RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v7]
Matthew Donovan
mdonovan at openjdk.org
Tue Sep 30 11:31:40 UTC 2025
On Tue, 30 Sep 2025 03:58:25 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> test/jdk/sun/security/pkcs12/PBMAC1Encoding.java line 445:
>>
>>> 443: ks = KeyStore.getInstance("PKCS12");
>>> 444: ks.load(new ByteArrayInputStream(Base64.getDecoder().decode(A4)),
>>> 445: password.toCharArray());
>>
>> throw an exception after `ks.load()` here and for A.5 and A.6 test cases.
>
> A4-A6 are expected to throw an exception. That's why I catch the exception and print "pass".
> Am I missing something?
As you say, `load()` is expected to throw an exception so if it doesn't, the test should fail. Without throwing an explicit exception after `ks.load()`, the test will still pass.
Suggestion:
try {
ks = KeyStore.getInstance("PKCS12");
ks.load(...);
throw new Exception("The expected exception was not thrown.");
} catch (Exception expected) {
System.out.println("PASS");
}
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2391025458
More information about the security-dev
mailing list