On Sun, 27 Apr 2025 22:18:13 GMT, Anthony Scarpino <ascarp...@openjdk.org>
wrote:
>> src/java.base/share/classes/java/security/PEMEncoder.java line 287:
>>
>>> 285: keySpec = null;
>>> 286: } catch (GeneralSecurityException e) {
>>> 287: throw new SecurityException("Security property " +
>>
>> Let's discuss whether to use `SecurityException` here. I would use
>> `ProviderException`.
>
> This is catching any errors that may occur that may not a result of the
> Provider. ProviderException is for errors/problems with the Provider.
The `SecurityException` class currently says:
* <p> This exception was originally specified for use with a SecurityManager
when
* an operation was denied. This feature no longer exists. This exception may be
* deprecated in a future release.
*
```
I do think `ProviderException` is adequate here. This is not the user's
problem. It's something that the provider assumed should not happen but
unfortunately happened ("misconfiguration errors or unrecoverable internal
errors" as described in javadoc of `ProviderException`).
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r2064043746
