6995421: Eliminate the static dependency to sun.security.ec.ECKeyFactory

Stephen Flores stephen.flores at oracle.com
Tue Jul 31 16:20:48 PDT 2012


I forgot that there is no longer a need to duplicate the ECKeyFactory 
class in rt.jar.

Can you take a quick look at webrev-2 that has the makefile changes that 
eliminate the duplication?



On 07/25/2012 11:22 AM, Vincent Ryan wrote:
> Hello Stephen,
> Your changes look good.
> Thanks.
> On 20/07/2012 21:18, Stephen Flores wrote:
>> Please review the following webrev:
>> http://cr.openjdk.java.net/~sflores/6995421/
>> for bug: 6995421 Eliminate the static dependency to
>> sun.security.ec.ECKeyFactory
>> Description of the problem:
>> sun.security.x509.AlgorithmId and sun.security.pkcs11.P11ECKeyFactory
>> depend on an public static fields sun.security.ec.ECKeyFactory
>> Also, while debuging I found that ECPublicKeyImpl did not check for
>> missing domain parameters while parsing a key, the way ECPrivateKeyImpl
>> does.
>> Evaluation:
>> At the time of development of AlgorithmId there was no public provider
>> for EC Key Factory, a public provider has been added since.
>> Description of fix:
>> Since code in sun.security.x509.AlgorithmId the used the provider in
>> ECKeyFactory was removed since the call to the public API now provides
>> EC AlgorithmParameters.
>> sun.security.pkcs11.P11ECKeyFactory was changed to use public KeyFactory
>> API to get a key factory.
>> Additional changes:
>> A null check of the alorithm parameters was added to
>> ECPublicKey.parseKeyBits.
>> The internal provider in ECKeyFactory has been removed and it entries
>> move to the SunEC provider class and any references to it have been
>> changed to use the public provider API.
>> Changed the TestEC to the the public API to get the SunEC provider the
>> way applications would.
>> The PKCS11 test methods that are shared TestEC were changed not to
>> delete the provider given to them, which did not matter in the past
>> since internal provider in ECKeyFactory was being used by EC classes.
>> Thanks,
>> Steve.

More information about the security-dev mailing list