RFR 7191662: JCE providers should be located via ServiceLoader,
Mandy Chung
mandy.chung at oracle.com
Tue May 26 22:27:55 UTC 2015
sun/security/jca/ProviderConfig.java
287 /**
288 * Loads the provider with the specified class name.
289 *
290 * @param name the name of the provider class
291 * @return the Provider, or null if it cannot be found or
loaded
292 * @throws ProviderException all other exceptions are ignored
293 */
294 public Provider load(String classname) {
:
305 if (p.getClass().getName().equals(classname)) {
306 return p;
307 }
Is this load method supposed to take the provider name instead of the
classname?
line 305 should check against p.getName() instead? The legacyLoad
method is
for the fallback to the class name.
java.security now uses classname. Did you decide to use security
provider name instead?
Even so, the legacyLoader method should be able to find them and the
load method
looks to me should check the provider name instead.
test/java/lang/SecurityManager/CheckSecurityProvider.java
you add this test to run with security manager. I wonder if you want
to run with and without security manager through @run othervm.
Now each security provider has a name. Should this test verify the
provider
name as well?
test/tools/launcher/MiscTests.java
- does this test need to call sun.security.pkcs11 internal API? Can
this be
changed to call public API?
I didn't review other files.
Mandy
On 05/26/2015 01:57 PM, Sean Mullan wrote:
> This all looks fine to me (except for the Makefile stuff which I'll
> leave to others).
>
> --Sean
>
> On 05/21/2015 12:21 AM, Valerie Peng wrote:
>> Sean,
>>
>> Could you please review this change? The changes are mostly the same as
>> the prototype in Jake, but I have to make some modification due to the
>> difference in ServiceLoader lookup in OpenJDK (corresponding
>> META-INF/services/java.security.Provider files in each module) and the
>> related makefile change (merge their content into one for the final
>> image build). Then, I adjusted the Provider.configure() method to take a
>> single String argument to be consistent with the "providerarg" option
>> that keytool defined.
>>
>> In addition, I also made some misc changes, such as configuring the
>> providers inside ProviderConfig instead of ProviderLoader, add back the
>> doPrivileged block to all the provider constructors. I also have second
>> thought on making the switch to privider name (instead of provider class
>> name) in java.security file, so I reverted the changes on that - that
>> SunPKCS11 provider has its name specified in its configuration file, so
>> when ServiceLoader loads the PKCS11 provider, the configuration file has
>> not been passed to it, so the name is not known at that time. Thus,
>> using the class name for the provider list entry seems to fit the flow
>> better. I also updated the default policy for SunPKCS11 provider given
>> its recent change of using sun.misc.
>>
>> Webrev: http://cr.openjdk.java.net/~valeriep/7191662/webrev.00/
>> CCC: http://ccc.us.oracle.com/7191662
>>
>> Thanks,
>> Valerie
>>
More information about the security-dev
mailing list