Thanks for filing the bug for PBES2Parameters class.
Webrev for 8242151 is updated at:
http://cr.openjdk.java.net/~valeriep/8242151/webrev.03/
It addresses:
- added KnownOIDs for CurveDB class
- updated the KDF parsing code in PBES2Parameters class to match
existing behavior
- removed the String constants of PKCS9Attribute class and commented out
its constructor which takes String argument
- use 3rd party aliasing info in AlgorithmId.getName() impl
- misc changes to KnownOIDs class regarding the register() impl
Thanks,
Valerie
On 5/6/2020 6:59 PM, Weijun Wang wrote:
It seems that existing impl of PBES2Parameters class only enforces that the KDF algo is one of the
HmacSHAxxx. But it does not throw exception if the instance is requested with
"PBEWithHmacSHA256AndAES_256" and then initialized with DER encoding containing
"PBEWithHmacSHA512AndAES_256". Perhaps it should be further tightened up?
I think so. There is a general "PBES2" that allows filling in the algorithms at
init() but if they are already inside the algorithm name, then only the same can appear
in the encoding.
Filed https://bugs.openjdk.java.net/browse/JDK-8244564. Maybe we will backport
it.
--Max
