[9] RFR:8130360: Add tests to verify 3rd party security providers if they are in signed/unsigned modular JARs

Sibabrata Sahoo sibabrata.sahoo at oracle.com
Mon Nov 30 11:13:11 UTC 2015


Here is the updated webrev: http://cr.openjdk.java.net/~asmotrak/siba/8130360/webrev.02/

I have one question:
What should be the behavior when the older version of 3rd party JCE provider jar file(without service descriptor "META-INF/services/*" & working with <= JDK8) configured by "java.security" file, will be place in CLASS_PATH, running through JDK9 and the client is using Security.getProvider() to look for the provider?

Currently the scenario fails to find the JCE provider. Is this right behavior? If it is, then jdk9 is not backward compatible to find the security provider provided through older jar files from CLASS_PATH.

Thanks,
Siba

-----Original Message-----
From: Wang Weijun 
Sent: Sunday, November 29, 2015 2:54 PM
To: Siba Sahoo
Cc: security-dev at openjdk.java.net; jigsaw-dev at openjdk.java.net; Sean Mullan
Subject: Re: [9] RFR:8130360: Add tests to verify 3rd party security providers if they are in signed/unsigned modular JARs

Some comments:

1. Maybe use jdk/testlibrary/JDKToolLauncher.java to launch jarsigner?

2. You mentioned it's difficult to set a security provider in java.security file. Have you tried "-Djava.security.properties=="? It is described at the beginning of java.security.

Thanks
Max

> On Nov 23, 2015, at 9:14 PM, Siba Sahoo <sibabrata.sahoo at oracle.com> wrote:
> 
> +HYPERLINK "mailto:security-dev at openjdk.java.net"security-dev at openjdk.java.net
> 
> 
> 
> From: Siba Sahoo 
> Sent: Monday, November 23, 2015 4:56 PM
> To: jigsaw-dev at openjdk.java.net; Sean Mullan
> Subject: [9] RFR:8130360: Add tests to verify 3rd party security providers if they are in signed/unsigned modular JARs
> 
> 
> 
> Hi,
> 
> 
> 
> Please help me with your review of this test for JBS: https://bugs.openjdk.java.net/browse/JDK-8130360, 
> 
> 
> 
> Webrev: http://cr.openjdk.java.net/~asmotrak/siba/8130360/webrev.01/
> 
> 
> 
> Description
> 
> Tests to verify 3rd party security providers if they are in signed/unsigned modular JARs. The test code checks the modular behavior with different combination of separate client & security provider, when available as modular(signed/unsigned) jar. It address total  of 72 test cases with the following criteria:
> 
> 
> 
> (Signed/Unsigned Jar) X (ClassLoader/ServiceLoader) X (combination of EXPLICIT/AUTO/UNAMED modules) X (With/Without Service descriptor) 
> 
> 
> 
> Thanks,
> 
> Siba
> 
> 




More information about the security-dev mailing list