Hi Brad,Would you have time to review this? I changed the code to base the trust decision on the immediate caller of Cipher(CipherSpi, Provider, String). In addition, the specified Provider object is only taken into account when it shares the same origin (codebase or module) with the caller.
Webrev: http://cr.openjdk.java.net/~valeriep/8062731/webrev.00/ Thanks, Valerie
