RFR: 8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR
Sean Mullan
mullan at openjdk.java.net
Tue Feb 1 22:06:37 UTC 2022
This fixes a bootstrapping issue if a custom system class loader is set with the `-Djava.system.class.loader` option and the custom class loader is inside a signed JAR. In order to load the custom class loader, the runtime must verify the signed JAR first, and the algorithm constraint code tries to load a `Locale` provider using a `ServiceLoader` before the class loader is set, and this causes a `ServiceConfigurationError`.
The fix removes a dependency from the security algorithm "denyAfter" constraint parsing code on the `Calendar` API which uses a `ServiceLoader` for gathering default locale information. Instead the `ZonedDateTime` API is now used, which simplifies the code and removes some unnecessary code from `keytool` as well.
-------------
Commit messages:
- Remove trailing whitespace.
- Initial fix for JDK-8280890.
Changes: https://git.openjdk.java.net/jdk/pull/7316/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=7316&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8280890
Stats: 183 lines in 4 files changed: 139 ins; 28 del; 16 mod
Patch: https://git.openjdk.java.net/jdk/pull/7316.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/7316/head:pull/7316
PR: https://git.openjdk.java.net/jdk/pull/7316
More information about the security-dev
mailing list