RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v12]
Sean Mullan
mullan at openjdk.org
Fri Oct 10 21:17:12 UTC 2025
On Tue, 7 Oct 2025 21:24:35 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> [JDK-8343232](https://bugs.openjdk.org/browse/JDK-8343232)
>
> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>
> more review comments from Sean and Weijun
src/java.base/share/classes/sun/security/pkcs12/MacData.java line 65:
> 63: private String hmac;
> 64: private int keyLength;
> 65: private boolean pbmac1Keystore = false;
New fields can be `final`.
src/java.base/share/classes/sun/security/pkcs12/MacData.java line 94:
> 92:
> 93: algParams = new PBMAC1Parameters(
> 94: digestAlgorithmId.getEncodedParams());
These lines can be combined.
src/java.base/share/classes/sun/security/pkcs12/MacData.java line 262:
> 260: hmac = macAlgorithm;
> 261: } else {
> 262: throw new ParsingException("unexpected algorithm");
Include the name of the algorithm in the exception message.
src/java.base/share/classes/sun/security/pkcs12/MacData.java line 381:
> 379: }
> 380:
> 381: public static String parseKdfHmac(String text) {
This method and `parseHmac` can be private.
src/java.base/share/classes/sun/security/pkcs12/PBMAC1Parameters.java line 69:
> 67: private final int keyLength;
> 68:
> 69: public PBMAC1Parameters(byte[] encoded) throws IOException {
The constructor and the 2 methods should be package-private instead of public.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2420721670
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2420729544
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2422071228
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2422076155
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2421072779
More information about the security-dev
mailing list