RFR 8130302: jarsigner and keytool -providerClass needs be re-examined for modules
Wang Weijun
weijun.wang at oracle.com
Thu Feb 18 00:46:12 UTC 2016
> On Feb 18, 2016, at 5:15 AM, Mandy Chung <mandy.chung at oracle.com> wrote:
>
> Can I say -providerClass <NAME> -providerArg <ARG> is equivalent to extending java.security to add “security.provider.N=NAME ARG”?
Yes.
>
> I suggest to keep -providerClass and -providerArg only for legacy security provider (i.e. not a service provider to java.security.Provider).
>
> For security providers that are converted to service provider:
>
> What about updating -provider <NAME>[:<ARG>] option such that (1) it accepts “provider name” only (not class name) and (2) an optional argument? Although it’s an incompatible change, for legacy security provider, they can still use -providerClass option.
Why must only "provider name"?
We can document this way (-providerClass for legacy and -provider for new) and still treat -providerClass and -provider the same (which is what we are doing now) internally. I cannot see any harm and it is compatible.
Even java.security supports both name and class now, right?
Thanks
Max
>
> Mandy
More information about the security-dev
mailing list