On Tue, 10 May 2022 02:27:13 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Currently, the specified CipherSpi object is one of RC4, RC2, DESede. The >> "else" part is for catching new PKCS12 PBE algorithms support which uses >> other cipher algorithms. >> CipherSpi.engineInit(...) is protected, so that's why we use the instanceof >> to cast the CipherSpi object into the actual impl class in order to call the >> engineInit(...) since the actual impl class is in the same package of this >> class. > > The `core.init(..., cipher)` is actually > `cipher.init(core.translateKeyAndParams())`. Is it possible we write it this > way? It's possible, more refactoring would be needed and not necessarily less lines of code. With your suggested change, the caller has to explicitly destroy the derived key after the cipher.engineInit() call. This would be repeated in all PKCS12 PBE cipher impl classes, but then there'd be no casting of the actual classes. I assume this is what you are referring to? Can code it out and see how it looks. ------------- PR: https://git.openjdk.java.net/jdk/pull/8521