On Thu, 21 Oct 2021 19:16:34 GMT, Alexey Bakhtin <abakh...@openjdk.org> wrote:
>> Hello,
>>
>> Could you please review the small patch for the issue described in
>> JDK-8271199: Mutual TLS handshake fails signing client certificate with
>> custom sensitive PKCS11 key
>>
>> I suggest updating the RSAPSSSignature.isValid() method to verify if
>> provided key components can be applied to SunRSASign implementation.
>> If not applied, implementation can try to select signer from other providers
>>
>> Regards
>> Alexey
>
> Alexey Bakhtin has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Change exception handling
Changes requested by xuelei (Reviewer).
src/java.base/share/classes/sun/security/rsa/RSAPSSSignature.java line 212:
> 210: */
> 211: private void isPrivateKeyValid(RSAPrivateKey prKey) throws
> InvalidKeyException {
> 212: InvalidKeyException ikException = null;
If I read the code correct, by define a local variable, it looks like you are
trying to avoid to re-throw the exception in the catch clause. But this style
adds additional effort to read the code. Exception re-throw should be fine as
if the exception has been generated and will be thrown in the end of the method.
src/java.base/share/classes/sun/security/rsa/RSAPSSSignature.java line 220:
> 218: crtKey.getPublicExponent());
> 219: } else {
> 220: ikException = new InvalidKeyException(
See above comment, I will just throw the exception, rather than cache it.
-------------
PR: https://git.openjdk.java.net/jdk/pull/4887
