RFR: 8316771: Krb5.java has not defined messages for all error codes
Weijun Wang
weijun at openjdk.org
Mon Oct 2 19:55:06 UTC 2023
On Mon, 2 Oct 2023 18:42:26 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Added 4 missing error codes and removed 2 wrong ones.
>>
>> KRB_AP_ERR_NOREALM claims itself to be "used in setDefaultCreds() in sun.security.krb5.Credentials" but it's no more.
>>
>> KRB_AP_ERR_GEN_CRED is used in one place but it's a local error and not meant to be embedded in a message. Therefore safe to be removed.
>
> src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java line 282:
>
>> 280: public static final int KRB_ERR_WRONG_REALM = 68; //Wrong realm
>> 281:
>> 282: public static final int KRB_CRYPTO_NOT_SUPPORT = 100; //Client does not support this crypto type
>
> Just wondering, and not a specific review comment, but do you know if this error code is necessary? It isn't defined in RFC 4120 and not used in the JDK AFAICT.
Then it's useless. There are several other error codes that are also used nowhere (Ex: `BITSTRING_SIZE_INVALID`). Maybe they were used long time ago, or maybe the original contributor used them in some other places and they had not cleaned up.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15892#discussion_r1343092001
More information about the security-dev
mailing list