On Thu, 18 May 2023 19:11:32 GMT, Ferenc Rakoczi <d...@openjdk.org> wrote:
>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC >> 8554. LMS is an approved software signing algorithm for CNSA 2.0, with >> SHA-256/192 parameters recommended. > > Ferenc Rakoczi has updated the pull request incrementally with one additional > commit since the last revision: > > Removed dead code, accepted code style suggestions. src/java.base/share/classes/sun/security/provider/HSS.java line 664: > 662: protected PublicKey engineGeneratePublic(KeySpec keySpec) > 663: throws InvalidKeySpecException { > 664: if (keySpec instanceof X509EncodedKeySpec) { Can you also use `instanceof x` here and avoid the cast on line 666? src/java.base/share/classes/sun/security/provider/HSS.java line 695: > 693: throw new InvalidKeySpecException("key should not be > null"); > 694: } > 695: if (key.getFormat().equals("X.509") && Would it make sense to also check if `key` is an instance of `HSSPublicKey`? src/java.base/share/classes/sun/security/provider/HSS.java line 700: > 698: return keySpec.cast(new > X509EncodedKeySpec(key.getEncoded())); > 699: } > 700: throw new InvalidKeySpecException("keySpec is not an > X509 one"); Suggest saying name of class: "keySpec is not an X509EncodedKeySpec" src/java.base/share/classes/sun/security/provider/HSS.java line 787: > 785: > 786: @java.io.Serial > 787: protected Object writeReplace() throws > java.io.ObjectStreamException { Make this `private` instead of `protected`. Also, add an overridden private `readObject` method that simply throws an exception, ex: `throw new InvalidObjectException("HSS public keys are not directly deserializable"); ` ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1204336773 PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1204361545 PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1204353785 PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1204415763