On Tue, 3 May 2022 14:54:05 GMT, Hai-May Chao <hc...@openjdk.org> wrote:

>> Please review these changes to add DES/3DES/MD5 to 
>> `jdk.security.legacyAlgorithms` security property, and to add the legacy 
>> algorithm constraint checking to `keytool` commands that are associated with 
>> secret key entries stored in the keystore. These `keytool` commands are 
>> -genseckey, -importpass, -list, and -importkeystore. As a result, `keytool` 
>> will be able to generate warnings when it detects that the secret key based 
>> algorithms and PBE based Mac and cipher algorithms are weak. Also removes 
>> the "This algorithm will be disabled in a future update.” from the existing 
>> warnings for the asymmetric keys/certificates.
>> Will also file a CSR.
>
> Hai-May Chao has updated the pull request incrementally with one additional 
> commit since the last revision:
> 
>   Update per review comments

src/java.base/share/classes/sun/security/tools/keytool/Main.java line 2530:

> 2528:                 }
> 2529:             }
> 2530: 

While `c == null` usually means this is a secret key entry, this is not 
guaranteed. How about we put the check on a secret key entry in its own 
`instanceof` check, then we can save a cast.

Also, the `setEntry` is always called and it can be put outside any if/else 
block.

-------------

PR: https://git.openjdk.java.net/jdk/pull/8300

Reply via email to