> On Jun 13, 2016, at 8:28 PM, Wang Weijun <weijun.w...@oracle.com> wrote:
>
> OK, please take a review at the new version at
>
> http://cr.openjdk.java.net/~weijun/8130302/webrev.04/
>
The new -addProvider option is good. I mostly reviewed KeyStoreUtil.java and
skimmed through other files that I assume the security team will review them in
details.
267 * Loads a security provider in a module with its name.
This does not limit to modules. It can load security providers from classpath
via ServiceLoader.
282 for (Provider p : ServiceLoader.load(Provider.class)) {
This should use ServiceLoader.load(Provider.class,
ClassLoader.getSystemClassLoader()) instead of loading with TCCL.
291 throw new IllegalArgumentException();
Nit: good to have a message even if it’s not used.
295 * Loads a non-modularized security provider with its full-qualified
name.
I suggest to reword it to “Loads a security provider by a fully-qualified class
name”
move line 306 to 317
241 throw (InvalidParameterException)
This cast should not be needed?
319 Class<?> clazz;
320 if (cl != null) {
321 clazz = cl.loadClass(provClass);
322 } else {
323 clazz = Class.forName(provClass);
324 }
You should call Class.forName(provClass, false, cl) instead.
Mandy
