Review Request: signed module code restructuring/refactoring
sean.mullan at oracle.com
Wed May 23 08:23:41 PDT 2012
On 5/23/12 6:08 AM, Chris Hegarty wrote:
> These changes look fine to me.
> One comment, ModuleFile.getSignature() no longer ensures that readStart
> has been called, it could potentially return null. I see all your calls
> ensure that this won't be the case, just wondering if it should?
Right, I'll restore the original code so that it is consistent with the rest of
ModuleFile. I was trying to avoid having to always try/catch the IOException.
Also as previously mentioned, I'm a little uncomfortable with some of the
ModuleFile API .
If it remains as an internal API then it's probably ok.
> On 23/05/2012 00:19, Mandy Chung wrote:
>> On 5/18/2012 12:48 PM, Sean Mullan wrote:
>>> I have restructured and refactored the signed module code. In
>>> particular I have
>>> removed the ModuleFileVerifier and ModuleFileSigner interfaces (they
>>> didn't add any value) and made a few improvements here and there.
>> I went through the changes and look okay to me.
>> L96: is this a leftover from debugging?
>> L322-332: storePassword.destroy() throws DestroyFailedException,
>> keyPassword.destroy() will not be called - should it handle
>> this exception case and destroy keyPassword?
>> L1167: // XXX - better to use '// ##' convention
>> You removed this comment - is it not applicable any more?
>> 1162 // ## Check policy - is signer trusted and what permissions
>> 1163 // ## should be granted?
More information about the jigsaw-dev