On Thu, 31 Jul 2025 14:33:03 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Well, I see your concern and it's valid. However, quite a few algorithms do >> not have OIDs as the java security standard names may not have an 1-to-1 >> mapping to OID, or no OID defined at all. For example, none of `Keystore` >> type has a corresponding OID. Also, in the case of `Cipher`, this is even >> more complicated, e.g. `AES` OIDs are keysize-specific and `PBES2` cipher >> has one OID but there are multiple algorithm names which includes additional >> components/algorithms info (`PBEWithHmacSHA1AndAES_128`, >> `PBEWithHmacSHA512/256AndAES_256`. Thus, we can't use whether there is an >> OID to check for user typos. In addition, there could be algorithms which >> JDK does not have an OID mapping as `KnownOIDs` usually doesn't cover >> algorithms that we don't support. If we want to be stricter, I can change to >> error out if invalid entry is detected instead of ignored. However, we can >> only validate against syntax and perhaps reject unsupported services if >> desired. But the algorithm part is really diffic ult to validate. > > Ok, these are good points. So suggest we throw an IAE if the syntax is > invalid (missing ".", etc) or the service name is not one of the supported > ones. Ok. will change. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2255744826
