On Fri, 6 Aug 2021 20:51:23 GMT, Martin Balao <mba...@openjdk.org> wrote:
> > > Yes, I see what you mean. Contrary to P11PrivateKey::getFormat and > P11PrivateKey::getEncodedInternal where a 'null' returned value is documented > in java.security.Key, we don't have that documentation for the other > interfaces such as java.security.interfaces.DSAPrivateKey. That can lead to > NPE if the client casts the P11Key to the interface, invokes the method and > depends on a non-null value. I will give this some thought and try to come up > with something, because the information is already there and (in reality) we > need it internally only. It's clear that all these interfaces were not > designed with unextractable P11 keys in mind, because it makes sense to me > (conceptually) to have a private key from which we can retrieve some values > (public, such as the parameters) and not other ones. Right, PKCS11 and unextractable keys come a few releases later after the JCA API. So, there may be some difficulties trying to work them into existing APIs. In order to maintain backward compatibility, API changes are also limited. ------------- PR: https://git.openjdk.java.net/jdk/pull/4961
