Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9989:06c643a674d2
8244479: Further constrain certificates
Reviewed-by: ascarpino, ahgross, rhalade
| author | mullan |
|---|---|
| date | Wed, 20 May 2020 08:07:25 -0400 |
| parents | 6bb641de4b96 |
| children | 2cde484ef248 |
| files | src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java |
| diffstat | 1 files changed, 7 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Mon Aug 17 15:36:13 2020 +0100 +++ b/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Wed May 20 08:07:25 2020 -0400 @@ -252,10 +252,10 @@ int space = constraintEntry.indexOf(' '); String algorithm = AlgorithmDecomposer.hashName( ((space > 0 ? constraintEntry.substring(0, space) : - constraintEntry). - toUpperCase(Locale.ENGLISH))); + constraintEntry))); - List<Constraint> constraintList = constraintsMap.get(algorithm); + List<Constraint> constraintList = constraintsMap.get( + algorithm.toUpperCase(Locale.ENGLISH)); if (constraintList == null) { constraintList = new ArrayList<>(1); } @@ -264,7 +264,8 @@ for (String alias : AlgorithmDecomposer.getAliases(algorithm)) { List<Constraint> aliasList = constraintsMap.get(alias); if (aliasList == null) { - constraintsMap.put(alias, constraintList); + constraintsMap.put( + alias.toUpperCase(Locale.ENGLISH), constraintList); } } if (space <= 0) { @@ -354,7 +355,7 @@ // Get applicable constraints based off the signature algorithm private List<Constraint> getConstraints(String algorithm) { - return constraintsMap.get(algorithm); + return constraintsMap.get(algorithm.toUpperCase(Locale.ENGLISH)); } // Check if KeySizeConstraints permit the specified key @@ -410,6 +411,7 @@ Set<String> algorithms = new HashSet<>(); if (algorithm != null) { algorithms.addAll(AlgorithmDecomposer.decomposeOneHash(algorithm)); + algorithms.add(algorithm); } // Attempt to add the public key algorithm if cert provided