On Thu, 7 May 2026 17:31:11 GMT, Mark Powers <[email protected]> wrote:
>> https://bugs.openjdk.org/browse/JDK-8383813 >> >> --------- >> - [x] I confirm that I make this contribution in accordance with the >> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai). > > Mark Powers has updated the pull request incrementally with one additional > commit since the last revision: > > A0 tag byte and run with default macAlgorithm src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 2506: > 2504: * 30 82 -- -- 02 01 03 30 82 -- -- 06 09 2A 86 48 86 F7 0D 01 07 > 01 A0 8- > 2505: * 30 -- 02 01 03 30 -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 -- 04 > -- -- -- > 2506: * 30 81 -- 02 01 03 30 -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 04 > -- -- -- I finally understand the quirk here. In this case, the bag has no key or certificate inside and it's just an empty sequence. Therefore the encoding is `A0 04 04 02 30 00`. That's why your 04 could still match, but this time instead on the OCTET STRING tag it matches the length. I still suggest changing this into `A0 -- 04 -- --` to be consistent with others. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/31031#discussion_r3203761722
