RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v8]
Sean Mullan
mullan at openjdk.org
Wed Sep 24 14:05:45 UTC 2025
On Wed, 24 Sep 2025 02:57:12 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> [JDK-8343232](https://bugs.openjdk.org/browse/JDK-8343232)
>
> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>
> fix behavior with keytool
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1953:
> 1951: private void processMacData(AlgorithmParameterSpec params,
> 1952: MacData macData, char[] password, byte[] data, String macAlgorithm)
> 1953: throws Exception {
Try just throwing the exceptions that can be thrown by code in this method, rather than `Exception` for everything. I know there is a "try/catch (Exception)" block in `engineLoad` when calling this method, but I think it is cleaner to only declare the exceptions that can be thrown here.
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 2214:
> 2212: new PBEParameterSpec(salt, ic);
> 2213: processMacData(params, macData, password, authSafeData,
> 2214: macAlgorithm);
These 4 lines can be moved below after the if/else block since they are the same for both conditions.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2375772213
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2375760985
More information about the security-dev
mailing list