RFR 8202299: Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016
Weijun Wang
weijun.wang at oracle.com
Tue Jun 26 02:40:19 UTC 2018
Thanks for the code review. My feeling is that this is a very good chance to use functional programming, where a repeated pattern is abstracted to a general method that calls independent actions.
I'd choose webrev.01.
--Max
> On Jun 26, 2018, at 10:25 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>
> Looks fine to me.
>
> webrev.00 looks more straightforward to me. I did not see too much benefit to use functional programming in webrev.01. I will let you make the final decision.
>
> Xuelei
>
> On 5/17/2018 9:00 PM, Weijun Wang wrote:
>>>
>>> Seems more complicated and harder to understand that code.
>> Not really.
>> The former
>> 373 byte[] keyInfo;
>> 374 while (true) {
>> 375 try {
>> 376 // Use JCE
>> 377 SecretKey skey = getPBEKey(password);
>> 378 Cipher cipher = Cipher.getInstance(
>> 379 mapPBEParamsToAlgorithm(algOid, algParams));
>> 380 cipher.init(Cipher.DECRYPT_MODE, skey, algParams);
>> 381 keyInfo = cipher.doFinal(encryptedKey);
>> 382 break;
>> 383 } catch (Exception e) {
>> 384 if (password.length == 0) {
>> 385 // Retry using an empty password
>> 386 // without a NULL terminator.
>> 387 password = new char[1];
>> 388 continue;
>> 389 }
>> 390 throw e;
>> 391 }
>> 392 }
>> becomes
>> 394 byte[] keyInfo = RetryWithZero.run(pass -> {
>> 395 // Use JCE
>> 396 SecretKey skey = getPBEKey(pass);
>> 397 Cipher cipher = Cipher.getInstance(
>> 398 mapPBEParamsToAlgorithm(algOid, algParams));
>> 399 cipher.init(Cipher.DECRYPT_MODE, skey, algParams);
>> 400 return cipher.doFinal(encryptedKey);
>> 401 }, password);
>> I would say it's clearer and pretty standard functional programming.
>> Thanks
>> Max
More information about the security-dev
mailing list