RFR: JDK-8290532: Adjust PKCS11Exception and handle more PKCS11 error codes [v2]

Valerie Peng valeriep at openjdk.org
Wed Jul 27 17:02:42 UTC 2022


On Wed, 27 Jul 2022 11:41:07 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java line 206:
>> 
>>> 204:         // potential matches
>>> 205:         if ((errorCode & 0x80000000L) != 0) {
>>> 206:             // for unknown PKCS11 return values, just use hex as its string
>> 
>> nit: dup with line 201; can be removed.
>
> Hi Valerie I removed the comment line, also removed the '(' ')' at one place where they seem to be not needed.
> Regarding "adresses the new output my needs" - ideally I would like to see some error text like the ones we find at http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html  where the eror codes are explained.
> But adding the (I think rather common) vendor errors is an improvement.

For standard errors (except the deprecated one), the output is their name (e.g. CKR_xxx) instead of the value (0xABxxx hex). Vendor error code is vendor specific. It'd be nice if PKCS#11 API would provide an method for retrieving a String info based on error code, then callers won't have to refer to vendor's doc for the meaning.

Changes look good to me. Test result looks clean too.

-------------

PR: https://git.openjdk.org/jdk/pull/9555



More information about the security-dev mailing list