[9] RFR: 8048624: Tests for SealedObject

Rajan Halade rajan.halade at oracle.com
Mon Aug 10 20:44:37 UTC 2015

Hi Valerie,

I have updated the webrev after your comment and our discussion to only 
retain TestSealedObjectNull test.


On 7/23/15 2:20 PM, Valerie Peng wrote:
> <TestSealedObject.java>
> - I think it's more universal to call getParameters() instead of 
> getIV(). Otherwise, if the test is enhanced with GCM mode, it will not 
> work.
> - Certain combination of mode and padding require certain input 
> length. With SealedObject, the input to the Cipher object is the 
> "serialized" bytes. Otherwise, IllegalBlockSizeException will be 
> thrown. If the test coverage is about SealedObject code, we don't need 
> these many different combinations. What is the aim for coverage here?
> - DES, DESede and Blowfish and no AES? Note that AES block size is 16 
> bytes, so the current input will need to be adjusted. Currently, the 
> serialized form is 24 bytes. You need to bump it up to at least 32 
> bytes to avoid IllegalBlockSizeException.
> <TestSealedObjectNull.java>
> - This is not really testing NullCipher. If you replace NullCipher 
> with any other cipher, this test would still pass.
> - Well, in reality, no one will ever use SealedObject with NullCipher, 
> I can't think of a reason to. I wonder if anyone actually uses 
> NullCipher. What is the purpose of this test?
> Thanks,
> Valerie
> On 7/17/2015 4:21 PM, Rajan Halade wrote:
>> May I request you to review two new tests added to check SealedObject 
>> with different ciphers.
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8048624
>> Webrev: http://cr.openjdk.java.net/~rhalade/8048624/webrev/
>> Thanks,
>> Rajan

More information about the security-dev mailing list