RFR 8202299: Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016
Weijun Wang
weijun.wang at oracle.com
Fri May 18 04:00:25 UTC 2018
>
> Seems more complicated and harder to understand that code.
Not really.
The former
373 byte[] keyInfo;
374 while (true) {
375 try {
376 // Use JCE
377 SecretKey skey = getPBEKey(password);
378 Cipher cipher = Cipher.getInstance(
379 mapPBEParamsToAlgorithm(algOid, algParams));
380 cipher.init(Cipher.DECRYPT_MODE, skey, algParams);
381 keyInfo = cipher.doFinal(encryptedKey);
382 break;
383 } catch (Exception e) {
384 if (password.length == 0) {
385 // Retry using an empty password
386 // without a NULL terminator.
387 password = new char[1];
388 continue;
389 }
390 throw e;
391 }
392 }
becomes
394 byte[] keyInfo = RetryWithZero.run(pass -> {
395 // Use JCE
396 SecretKey skey = getPBEKey(pass);
397 Cipher cipher = Cipher.getInstance(
398 mapPBEParamsToAlgorithm(algOid, algParams));
399 cipher.init(Cipher.DECRYPT_MODE, skey, algParams);
400 return cipher.doFinal(encryptedKey);
401 }, password);
I would say it's clearer and pretty standard functional programming.
Thanks
Max
More information about the security-dev
mailing list