jdk Udiff src/share/classes/sun/security/tools/keytool/Main.java

src/share/classes/sun/security/tools/keytool/Main.java

rev 14231 : 8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
Reviewed-by: mullan, xuelei, weijun

@@ -48,11 +48,13 @@
 import java.security.cert.CertificateFactory;
 import java.security.cert.CertStoreException;
 import java.security.cert.CRL;
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
+import java.security.interfaces.ECKey;
 import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.ECParameterSpec;
 import java.text.Collator;
 import java.text.MessageFormat;
 import java.util.*;
 import java.util.jar.JarEntry;
 import java.util.jar.JarFile;

@@ -69,10 +71,11 @@
 import javax.security.auth.x500.X500Principal;
 import java.util.Base64;
 
 import sun.security.util.DisabledAlgorithmConstraints;
 import sun.security.util.KeyUtil;
+import sun.security.util.NamedCurve;
 import sun.security.util.ObjectIdentifier;
 import sun.security.pkcs10.PKCS10;
 import sun.security.pkcs10.PKCS10Attribute;
 import sun.security.provider.X509Factory;
 import sun.security.provider.certpath.CertStoreHelper;

@@ -3087,10 +3090,21 @@
         } else {
             return String.format(rb.getString("with.weak"), alg);
         }
     }
 
+    private String fullDisplayAlgName(Key key) {
+        String result = key.getAlgorithm();
+        if (key instanceof ECKey) {
+            ECParameterSpec paramSpec = ((ECKey) key).getParams();
+            if (paramSpec instanceof NamedCurve) {
+                result += " (" + paramSpec.toString().split(" ")[0] + ")";
+            }
+        }
+        return result;
+    }
+
     private String withWeak(PublicKey key) {
         if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
             return String.format(rb.getString("key.bit"),
                     KeyUtil.getKeySize(key), key.getAlgorithm());
         } else {

@@ -4377,11 +4391,11 @@
         if (key != null && !DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
             weakWarnings.add(String.format(
                     rb.getString("whose.key.risk"),
                     label,
                     String.format(rb.getString("key.bit"),
-                            KeyUtil.getKeySize(key), key.getAlgorithm())));
+                            KeyUtil.getKeySize(key), fullDisplayAlgName(key))));
         }
     }
 
     private void checkWeak(String label, Certificate[] certs)
             throws KeyStoreException {

< prev index next >