On 18 Dec 2014, at 14:59, Wang Weijun <weijun.w...@oracle.com> wrote:
> >> On Dec 18, 2014, at 22:12, Vincent Ryan <vincent.x.r...@oracle.com> wrote: >> >> Thanks for reviewing, Max. >> >> >> On 18 Dec 2014, at 06:52, Wang Weijun <weijun.w...@oracle.com> wrote: >> >>> >>>> On Dec 18, 2014, at 07:58, Vincent Ryan <vincent.x.r...@oracle.com> wrote: >>>> >>>> FYI I’ve updated the webrev to include the changes below: >>>> http://cr.openjdk.java.net/~vinnie/8044445/webrev.05/ >>> >>> PKCS12KeyStore.PKCS12_HEADER_PATTERNS. >>> >>> Is there a possibility for this? >>> >>> 30 82 -- -- 02 01 03 30 81 -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 -- 04 >>> >>> That is to say, the length of ContentInfo is only slight smaller than 128. >>> My understanding this is more likely than existing pattern #5 and #6. >> >> In theory it may be possible but the smallest non-empty content that I could >> generate was about 200 bytes. > > Oh, so #2 is reserved for an empty keystore. :-) > >> Do you have an example? > > No. I tried to store a DES key there but see "NoSuchAlgorithmException: > unrecognized algorithm name: DES". Maybe DES is obsolete? What would be the > size if another tool creates a DES key? Will it be small enough? > > I use keytool to -genseckey an AES key, ContentInfo has size D0. A little > bigger. > >> KeyStore.getInstance(file,pass,param,hasP): >>> >>> It seems if one engineProbe() returns true but loading fails you will try >>> the next storetype. Right? If so, dataStream.reset() should be called. >> >> No. If loading fails then an exception is thrown - no further storetypes are >> checked. > > I see. I thought new KeyStore(impl, (Provider)objs[1], type) could throw some > exception. That's where I called "loading”. I thought you were referring to keystore.load, which is called later. However, you are right, it would be safer to move the reset call out of the try block and beyond the 2 catch blocks so that probing can continue if the keystore cannot be instantiated. > > --Max > >> >> >>> >>> Thanks >>> Max >>> >> >
