RFR: JDK-8290532: Adjust PKCS11Exception and handle more PKCS11 error codes [v2]
Valerie Peng
valeriep at openjdk.org
Wed Jul 27 17:02:42 UTC 2022
On Wed, 27 Jul 2022 11:41:07 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java line 206:
>>
>>> 204: // potential matches
>>> 205: if ((errorCode & 0x80000000L) != 0) {
>>> 206: // for unknown PKCS11 return values, just use hex as its string
>>
>> nit: dup with line 201; can be removed.
>
> Hi Valerie I removed the comment line, also removed the '(' ')' at one place where they seem to be not needed.
> Regarding "adresses the new output my needs" - ideally I would like to see some error text like the ones we find at http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html where the eror codes are explained.
> But adding the (I think rather common) vendor errors is an improvement.
For standard errors (except the deprecated one), the output is their name (e.g. CKR_xxx) instead of the value (0xABxxx hex). Vendor error code is vendor specific. It'd be nice if PKCS#11 API would provide an method for retrieving a String info based on error code, then callers won't have to refer to vendor's doc for the meaning.
Changes look good to me. Test result looks clean too.
-------------
PR: https://git.openjdk.org/jdk/pull/9555
More information about the security-dev
mailing list