RFR: 8209038: Clarify the javadoc of Cipher.getParameters() [v2]
Sean Mullan
mullan at openjdk.java.net
Thu Apr 28 17:17:44 UTC 2022
On Wed, 27 Apr 2022 20:01:26 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> I don't see the ProviderException being mentioned?
>> Per the description under JDK-8209038, the requests are:
>> 1) describe the returned parameters following what's in Signature class, i.e. if this object has been initialized with parameters then ..., if this object has not been initialized with parameters, then ..... (<= Xuelei raises compatibility concern and trying to describe all this would make it very lengthy, so the proposed changes reverted back to the original syntax, e.g. describing the returned parameters but not including the scenarios)
>> 2) allow null to be returned if providers cannot generate default parameters. (<= this is addressed in the proposed changes)
>> 3) accommodate algorithm-specific/provider-specific implementation on how parameters is handled. (<= this is addressed in the proposed changes as well. However, this part in Signature class needs update since it states the the SAME parameters are returned but AlgorithmParameterSpec may not require all parameter values to be specified.)
>
> Sorry, I should have been more specific. JDK-8209038 references JDK-8206171 which I think was filed by the TCK team. In that bug description, it says:
>
>> This bug is filed for clarification of specification (see comment)
>> Please clarify the specification to include a possible exception being thrown (ProviderException for RSASSA-PSS) or other possible exceptions for future Signature algorithms that require mandatory parameters by the user before any operations could be performed, and user did not set any parameters before using the Signature operations (sign, update, verify).
>> Or
>> null could be returned (as per specification)
>
> I assumed the `ProviderException` case could potentially apply to a `Cipher` algorithm as well.
You can ignore my last comment. I had not realized that the fix for JDK-8209038 was to make `engineGetParameters` return `null` instead of throwing `ProviderException` when RSASSA-PSS params are not specified.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8117
More information about the security-dev
mailing list