8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR

Reviewed-by: mullan, xuelei, weijun
2025-08-28 15:24:43 +02:00 · 2019-12-18 12:10:09 -08:00 · 2019-12-18 12:10:09 -08:00 · ca112043f1
commit ca112043f1
parent 5cb06ce2fb
7 changed files with 188 additions and 41 deletions
--- a/src/java.base/share/classes/sun/security/util/CurveDB.java
+++ b/src/java.base/share/classes/sun/security/util/CurveDB.java
@ -154,8 +154,27 @@ public class CurveDB {
        }
    }

+    private static class Holder {
+        private static final Pattern nameSplitPattern = Pattern.compile(
+                SPLIT_PATTERN);
+    }
+
+    // Return all the names the EC curve could be using.
+    static String[] getNamesByOID(String oid) {
+        NamedCurve nc = oidMap.get(oid);
+        if (nc == null) {
+            return new String[0];
+        }
+        String[] list = Holder.nameSplitPattern.split(nc.getName());
+        int i = 0;
+        do {
+            list[i] = list[i].trim();
+        } while (++i < list.length);
+        return list;
+    }
+
    static {
-        Pattern nameSplitPattern = Pattern.compile(SPLIT_PATTERN);
+        Pattern nameSplitPattern = Holder.nameSplitPattern;

        /* SEC2 prime curves */
        add("secp112r1", "1.3.132.0.6", P,