RFR: 8002277: Refactor two PBE classes to simplify maintenance [v2]
Valerie Peng
valeriep at openjdk.java.net
Wed May 11 20:34:40 UTC 2022
On Wed, 11 May 2022 04:05:27 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> It's possible, more refactoring would be needed and not necessarily less lines of code. With your suggested change, the caller has to explicitly destroy the derived key after the cipher.engineInit() call. This would be repeated in all PKCS12 PBE cipher impl classes, but then there'd be no casting of the actual classes. I assume this is what you are referring to? Can code it out and see how it looks.
>
> If the returned key-and-iv class implements Closeable, then you can do a try-with-resources to destroy the key, which saves you more lines.
Yes, good point, will do so.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8521
More information about the security-dev
mailing list