RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v10]

[Mark Powers]

On Tue, 30 Sep 2025 19:36:45 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   another day another iteration
>
> src/java.base/share/classes/com/sun/crypto/provider/PBMAC1Parameters.java line 86:
> 
>> 84:     protected void Init(AlgorithmParameterSpec paramSpec)
>> 85:         throws InvalidParameterSpecException {
>> 86:         if (!(paramSpec instanceof PBEParameterSpec)) {
> 
> Use the instanceof pattern (see JEP 394) to avoid the need to cast on lines 90 and 91.

fixed

> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 178:
> 
>> 176:             throws  Exception {
>> 177:         final String kdfHmac;
>> 178:         final String Hmac;
> 
> Use lower-case as first letter of variable names, s/Hmac/hmac

fixed

> src/java.base/share/classes/sun/security/util/PBKDF2Parameters.java line 151:
> 
>> 149:      */
>> 150:     public byte[] getSalt() {
>> 151:         return this.salt.clone();
> 
> I don't think you need to return a clone here as you are just using it internally and not mutating it or exposing it to applications that could modify it. I'll double-check as I review the rest of the code.

fixed

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2399737516
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2399739051
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2399737960