RFR: 8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR

Sean Mullan mullan at openjdk.java.net
Tue Feb 1 22:06:37 UTC 2022


This fixes a bootstrapping issue if a custom system class loader is set with the `-Djava.system.class.loader` option and the custom class loader is inside a signed JAR.  In order to load the custom class loader, the runtime must verify the signed JAR first, and the algorithm constraint code tries to load a `Locale` provider using a `ServiceLoader` before the class loader is set, and this causes a `ServiceConfigurationError`.

The fix removes a dependency from the security algorithm "denyAfter" constraint parsing code on the `Calendar` API which uses a `ServiceLoader` for gathering default locale information. Instead the `ZonedDateTime` API is now used, which simplifies the code and removes some unnecessary code from `keytool` as well.

-------------

Commit messages:
 - Remove trailing whitespace.
 - Initial fix for JDK-8280890.

Changes: https://git.openjdk.java.net/jdk/pull/7316/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=7316&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8280890
  Stats: 183 lines in 4 files changed: 139 ins; 28 del; 16 mod
  Patch: https://git.openjdk.java.net/jdk/pull/7316.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/7316/head:pull/7316

PR: https://git.openjdk.java.net/jdk/pull/7316



More information about the security-dev mailing list