8359388: Stricter checking for cipher transformations

[valeriepeng]

Based on the javadoc of javax.crypto.Cipher class, the cipher transformation should be either "algorithm/mode/padding" or
"algorithm". When parsing the transformation, space(s) is trimmed off and empty strings are considered as "unspecified". This PR adds checks to ensure that transformations with empty "mode" and/or "padding" value in the "algorithm/mode/padding" form leads to NoSuchAlgorithmException. This reverts some changes made in https://bugs.openjdk.org/browse/JDK-8358159 which allows empty mode and/or padding in the transformations.

Thanks in advance for the review~

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8359388: Stricter checking for cipher transformations (Bug - P4)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/25808/head:pull/25808
$ git checkout pull/25808

Update a local copy of the PR:
$ git checkout pull/25808
$ git pull https://git.openjdk.org/jdk.git pull/25808/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 25808

View PR using the GUI difftool:
$ git pr show -t 25808

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/25808.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back valeriep! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

@valeriepeng The following label will be automatically applied to this pull request:

• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 03: Full - Incremental (7d9e36b8)
• 02: Full - Incremental (0cb41982)
• 01: Full - Incremental (8d8640c6)
• 00: Full (245bf361)

[myankelev]

Minor: Do you think it would be a good idea to print out transformation and provider data for debug? In System.err that is. Otherwise afaik the exception is thrown and no trace in system error, just in System.out.println, making debugging quite challenging

Just something like this

Suggested change

	throw new RuntimeException("Expected NSAE not thrown");
	System.err.println("Error while testing " + transformation);
	throw new RuntimeException("Expected NSAE not thrown");

or just add it to the RuntimeException message

[valeriepeng]

Ok, I will update the test to include the transformation info in the exception message. As for provider, it's somewhat related, but given that it stays the same for the test, I printed it out just once in the beginning of the test.

[myankelev]

I don't think this exception is tested. It could be by adding test(" ", provider); in test/jdk/javax/crypto/Cipher/TestEmptyModePadding.java on line 68

[valeriepeng]

Sure, I can add it.

[myankelev]

Thank you! This is covered now

[myankelev]

Thank you for your changes!

Just a few super minor questions

[myankelev]

minor: Is @run needed here? It's fine to leave it here, if you prefer it this way though.

[valeriepeng]

I am ok either way, just didn't bother to remove it from the original test. :)

[myankelev]

Could you please change the imports to not use wildcard imports

import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import javax.crypto.Cipher;

[valeriepeng]

Sure, I can do this.

[myankelev]

minor: Do you think it would be easier to read if each entry was a separate line?

[valeriepeng]

I am ok either way, sounds like you prefer one line per entry. I can change them.