RFR 7191662: JCE providers should be located via ServiceLoader,

Valerie Peng valerie.peng at oracle.com
Thu May 21 04:21:06 UTC 2015


Sean,

Could you please review this change? The changes are mostly the same as 
the prototype in Jake, but I have to make some modification due to the 
difference in ServiceLoader lookup in OpenJDK (corresponding 
META-INF/services/java.security.Provider files in each module) and the 
related makefile change (merge their content into one for the final 
image build). Then, I adjusted the Provider.configure() method to take a 
single String argument to be consistent with the "providerarg" option 
that keytool defined.

In addition, I also made some misc changes, such as configuring the 
providers inside ProviderConfig instead of ProviderLoader, add back the 
doPrivileged block to all the provider constructors. I also have second 
thought on making the switch to privider name (instead of provider class 
name) in java.security file, so I reverted the changes on that - that 
SunPKCS11 provider has its name specified in its configuration file, so 
when ServiceLoader loads the PKCS11 provider, the configuration file has 
not been passed to it, so the name is not known at that time. Thus, 
using the class name for the provider list entry seems to fit the flow 
better. I also updated the default policy for SunPKCS11 provider given 
its recent change of using sun.misc.

Webrev: http://cr.openjdk.java.net/~valeriep/7191662/webrev.00/
CCC: http://ccc.us.oracle.com/7191662

Thanks,
Valerie



More information about the security-dev mailing list