On Thu, 21 Oct 2021 19:16:34 GMT, Alexey Bakhtin <abakh...@openjdk.org> wrote:
>> Hello, >> >> Could you please review the small patch for the issue described in >> JDK-8271199: Mutual TLS handshake fails signing client certificate with >> custom sensitive PKCS11 key >> >> I suggest updating the RSAPSSSignature.isValid() method to verify if >> provided key components can be applied to SunRSASign implementation. >> If not applied, implementation can try to select signer from other providers >> >> Regards >> Alexey > > Alexey Bakhtin has updated the pull request incrementally with one additional > commit since the last revision: > > Change exception handling Changes requested by xuelei (Reviewer). src/java.base/share/classes/sun/security/rsa/RSAPSSSignature.java line 212: > 210: */ > 211: private void isPrivateKeyValid(RSAPrivateKey prKey) throws > InvalidKeyException { > 212: InvalidKeyException ikException = null; If I read the code correct, by define a local variable, it looks like you are trying to avoid to re-throw the exception in the catch clause. But this style adds additional effort to read the code. Exception re-throw should be fine as if the exception has been generated and will be thrown in the end of the method. src/java.base/share/classes/sun/security/rsa/RSAPSSSignature.java line 220: > 218: crtKey.getPublicExponent()); > 219: } else { > 220: ikException = new InvalidKeyException( See above comment, I will just throw the exception, rather than cache it. ------------- PR: https://git.openjdk.java.net/jdk/pull/4887