms = new HashSet<>(); if (algorithm != null) { algorithms.addAll(AlgorithmDecomposer.decomposeOneHash(algorithm)); + algorithms.add(algorithm); } // Attempt to add the public key algorithm if cert provided