On Tue, 3 May 2022 14:54:05 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> Please review these changes to add DES/3DES/MD5 to >> `jdk.security.legacyAlgorithms` security property, and to add the legacy >> algorithm constraint checking to `keytool` commands that are associated with >> secret key entries stored in the keystore. These `keytool` commands are >> -genseckey, -importpass, -list, and -importkeystore. As a result, `keytool` >> will be able to generate warnings when it detects that the secret key based >> algorithms and PBE based Mac and cipher algorithms are weak. Also removes >> the "This algorithm will be disabled in a future update.” from the existing >> warnings for the asymmetric keys/certificates. >> Will also file a CSR. > > Hai-May Chao has updated the pull request incrementally with one additional > commit since the last revision: > > Update per review comments src/java.base/share/classes/sun/security/tools/keytool/Main.java line 2530: > 2528: } > 2529: } > 2530: While `c == null` usually means this is a secret key entry, this is not guaranteed. How about we put the check on a secret key entry in its own `instanceof` check, then we can save a cast. Also, the `setEntry` is always called and it can be put outside any if/else block. ------------- PR: https://git.openjdk.java.net/jdk/pull/8300