RFR: 4985694: Incomplete spec for most of the getInstances

Bradford Wetmore bradford.wetmore at oracle.com
Fri Oct 28 19:06:50 UTC 2016


Hi,

I need a review for this P2 TCK-RED-9 bug.

The original request (JDK-8166350) was for documenting null algorithm 
names in the 3 new DRBG getInstances() in SecureRandom, but there is a 
12 year old bug for the same thing throughout the 
JCA/JCE/JSSE/JGSS/JAAS.  I've gone ahead and fixed.

     https://bugs.openjdk.java.net/browse/JDK-4985694
     http://cr.openjdk.java.net/~wetmore/4985694/webrev.00/

Other comments:

.  Instead of waiting for a NP to be generated by the code, added a 
hardcoded NPE parameter sanity check:

     Objects.requireNonNull(algorithm, "null algorithm name");

.  verified APIs to ensure proper exceptions are thrown for null/empty 
algorithm/provider Strings and null Providers.

.  Added a full test suite for all getInstances to check for above, 
including a reflection check for future getInstances.

.  Some minor javadoc cleanup/reorgs, mainly to the 
@returns/@throws/@exceptions tags (e.g. {@code ...}/alphabetizing/ending 
"." on phrases} for consistency and to conform to current javadoc 
standards.  I've tried to be consistent throughout (@code's around class 
names}, but I know I have missed a couple things here/there (no @code's 
around parameter names).  I do need to move onto other things.

Thanks,

Brad


More information about the security-dev mailing list