RFR: 8298420: PEM API: Implementation (Preview) [v2]
Anthony Scarpino
ascarpino at openjdk.org
Tue Jul 30 19:40:33 UTC 2024
On Thu, 25 Jul 2024 20:06:18 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Anthony Scarpino has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - bad test check
>> - internal PEMRecord optimization
>
> src/java.base/share/classes/sun/security/util/Pem.java line 136:
>
>> 134: public static ObjectIdentifier getPBEID(String algorithm) {
>> 135: try {
>> 136: if (algorithm.contains("AES")) {
>
> Is this check reliable?
I deleted my previous comment because it was incorrect, as I mixed up that PBE1 & 2 were in the same spec.
PBES1 is defined with algorithm that are not AES, so any PBE algorithm containing AES is a PBES2 algorithm. This method is only used when the user gives a PBE algorithm and we must parse it to get the OID.
The alternative to this is having the algorithm names hardcoded in the code doing string compare on each until it finds a match. I felt this was an overly expensive check for something that should be pretty easy.
I'm not aware of a spec listing other PBES2 algorithms that don't use AES.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r1697481257
More information about the security-dev
mailing list