-
-
Notifications
You must be signed in to change notification settings - Fork 15.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for password-based encryption scheme 2 params (PBES2) #13539
Conversation
Please also add unit tests. |
@xiezhaokun as @hyperxpro said... can you please add a unit test ? |
@@ -102,6 +103,8 @@ public abstract class SslContext { | |||
|
|||
private final boolean startTls; | |||
private final AttributeMap attributes = new DefaultAttributeMap(); | |||
private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13"; | |||
private static final String PBES2 = "PBES2"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you add a comment to explain where these values come from ?
Sounds like PKCS12 is a bit of a messy landscape but I'm told PBES2 is the "state of the art" there. A good test for this would be to generate a |
@xiezhaokun @chrisvest I added a test-case |
4e01429
to
d17af6f
Compare
/cc @hyperxpro |
private static String getPBEAlgorithm(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo) { | ||
AlgorithmParameters parameters = encryptedPrivateKeyInfo.getAlgParameters(); | ||
String algName = encryptedPrivateKeyInfo.getAlgName(); | ||
// Java 8 ~ 16 returns OID_PKCS5_PBES2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this mean Java < 8 are not supported?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hyperxpro good point... maybe we should just add a version check as well. Let me do this
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
:)
Motivation:
Add support for password-based encryption scheme 2 params (PBES2)
Modification:
Describe the modifications you've done.
Result:
Fixes #13536
If there is no issue then describe the changes introduced by this PR.