Looks fine to me.
Thanks,
Xuelei
On 7/9/2018 8:39 AM, Weijun Wang wrote:
Please take a review at
http://cr.openjdk.java.net/~weijun/8206189/webrev.00/
When the password is empty, some pkcs12 implementations actually use "new char[1]" internally. Therefore PKCS12KeyStore
tries both "new char[0]" and "new char[1]". Occasionally, an encrypted block can be decrypted by both. If the
real password is "new char[1]" but we decrypt successfully with "new char[0]", the output will be garbage and
will not be parsed correctly.
This fix puts the parsing code inside the retry block to "validate" the
decrypted data. If it cannot be parsed correctly, the 2nd password will be retried.
No new regression test, the failed test will be used to verify the fix.
Thanks
Max
