8179101: Improve algorithm constraints implementation
Reviewed-by: mullan, ahgross, rhalade, igerasim
--- a/jdk/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Fri Mar 31 11:24:23 2017 +0800
+++ b/jdk/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Wed Apr 26 10:34:32 2017 -0700
@@ -703,7 +703,6 @@
private int minSize; // the minimal available key size
private int maxSize; // the maximal available key size
private int prohibitedSize = -1; // unavailable key sizes
- private int size;
public KeySizeConstraint(String algo, Operator operator, int length) {
algorithm = algo;
@@ -761,8 +760,9 @@
return;
}
throw new CertPathValidatorException(
- "Algorithm constraints check failed on keysize limits. "
- + algorithm + " " + size + "bit key" + extendedMsg(cp),
+ "Algorithm constraints check failed on keysize limits. " +
+ algorithm + " " + KeyUtil.getKeySize(key) + "bit key" +
+ extendedMsg(cp),
null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
}
}
@@ -789,7 +789,7 @@
return true;
}
- size = KeyUtil.getKeySize(key);
+ int size = KeyUtil.getKeySize(key);
if (size == 0) {
return false; // we don't allow any key of size 0.
} else if (size > 0) {