OK, please take a review at the new version at http://cr.openjdk.java.net/~weijun/8130302/webrev.04/
Changes from webrev.03: 1. The new option name -addprovider is used, along with the changes in Resources.java. 2. In KeyStoreUtil::loadProviderByClass, special treatment for "sun.security.pkcs11.SunPKCS11" and "com.oracle.security.crypto.UcryptoProvider". 3. In KeyStoreUtil::loadProviderByName, check if the name is already loaded, configure and add it if necessary. As I said in my previous mail, this can be useful if something like SunPKCS11 is defined inside java.base. 4. Valarie asked me to bring in a change to the OracleUcrypto provider, which allows arbitrary config file. Changes are inside java.policy and UcryptoProvider.java. Thanks Max > On Jun 13, 2016, at 12:23 PM, Mandy Chung <mandy.ch...@oracle.com> wrote: > > >> On Jun 12, 2016, at 11:33 AM, Alan Bateman <alan.bate...@oracle.com> wrote: >> >> >> >> On 12/06/2016 13:44, Wang Weijun wrote: >>> I was about to send out a new webrev (CCC just approved) but noticed a >>> behavior change. >>> >>> Although "-addprovider SUN" is useless it still worked when I posted >>> webrev.03, but now it failed, because ServiceLoader.load(Provider.class) >>> does not contain "SUN" anymore. Maybe it is inside java.base and loaded in >>> a shortcut mode? >>> >> "SUN" ,"SunJCE", "SunRsaSign", and "SunJSSE" are built-in, I think Valerie >> has code in sun.security.jca.ProviderConfig for this. I don't recall >> java.base ever declaring that it `provides` these providers, except maybe >> via a META-INF/services configuration file for a short period from the >> original JCE work and the dropping the service configuration files. > > I think Alan is right. They were not loaded via ServiceLoader.load because > of the build complexity to get multiple service config files before the > module system went in jdk9. > > As it stands now, no provides java.security.Provider in java.base after > JDK-8157489 is resolved. > > Mandy
