RFR 8202299: Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016

Weijun Wang weijun.wang at oracle.com
Tue Jun 26 02:40:19 UTC 2018


Thanks for the code review. My feeling is that this is a very good chance to use functional programming, where a repeated pattern is abstracted to a general method that calls independent actions.

I'd choose webrev.01.

--Max

> On Jun 26, 2018, at 10:25 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> 
> Looks fine to me.
> 
> webrev.00 looks more straightforward to me.  I did not see too much benefit to use functional programming in webrev.01.  I will let you make the final decision.
> 
> Xuelei
> 
> On 5/17/2018 9:00 PM, Weijun Wang wrote:
>>> 
>>> Seems more complicated and harder to understand that code.
>> Not really.
>> The former
>>  373             byte[] keyInfo;
>>  374             while (true) {
>>  375                 try {
>>  376                     // Use JCE
>>  377                     SecretKey skey = getPBEKey(password);
>>  378                     Cipher cipher = Cipher.getInstance(
>>  379                         mapPBEParamsToAlgorithm(algOid, algParams));
>>  380                     cipher.init(Cipher.DECRYPT_MODE, skey, algParams);
>>  381                     keyInfo = cipher.doFinal(encryptedKey);
>>  382                     break;
>>  383                 } catch (Exception e) {
>>  384                     if (password.length == 0) {
>>  385                         // Retry using an empty password
>>  386                         // without a NULL terminator.
>>  387                         password = new char[1];
>>  388                         continue;
>>  389                     }
>>  390                     throw e;
>>  391                 }
>>  392             }
>> becomes
>>  394             byte[] keyInfo = RetryWithZero.run(pass -> {
>>  395                 // Use JCE
>>  396                 SecretKey skey = getPBEKey(pass);
>>  397                 Cipher cipher = Cipher.getInstance(
>>  398                         mapPBEParamsToAlgorithm(algOid, algParams));
>>  399                 cipher.init(Cipher.DECRYPT_MODE, skey, algParams);
>>  400                 return cipher.doFinal(encryptedKey);
>>  401             }, password);
>> I would say it's clearer and pretty standard functional programming.
>> Thanks
>> Max



More information about the security-dev mailing list