RFR 8130302: jarsigner and keytool -providerClass needs be re-examined for modules

Wang Weijun weijun.wang at oracle.com
Fri Jul 1 00:40:37 UTC 2016

> On Jul 1, 2016, at 8:20 AM, Valerie Peng <valerie.peng at oracle.com> wrote:
> Max,
> Please find comments in line.
> On 6/29/2016 8:18 PM, Wang Weijun wrote:
>>> On Jun 30, 2016, at 9:39 AM, Valerie Peng <valerie.peng at oracle.com> wrote:
>>> Hi Max,
>>> Changes look fine. Just some comments/questions as below.
>>> <src/java.base/share/classes/sun/security/tools/keytool/Resources.java>
>>> - line 46, fix this {0} as well?
>> I don't see {0} in keytool/Resources.java.
>> There is one in jarsigner/Resources.java:
>>    46         {"signerClass.is.not.a.signing.mechanism", "{0} is not a signing mechanism"},
>> You mean it's useless now?
> Right, it's under the jarsigner directory. My eyes were crossed. ;)
> Is this used still? I didn't find reference to this one.

It is useless after the jdk.security.jarsigner.JarSigner API. I'll remove it.

>>> <test/sun/security/tools/keytool/i18n.html>
>>> - line 53, better to use -providerClass?
>> Both should work.
>> -addprovider works because SUN is already a loaded provider.
>> -providerclass works because sun.security.provider.Sun is a public class in the same module.
>> I prefer -addprovider because -providerclass is only for legacy providers loaded with reflection.
>> In fact, I noticed that SUN is also not in ServiceLoader.load(Provider.class), which means it is not a service. Is that why you suggest the test load it with -providerclass?
> I only saw -provider not -addprovider?

Confused. http://cr.openjdk.java.net/~weijun/8130302/webrev.06/test/sun/security/tools/keytool/i18n.html.html has

53 <li>      keytool -list -storepass password -addprovider SUN

> Correct, SUN provider is not exported as a provider for ServiceLoader. I don't have preference to use -providerClass over -addprovider. Whatever is the expected usage is fine with me.



More information about the security-dev mailing list