On Tue, 19 Jul 2022 13:14:17 GMT, Matthias Baesken <mbaes...@openjdk.org> wrote:
> The issue https://bugs.openjdk.org/browse/JDK-8282538 gave an example of the > following PKCS11 exception (see attached jtr files of that bug) : > > .... Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: 0xCE534351 > > Unfortunately the error code 0xCE534351 is currently not in the RV/errorMap > table of PKCS11Exception, That's why we get this > hex code and no more descriptive output, this could be improved. PKCS11Exception objects are constructed by PKCS#11 JNI code and vendor info is not readily available there. One easy compromise is to keep the hex error code value but append the string form when there is a match., i.e. + public static enum RV_VENDOR { + // NSS + CKR_NSS_CERTDB_FAILED(0xCE534351L), + CKR_NSS_KEYDB_FAILED(0xCE534352L); + + private final long value; + + RV_VENDOR(long value) { + this.value = value; + } + }; + private static String lookup(long errorCode) { for (RV r : RV.values()) { if (r.value == errorCode) { return r.name(); } } - // for unknown PKCS11 return values, just use hex as its string - return "0x" + Functions.toFullHexString((int)errorCode); + // for unknown PKCS11 return values, use hex as its string + String res = "0x" + Functions.toFullHexString((int)errorCode); + // for vendor-defined values, check the enum for vendors and include + // potential matches + if ((errorCode & 0x80000000L) != 0) { + // for unknown PKCS11 return values, just use hex as its string + for (RV_VENDOR r : RV_VENDOR.values()) { + if (r.value == errorCode) { + res += ("(" + r.name() + ")"); + break; + } + } + } + return res; This way, even if the vendor is not NSS, but the original return value is still available for callers. Just my .02. ------------- PR: https://git.openjdk.org/jdk/pull/9555
