RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v12]
Mark Powers
mpowers at openjdk.org
Sat Oct 11 02:39:17 UTC 2025
On Fri, 10 Oct 2025 15:04:34 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>>
>> more review comments from Sean and Weijun
>
> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 65:
>
>> 63: private String hmac;
>> 64: private int keyLength;
>> 65: private boolean pbmac1Keystore = false;
>
> New fields can be `final`.
fixed
> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 94:
>
>> 92:
>> 93: algParams = new PBMAC1Parameters(
>> 94: digestAlgorithmId.getEncodedParams());
>
> These lines can be combined.
Still more than 80 so I broke the line at `.getEncodedParams().`
> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 262:
>
>> 260: hmac = macAlgorithm;
>> 261: } else {
>> 262: throw new ParsingException("unexpected algorithm");
>
> Include the name of the algorithm in the exception message.
done
> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 381:
>
>> 379: }
>> 380:
>> 381: public static String parseKdfHmac(String text) {
>
> This method and `parseHmac` can be private.
fixed
> src/java.base/share/classes/sun/security/pkcs12/PBMAC1Parameters.java line 69:
>
>> 67: private final int keyLength;
>> 68:
>> 69: public PBMAC1Parameters(byte[] encoded) throws IOException {
>
> The constructor and the 2 methods should be package-private instead of public.
fixed
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2422387088
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2422387097
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2422387123
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2422387143
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2422387108
More information about the security-dev
mailing list