On Thu, 8 Apr 2021 17:10:13 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/DerValue.java line 322:
>>
>>> 320: tag = buf[pos++];
>>> 321: if ((tag & 0x1f) == 0x1f) {
>>> 322: throw new IOException("Tag number over 30 is not
>>> supported");
>>
>> Would it be useful for these types of exception messages to either display
>> the offending tag value or perhaps the tag offset? Just thinking it might
>> be a nice thing for the recipient to know where in the DER encoding the
>> issue is.
>
> I don't want to go on reading the following bytes to find out what the
> intended tag number is, because that somehow shows I do understand the
> encoding _a lot_ but still don't want to support it (well, actually I only
> understand _a little_). There are only 2 kinds of tags: one <= 30 and one >=
> 31. IMHO, the message has already expressed the meaning that we only support
> the 1st one.
>
> An alternative message I can think of is "Unsupported tag byte: 0xBF", but it
> looks too cryptic.
I think that is fair. If you don't want to read ahead like that, what about
using the "offset" or "pos" field to give a message like "Tag number over 30 at
offset NN is not supported" (something like that, at least) Maybe don't worry
about the tag value itself, but at least the position in the data stream. Just
a suggestion only, no strong feelings about this either way.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3391
