RFR 8130302: jarsigner and keytool -providerClass needs be re-examined for modules
Mandy Chung
mandy.chung at oracle.com
Mon Jun 13 04:23:28 UTC 2016
> On Jun 12, 2016, at 11:33 AM, Alan Bateman <Alan.Bateman at oracle.com> wrote:
>
>
>
> On 12/06/2016 13:44, Wang Weijun wrote:
>> I was about to send out a new webrev (CCC just approved) but noticed a behavior change.
>>
>> Although "-addprovider SUN" is useless it still worked when I posted webrev.03, but now it failed, because ServiceLoader.load(Provider.class) does not contain "SUN" anymore. Maybe it is inside java.base and loaded in a shortcut mode?
>>
> "SUN" ,"SunJCE", "SunRsaSign", and "SunJSSE" are built-in, I think Valerie has code in sun.security.jca.ProviderConfig for this. I don't recall java.base ever declaring that it `provides` these providers, except maybe via a META-INF/services configuration file for a short period from the original JCE work and the dropping the service configuration files.
I think Alan is right. They were not loaded via ServiceLoader.load because of the build complexity to get multiple service config files before the module system went in jdk9.
As it stands now, no provides java.security.Provider in java.base after JDK-8157489 is resolved.
Mandy
More information about the security-dev
mailing list