[9] RFR:8130360: Add tests to verify 3rd party security providers if they are in signed/unsigned modular JARs

Valerie Peng valerie.peng at oracle.com
Mon Jan 4 18:53:54 UTC 2016


Well, for Jake repo, it will have to be either Mandy or Sean (Mullan). I 
can't push to that repo...
Valerie

On 1/4/2016 1:13 AM, Sibabrata Sahoo wrote:
> Hi Valerie,
>
> If everything looks fine in the current version of webrev then can you please help me push the changes to JAKE repo.
>
> Thanks,
> Siba
>
> -----Original Message-----
> From: Wang Weijun
> Sent: Monday, January 04, 2016 2:36 PM
> To: Sibabrata Sahoo
> Cc: Mandy Chung; Valerie Peng; jigsaw-dev at openjdk.java.net; OpenJDK
> Subject: Re: [9] RFR:8130360: Add tests to verify 3rd party security providers if they are in signed/unsigned modular JARs
>
> I have no more comment.
>
> --Max
>
>> On Jan 3, 2016, at 3:48 PM, Sibabrata Sahoo<sibabrata.sahoo at oracle.com>  wrote:
>>
>> Updated the bug title and description.
>>
>> Thanks,
>> Siba
>>
>> -----Original Message-----
>> From: Wang Weijun
>> Sent: Sunday, January 03, 2016 1:02 PM
>> To: Sibabrata Sahoo
>> Cc: Mandy Chung; Valerie Peng; jigsaw-dev at openjdk.java.net; OpenJDK
>> Subject: Re: [9] RFR:8130360: Add tests to verify 3rd party security providers if they are in signed/unsigned modular JARs
>>
>> Then you don't need to include the "signed/unsigned" words in the bug description.
>>
>> --Max
>>
>>> On Jan 3, 2016, at 2:30 PM, Sibabrata Sahoo<sibabrata.sahoo at oracle.com>  wrote:
>>>
>>> Hi Max,
>>>
>>> The test is for verifying 3rd party security provider in classpath/modulepath. I am using an empty provider to check, if the provider can be found during runtime when the bundle provided through classpath/modulepath with different modular type combination. As the provider is empty, I think this is unnecessary to sign the bundle.
>>>
>>> Even the same comment[1] was also provided by "Valerie" few days ago and the comment was addressed with this webrev,
>>>
>>> [1] I think it's somewhat misleading to use the term JCE here as what you are testing here is just security provider loading. JCE is more about security providers supporting export-controlled services/algorithms. Since your provider is just an empty one, I don't think u need to sign it (again, it's only for JCE providers).
>>>
>>> Thanks,
>>> Siba



More information about the security-dev mailing list