RFR: 8002277: Refactor two PBE classes to simplify maintenance [v2]
Weijun Wang
weijun at openjdk.java.net
Wed May 11 04:08:50 UTC 2022
On Wed, 11 May 2022 01:14:00 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> The `core.init(..., cipher)` is actually `cipher.init(core.translateKeyAndParams())`. Is it possible we write it this way?
>
> It's possible, more refactoring would be needed and not necessarily less lines of code. With your suggested change, the caller has to explicitly destroy the derived key after the cipher.engineInit() call. This would be repeated in all PKCS12 PBE cipher impl classes, but then there'd be no casting of the actual classes. I assume this is what you are referring to? Can code it out and see how it looks.
If the returned key-and-iv class implements Closeable, then you can do a try-with-resources to destroy the key, which saves you more lines.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8521
More information about the security-dev
mailing list