Code review request for storing code signer info

Mandy Chung mandy.chung at oracle.com
Fri Jan 14 11:09:44 PST 2011


  On 1/14/11 8:33 AM, Sean Mullan wrote:
> On 1/13/11 3:30 PM, Mandy Chung wrote:
>> On 01/13/11 07:52, Sean Mullan wrote:
>>> See 
>>> http://cr.openjdk.java.net/~mullan/jigsaw/webrevs/jigsaw-certs/webrev.00/
>>>
>>
>> org/openjdk/jigsaw/ModuleFileFormat.java
>> line 1744-1746: I think synchronization may not be an issue here as 
>> module
>> installation is done in a single thread.
>
> Ok, I'll leave the code as is for now, but I'll add a code comment 
> that we may need to synchronize this. There are actually several 
> CertificateFactory objects instantiated at different layers of the 
> code when verifying a signed module, so one of the things I also want 
> to look at is whether it is possible to reduce that number and reuse 
> the same CertificateFactory.
>
>> line 1843:
>> jpkg takes the -k <keystore> option. I wonder if jmod should also 
>> accept an
>> alternative keystore location rather than using a system property to 
>> override
>> it. Or it is a requirement to use the system-wise cacerts file?
>
> It is not a requirement to use a system-wide cacerts file, but that 
> should be the default in my opinion.
>
> I'm not thrilled about using a system property but I also don't want 
> to necessarily clutter the command line tool with additional options 
> that should be rarely used.
>

I agree that the system-wide cacerts should continue to be the default.  
As it rarely needs to override the location of cacerts file, a system 
property for the testing purpose would suffice.

> Have we given any thought as to whether we will add some sort of 
> configuration properties file to allow default settings to be 
> overridden? There are other security defaults that will likely need to 
> be overriden, such as revocation checking settings.
>
In JRE, there is a $JAVA_HOME/lib/security/java.security properties file 
that allows the default security settings to be overriden.  Do you mean 
whether we will add a new configuration properties file for the base 
module to use (replacing java.security one?)?  We haven't thought about 
that but I think it's something we should consider.

Reading a properties file for configuration has startup impact.  I found 
that some existing properties files in the JRE such as 
logging.properties incur unnecessary startup cost as most applications 
use the default configuration.  Generally if we add a new configuration 
properties file, I would propose to build in the default configuration 
in the runtime and we will just ship a template file (different name as 
the actual configuration file so that the file only exists if it's not 
the default).

>> line 1855-1858: it would be good to use try-with-resources.
>
> Ah, you mean the Project Coin enhancement? Is there an example of code 
> that uses this already that you can point me to?
>

I don't know off hand but the specification is here:
    http://blogs.sun.com/darcy/entry/project_coin_updated_arm_spec

I believe Stuart will modernize the JDK to use try-with-resources for 
JDK 7 after he finishes the diamond conversion.

Mandy



More information about the jigsaw-dev mailing list