On Thu, 7 Mar 2024 17:20:08 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> Change was made to engineGetEntry() in PKCS12KeyStore to extract the key and >> certificate chain from Entry only once. This is because the entry may get >> updated between engineGetKey() and engineGetCertificateChain() which causes >> inconsistent result. A new test was added to assess and manipulate >> PKCS12KeyStore with read and write operations concurrently from multiple >> threads. Thanks! > > Hai-May Chao has updated the pull request incrementally with one additional > commit since the last revision: > > Update bug number in the test src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1346: > 1344: char[] password = pp.getPassword(); > 1345: > 1346: Key key = internalGetKey(entry, password); This is a very smart change to use the already retrieved `entry` object to avoid it being replaced. There are other places in this method that `alias` is used to retrieve other info -- like `engineIsCertificateEntry(alias)` and `engineIsKeyEntry(alias)`. They should be also modified to depend on `entry` only. Ideally, `entries.get(alias)` (or any method that calls it) should only appear once in every `alias`-related method. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18156#discussion_r1516849094
