This chapter illustrates how to identify closely error conditions raised when invoking functions from the OraPGP (ORA_PGP) PL/SQL package. This feature is available as of version 1.1.x of OraPGP.
OraPGP suffers from the Java stored procedures limitations in terms of exception handling exposure in PL/SQL. So we had to invent a custom exception identification strategy in order to allow PL/SQL developers to be able to identify the exact cause of an OpenPGP related error and take recovery actions if needed.
Exception handling
ORA_PGP raises exceptions of type ORA_PGP.PGP_EXCEPTION.
In order to identify the exception we rely on the function ORA_PGP.GET_PGP_ERROR in order to get the internal type of error. The example below demonstrates how to use both in the EXCEPTION PL/SQL section:
BEGIN ORA_PGP.( ... EXCEPTION WHEN ORA_PGP.PGP_EXCEPTION THEN BEGIN -- identify here the recognized by ORA_PGP error conditions IF ORA_PGP.GET_PGP_ERROR() = ORA_PGP.PGP_WRONG_PASSWORD_ERR THEN DBMS_OUTPUT.PUT_LINE('The password for the private key is not matching: ' || SQLERRM); ELSIF ORA_PGP.GET_PGP_ERROR() = ORA_PGP.PGP_WRONG_PRIVATE_KEY_ERR THEN DBMS_OUTPUT.PUT_LINE('The provided key is not a valid OpenPGP private key.'); ELSIF ORA_PGP.GET_PGP_ERROR() = ORA_PGP.PGP_NO_PUBLIC_KEY_ERR THEN DBMS_OUTPUT.PUT_LINE('The provided key is not a valid OpenPGP public key.'); ELSIF ORA_PGP.GET_PGP_ERROR() = ORA_PGP.PGP_DETACHED_SIGNATURE_ERR THEN DBMS_OUTPUT.PUT_LINE('expected OpenPGP signed content passed for verification is a detached OpenPGP signature.'); ELSIF ORA_PGP.GET_PGP_ERROR() = ORA_PGP.PGP_DATA_ENCRYPTED_ERR THEN DBMS_OUTPUT.PUT_LINE('expected OpenPGP signed content passed for verification is an encrypted OpenPGP message'); ELSIF ORA_PGP.GET_PGP_ERROR() = ORA_PGP.PGP_PASS_ENCRYPTED_ERR THEN DBMS_OUTPUT.PUT_LINE('expected key encrypted OpenPGP message is a password encrypted OpenPGP message'); ELSIF ORA_PGP.GET_PGP_ERROR() = ORA_PGP.PGP_INTEGRITY_CHECK_ERR THEN DBMS_OUTPUT.PUT_LINE('OpenPGP message integrity check failed'); ELSIF ORA_PGP.GET_PGP_ERROR() = ORA_PGP.PGP_NO_PGP_DATA_ERR THEN DBMS_OUTPUT.PUT_LINE('expected input OpenPGP message is either corrupted or not an OpenPGP message at all'); ELSIF ORA_PGP.GET_PGP_ERROR() = ORA_PGP.PGP_KEY_EXPIRED_ERR THEN DBMS_OUTPUT.PUT_LINE('public key passed for encryption has expired'); ELSIF ORA_PGP.GET_PGP_ERROR() = ORA_PGP.PGP_KEY_REVOKED_ERR THEN DBMS_OUTPUT.PUT_LINE('public key passed for encryption has been revoked'); ELSIF ORA_PGP.GET_PGP_ERROR() = ORA_PGP.PGP_GENERAL_PGP_ERR THEN DBMS_OUTPUT.PUT_LINE('General OpenPGP error: ' || SQLERRM); ELSIF ORA_PGP.GET_PGP_ERROR() = ORA_PGP.PGP_GENERAL_IO_ERR THEN DBMS_OUTPUT.PUT_LINE('I/O error: ' || SQLERRM); END IF; END; WHEN OTHERS THEN DBMS_OUTPUT.PUT_LINE('General error : ' || SQLERRM ); END |
Summary
This chapter is a brief overview how to identify an OpenPGP related error condition raised when using the DidiSoft ORA_PGP PL/SQL package. It can be use with all the cryptography related functions offered by the package, offering recovery actions to be taken in case of an error.
List of methods and exceptions used
Name | Description |
ORA_PGP.PGP_EXCEPTION | Exception raised from the ORA_PGP package |
ORA_PGP.GET_PGP_ERROR() | Function returning error code identifying the cause of the current exception.
Note: If called outside of an EXCEPTION PL/SQL block, it will return an arbitrary result. |