On Wed, 20 Oct 2021 14:47:31 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> This fix improves the exception message to better indicate when the key (and >> not the signature algorithm) is restricted. This change also includes a few >> other improvements: >> >> - The constraints checking in `AlgorithmChecker.check()` has been improved. >> If the `AlgorithmConstraints` are an instance of >> `DisabledAlgorithmConstraints`, the internal `permits` methods are always >> called; otherwise the public `permits` methods are called. This makes the >> code easier to understand, and fixes at least one case where duplicate >> checks were being done. >> >> - The above change caused some of the exception messages to be slightly >> different, so some tests that checked the error messages had to be updated >> to reflect that. >> >> - AlgorithmDecomposer now stores the decomposed SHA algorithm names in a >> Map, which fixed a bug where "RSASSA-PSS" was not being restricted properly. > > Sean Mullan has updated the pull request incrementally with one additional > commit since the last revision: > > - Skip digest alg decomposing check for algorithms that don't contain "SHA". > - Remove hasLoop method and fold code into decomposeName method. looks good to me ------------- Marked as reviewed by ascarpino (Reviewer). PR: https://git.openjdk.java.net/jdk/pull/5928