RFR: 8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR [v2]
Sean Mullan
mullan at openjdk.java.net
Sun Feb 6 19:51:05 UTC 2022
> This fixes a bootstrapping issue if a custom system class loader is set with the `-Djava.system.class.loader` option and the custom class loader is inside a signed JAR. In order to load the custom class loader, the runtime must verify the signed JAR first, and the algorithm constraint code tries to load a `Locale` provider using a `ServiceLoader` before the class loader is set, and this causes a `ServiceConfigurationError`.
>
> The fix removes a dependency from the security algorithm "denyAfter" constraint parsing code on the `Calendar` API which uses a `ServiceLoader` for gathering default locale information. Instead the `ZonedDateTime` API is now used, which simplifies the code and removes some unnecessary code from `keytool` as well.
Sean Mullan has updated the pull request incrementally with one additional commit since the last revision:
Check exit status of keytool and jarsigner in test.
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7316/files
- new: https://git.openjdk.java.net/jdk/pull/7316/files/914c8821..a52e5137
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7316&range=01
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7316&range=00-01
Stats: 6 lines in 1 file changed: 3 ins; 0 del; 3 mod
Patch: https://git.openjdk.java.net/jdk/pull/7316.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/7316/head:pull/7316
PR: https://git.openjdk.java.net/jdk/pull/7316
More information about the security-dev
mailing list