RFR 8130302: jarsigner and keytool -providerClass needs be re-examined for modules
Alan Bateman
Alan.Bateman at oracle.com
Thu Feb 18 08:25:28 UTC 2016
On 18/02/2016 08:10, Weijun Wang wrote:
> :
>
> Today, we tell users to load their own PKCS11 provider with
>
> -providerClass sun.security.pkcs11.SunPKCS11 -providerArg some.cfg
>
> and seems the new options should be
>
> -provider SunPKCS11 -providerArg some.cfg
>
> Why not just support all these formats? It's not really difficult and
> I don't think it's harmful, no ambiguity, simple code...
I think the current proposal keeps things simple, it's exactly what I
was trying to get to in the original mails.
The existing -providerClass takes a class name and works as before. The
-provider takes the name of a security provider and locates the provider
with that name. For -provider then an example in the usage message
would make it very clear.
You are right that it would be simple code to fallback and handle both
but this will just lead to mis-use and will make it harder to change in
the future. For the java.security file then the fallback was important
because it seemed common for 3rd party providers to add security
providers there. It's not obvious that it is important here.
BTW: Docs and help output use the term "provider master class". Is the
word "master" needed? It hints of master key or the like but it's really
the name of the security provider implementation class.
-Alan
More information about the security-dev
mailing list