8284694: Avoid evaluating SSLAlgorithmConstraints twice

Reviewed-by: redestad, xuelei, coffeys
2025-08-27 23:04:50 +02:00 · 2022-04-20 18:15:16 +00:00 · 2022-04-20 18:15:16 +00:00 · d8446b4f60
commit d8446b4f60
parent cb16e41089
7 changed files with 429 additions and 45 deletions
--- a/src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java
@ -216,10 +216,10 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
                String[] localSupportedSignAlgs =
                        extSession.getLocalSupportedSignatureAlgorithms();

-                constraints = new SSLAlgorithmConstraints(
+                constraints = SSLAlgorithmConstraints.forSocket(
                                sslSocket, localSupportedSignAlgs, false);
            } else {
-                constraints = new SSLAlgorithmConstraints(sslSocket, false);
+                constraints = SSLAlgorithmConstraints.forSocket(sslSocket, false);
            }

            // Grab any stapled OCSP responses for use in validation
@ -270,10 +270,10 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
                String[] localSupportedSignAlgs =
                        extSession.getLocalSupportedSignatureAlgorithms();

-                constraints = new SSLAlgorithmConstraints(
+                constraints = SSLAlgorithmConstraints.forEngine(
                                engine, localSupportedSignAlgs, false);
            } else {
-                constraints = new SSLAlgorithmConstraints(engine, false);
+                constraints = SSLAlgorithmConstraints.forEngine(engine, false);
            }

            // Grab any stapled OCSP responses for use in validation