On Thu, 25 Jul 2024 20:06:18 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Anthony Scarpino has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - bad test check
>> - internal PEMRecord optimization
>
> src/java.base/share/classes/sun/security/util/Pem.java line 136:
>
>> 134: public static ObjectIdentifier getPBEID(String algorithm) {
>> 135: try {
>> 136: if (algorithm.contains("AES")) {
>
> Is this check reliable?
I deleted my previous comment because it was incorrect, as I mixed up that PBE1
& 2 were in the same spec.
PBES1 is defined with algorithm that are not AES, so any PBE algorithm
containing AES is a PBES2 algorithm. This method is only used when the user
gives a PBE algorithm and we must parse it to get the OID.
The alternative to this is having the algorithm names hardcoded in the code
doing string compare on each until it finds a match. I felt this was an overly
expensive check for something that should be pretty easy.
I'm not aware of a spec listing other PBES2 algorithms that don't use AES.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r1697481257
