RFR 8130302: jarsigner and keytool -providerClass needs be re-examined for modules

Alan Bateman Alan.Bateman at oracle.com
Tue Jun 14 11:16:38 UTC 2016



On 14/06/2016 04:28, Wang Weijun wrote:
> OK, please take a review at the new version at
>
>    http://cr.openjdk.java.net/~weijun/8130302/webrev.04/
>
> Changes from webrev.03:
>
> 1. The new option name -addprovider is used, along with the changes in Resources.java.
>
> 2. In KeyStoreUtil::loadProviderByClass, special treatment for "sun.security.pkcs11.SunPKCS11" and "com.oracle.security.crypto.UcryptoProvider".
>
> 3. In KeyStoreUtil::loadProviderByName, check if the name is already loaded, configure and add it if necessary. As I said in my previous mail, this can be useful if something like SunPKCS11 is defined inside java.base.
>
> 4. Valarie asked me to bring in a change to the OracleUcrypto provider, which allows arbitrary config file. Changes are inside java.policy and UcryptoProvider.java.
>
>
I assume someone folks on security libraries will review this. A general 
comment is that the options looks good to me. A minor comment is that 
the I assume it should be "class name" rather than "classname" in usage 
message.

-Alan.


More information about the security-dev mailing list