8244336: Restrict algorithms at JCE layer

[GoeLin]

I backport this for parity with 21.0.11-oracle.

I had to resolve a few files, mostly due to the removal of the
security manager:

src/java.base/share/classes/java/security/Signature.java
Adapted patch in getInstance(String) to slightly different coding.

src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
Copyright.
getAlgorithms(String): Needed to adapt to security coding.

src/java.base/share/classes/sun/security/util/KnownOIDs.java
Resolved line 188 due to context difference.

Also, I had to adapt one test to work with the SM. See second commit.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• JDK-8244336 needs maintainer approval
• Commit message must refer to an issue
• Change requires CSR request JDK-8372102 to be approved

Issues

• JDK-8244336: Restrict algorithms at JCE layer (Enhancement - P3)
• JDK-8372102: Restrict algorithms at JCE layer (CSR)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk21u-dev.git pull/2519/head:pull/2519
$ git checkout pull/2519

Update a local copy of the PR:
$ git checkout pull/2519
$ git pull https://git.openjdk.org/jdk21u-dev.git pull/2519/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 2519

View PR using the GUI difftool:
$ git pr show -t 2519

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk21u-dev/pull/2519.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back goetz! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[mlbridge]

Webrevs

• 01: Full - Incremental (d7ad0cc2)
• 00: Full (abb7b81b)

[phohensee]

Super trivial: in Signature.java, missing blank line before line 254. Also, testing?

[GoeLin]

Hi @phohensee
thanks for the review!
I added the blank line.

For testing, see also the fix request comment in the JBS issue.
The tests modified by this change pass.
Our nightly testing passed, including tier1-4 headless, jck, some bencharks. Some of the suites with -Xcomp.
win x86, linux aarch,ppc,x86,alpine, mac aarch,x86, aix.

[GoeLin]

Hi @phohensee
Could you please have a second look? Thanks!