RFR 8202299: Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016
Xuelei Fan
xuelei.fan at oracle.com
Tue Jun 26 02:25:28 UTC 2018
Looks fine to me.
webrev.00 looks more straightforward to me. I did not see too much
benefit to use functional programming in webrev.01. I will let you make
the final decision.
Xuelei
On 5/17/2018 9:00 PM, Weijun Wang wrote:
>>
>> Seems more complicated and harder to understand that code.
>
> Not really.
>
> The former
>
> 373 byte[] keyInfo;
> 374 while (true) {
> 375 try {
> 376 // Use JCE
> 377 SecretKey skey = getPBEKey(password);
> 378 Cipher cipher = Cipher.getInstance(
> 379 mapPBEParamsToAlgorithm(algOid, algParams));
> 380 cipher.init(Cipher.DECRYPT_MODE, skey, algParams);
> 381 keyInfo = cipher.doFinal(encryptedKey);
> 382 break;
> 383 } catch (Exception e) {
> 384 if (password.length == 0) {
> 385 // Retry using an empty password
> 386 // without a NULL terminator.
> 387 password = new char[1];
> 388 continue;
> 389 }
> 390 throw e;
> 391 }
> 392 }
>
> becomes
>
> 394 byte[] keyInfo = RetryWithZero.run(pass -> {
> 395 // Use JCE
> 396 SecretKey skey = getPBEKey(pass);
> 397 Cipher cipher = Cipher.getInstance(
> 398 mapPBEParamsToAlgorithm(algOid, algParams));
> 399 cipher.init(Cipher.DECRYPT_MODE, skey, algParams);
> 400 return cipher.doFinal(encryptedKey);
> 401 }, password);
>
> I would say it's clearer and pretty standard functional programming.
>
> Thanks
> Max
>
More information about the security-dev
mailing list