RFR: 4936767: Parameters for MessageDigest

Sean Mullan mullan at openjdk.org
Wed Nov 15 22:26:34 UTC 2023


On Wed, 15 Nov 2023 20:46:27 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> src/java.base/share/classes/java/security/MessageDigest.java line 436:
>> 
>>> 434:      *         {@code MessageDigestSpi} implementation for the
>>> 435:      *         specified algorithm and parameters
>>> 436:      *
>> 
>> Is there a reason why you didn't throw IAPE when params are bad?
>
> This is following the `SecureRandom` style where there are both `getInstance` methods that has or has not the parameters argument. If you think IAPE is better I can also throw it. `CertStore` does this way and it has a dedicated method to extract the cause of the NSAE thrown by `GetInstance.getInstance` and rethrow it. See https://github.com/openjdk/jdk/blob/9486969bd3cb084c89a7255de0c664c980d1e661/src/java.base/share/classes/java/security/cert/CertStore.java#L249

Hmm, interesting. I have a slight preference for the `CertStore` approach because it feels like the caller can more easily distinguish between the two cases but I could probably live with either. What do you prefer?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/16660#discussion_r1394903586


More information about the security-dev mailing list