On Thu, 25 Jul 2024 14:34:51 GMT, Weijun Wang <[email protected]> wrote:
>> Anthony Scarpino has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - bad test check
>> - internal PEMRecord optimization
>
> src/java.base/share/classes/java/security/spec/EncodedKeySpec.java line 71:
>
>> 69: this.encodedKey = encodedKey.clone();
>> 70: try {
>> 71: algorithmName =
>> KeyUtil.getAlgorithm(this.encodedKey).getName();
>
> What if `algorithmName` is assigned an OID in raw string? I see that
> `EncodedKeySpec::getAlgorithm` has not specified whether the return value is
> a standard algorithm name but usually we only return standard names.
I hadn't thought about an OID string value. The alternative to not using
returning an OID is null. I don't see a problem returning an OID, as we have
seen in other areas where `Key.getAlgorithm()` returns a non-crypto algorithm
name. I understand what you are saying that we typically return a standard
name, and that will still be true in a vast majority of the encodings. But I
think returning the OID is a better choice in this corner case than returning
null.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r1695480369
