Re: RFR 8130302: jarsigner and keytool -providerClass needs be re-examined for modules

[Mandy Chung]

> On Jun 12, 2016, at 11:33 AM, Alan Bateman  wrote:
> 
> 
> 
> On 12/06/2016 13:44, Wang Weijun wrote:
>> I was about to send out a new webrev (CCC just approved) but noticed a 
>> behavior change.
>> 
>> Although "-addprovider SUN" is useless it still worked when I posted 
>> webrev.03, but now it failed, because ServiceLoader.load(Provider.class) 
>> does not contain "SUN" anymore. Maybe it is inside java.base and loaded in a 
>> shortcut mode?
>> 
> "SUN" ,"SunJCE", "SunRsaSign", and "SunJSSE" are built-in, I think Valerie 
> has code in sun.security.jca.ProviderConfig for this. I don't recall 
> java.base ever declaring that it `provides` these providers, except maybe via 
> a META-INF/services configuration file for a short period from the original 
> JCE work and the dropping the service configuration files.

I think Alan is right.  They were not loaded via ServiceLoader.load because of 
the build complexity to get multiple service config files before the module 
system went in jdk9.

As it stands now, no provides java.security.Provider in java.base after 
JDK-8157489 is resolved.

Mandy 

Re: RFR 8130302: jarsigner and keytool -providerClass needs be re-examined for modules

[Alan Bateman]

On 12/06/2016 13:44, Wang Weijun wrote:

I was about to send out a new webrev (CCC just approved) but noticed a behavior 
change.

Although "-addprovider SUN" is useless it still worked when I posted webrev.03, but now 
it failed, because ServiceLoader.load(Provider.class) does not contain "SUN" anymore. 
Maybe it is inside java.base and loaded in a shortcut mode?

"SUN" ,"SunJCE", "SunRsaSign", and "SunJSSE" are built-in, I think 
Valerie has code in sun.security.jca.ProviderConfig for this. I don't 
recall java.base ever declaring that it `provides` these providers, 
except maybe via a META-INF/services configuration file for a short 
period from the original JCE work and the dropping the service 
configuration files.


-Alan.

Re: RFR 8130302: jarsigner and keytool -providerClass needs be re-examined for modules

[Wang Weijun]

I was about to send out a new webrev (CCC just approved) but noticed a behavior 
change.

Although "-addprovider SUN" is useless it still worked when I posted webrev.03, 
but now it failed, because ServiceLoader.load(Provider.class) does not contain 
"SUN" anymore. Maybe it is inside java.base and loaded in a shortcut mode?

Therefore I am looking to add some extra lines into the following method:

   public static void loadProviderByName(String provName, String arg) {
+   Provider loaded = Security.getProvider(provName);
+   if (loaded != null) {
+   if (arg != null) {
+   loaded = loaded.configure(arg);
+   Security.addProvider(loaded);
+   }
+   return;
+   }
   for (Provider p : ServiceLoader.load(Provider.class)) {
   if (p.getName().equals(provName)) {
   if (arg != null) {
   p = p.configure(arg);
   }
   Security.addProvider(p);
   return;
   }
   }
   throw new IllegalArgumentException();
   }

Although it might not be worth supporting "-addprovider SUN", but suppose one 
day we have a provider inside java.base that requires an argument, this would 
be useful.

If you are OK with this, I will send out a webrev.04 soon.

Thanks
Max

> On Feb 23, 2016, at 11:28 AM, Wang Weijun  wrote:
> 
> Webrev updated at http://cr.openjdk.java.net/~weijun/8130302/webrev.03/.
> 
> -provider and loadProviderByName() are useless for jdk9/dev, and 
> loadProviderByClass() only uses reflection.
> 
> The SunPKCS11 compatibility line will be add in a sub-patch for jake.
> 
> --Max