RFR: 8345139: Fix bugs and inconsistencies in the Provider services map [v5]
Martin Balao
mbalao at openjdk.org
Thu Apr 3 00:30:50 UTC 2025
On Tue, 4 Mar 2025 01:59:58 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Francisco Ferrari Bihurriet has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Clear ServicesMap fields in the declared order
>>
>> Constructors assign the fields in the same order.
>
> src/java.base/share/classes/java/security/Provider.java line 1037:
>
>> 1035: }
>> 1036:
>> 1037: if (mi.isLegacy) {
>
> For legacy entry, there is no check on the `legacyApiCall` value, is this due to the call path from `resolveKeyConflict` method? However, should a legacy entry be removed by the `removeService` method? If not, then additional check may be needed?
There is no check because entries added with the Legacy API can be removed (i.e. overwritten) with entries added with the Current API. Current API operations take precedence.
Looks like someone can invoke `removeService` with a Service instance whose algorithm was added with the Legacy API and the code is not stopping this removal. May be a good idea to stop this. @franferrax , what do you think?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22613#discussion_r2025816338
More information about the security-dev
mailing list