RFR: 8002277: Refactor two PBE classes to simplify maintenance [v2]
Valerie Peng
valeriep at openjdk.java.net
Wed May 11 01:17:38 UTC 2022
On Tue, 10 May 2022 02:27:13 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Currently, the specified CipherSpi object is one of RC4, RC2, DESede. The "else" part is for catching new PKCS12 PBE algorithms support which uses other cipher algorithms.
>> CipherSpi.engineInit(...) is protected, so that's why we use the instanceof to cast the CipherSpi object into the actual impl class in order to call the engineInit(...) since the actual impl class is in the same package of this class.
>
> The `core.init(..., cipher)` is actually `cipher.init(core.translateKeyAndParams())`. Is it possible we write it this way?
It's possible, more refactoring would be needed and not necessarily less lines of code. With your suggested change, the caller has to explicitly destroy the derived key after the cipher.engineInit() call. This would be repeated in all PKCS12 PBE cipher impl classes, but then there'd be no casting of the actual classes. I assume this is what you are referring to? Can code it out and see how it looks.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8521
More information about the security-dev
mailing list