On Thu, 7 May 2026 18:16:51 GMT, Weijun Wang <[email protected]> wrote:
>> Mark Powers has updated the pull request incrementally with one additional >> commit since the last revision: >> >> A0 tag byte and run with default macAlgorithm > > src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 2506: > >> 2504: * 30 82 -- -- 02 01 03 30 82 -- -- 06 09 2A 86 48 86 F7 0D 01 07 >> 01 A0 8- >> 2505: * 30 -- 02 01 03 30 -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 -- 04 >> -- -- -- >> 2506: * 30 81 -- 02 01 03 30 -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 04 >> -- -- -- > > I finally understand the quirk here. In this case, the bag has no key or > certificate inside and it's just an empty sequence. Therefore the encoding is > `A0 04 04 02 30 00`. That's why your 04 could still match, but this time > instead on the OCTET STRING tag it matches the length. I still suggest > changing this into `A0 -- 04 -- --` to be consistent with others. Agreed. Thanks! ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/31031#discussion_r3203999628
