RFR: 8359388: Stricter checking for cipher transformations [v4]

[Sean Mullan]

On Wed, 18 Jun 2025 06:27:13 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Based on the javadoc of `javax.crypto.Cipher` class, the cipher transformation should be either "algorithm/mode/padding" or
>> "algorithm". When parsing the transformation, space(s) is trimmed off and empty strings are considered as "unspecified". This PR adds checks to ensure that transformations with empty "mode" and/or "padding" value in the "algorithm/mode/padding" form leads to `NoSuchAlgorithmException`. This reverts some changes made in [https://bugs.openjdk.org/browse/JDK-8358159](https://bugs.openjdk.org/browse/JDK-8358159) which allows empty mode and/or padding in the transformations.
>> 
>> 
>> Thanks in advance for the review~
>
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Updated test per 2nd round of Mikhail's review comments.

src/java.base/share/classes/javax/crypto/Cipher.java line 470:

> 468:             // Algorithm only
> 469:             Transform tr = new Transform(parts[0], "", null, null);
> 470:             return Collections.singletonList(tr);

Or `List.of(tr)`.

src/java.base/share/classes/javax/crypto/Cipher.java line 479:

> 477:             list.add(new Transform(parts[0], "//" + parts[2], parts[1], null));
> 478:             list.add(new Transform(parts[0], "", parts[1], parts[2]));
> 479:             return list;

Does this need to be immutable or does it not matter?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/25808#discussion_r2178673434
PR Review Comment: https://git.openjdk.org/jdk/pull/25808#discussion_r2178675369