RFR: JDK-8290532: Adjust PKCS11Exception and handle more PKCS11 error codes [v2]

Valerie Peng valeriep at openjdk.org
Mon Jul 25 21:33:09 UTC 2022

On Fri, 22 Jul 2022 10:22:39 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

>> The issue https://bugs.openjdk.org/browse/JDK-8282538 gave an example of the following PKCS11 exception (see attached jtr files of that bug) :
>> .... Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: 0xCE534351
>> Unfortunately the error code 0xCE534351 is currently not in the RV/errorMap table of PKCS11Exception, That's why we get this
>> hex code and no more descriptive output, this could be improved.
> Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision:
>   do not add the deprecated CKR_COPY_PROHIBITED, handle vendor pkcs11 error codes differently

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java line 206:

> 204:         // potential matches
> 205:         if ((errorCode & 0x80000000L) != 0) {
> 206:             // for unknown PKCS11 return values, just use hex as its string

nit: dup with line 201; can be removed.


PR: https://git.openjdk.org/jdk/pull/9555

More information about the security-dev mailing list