src/java.base/share/classes/sun/security/jca/Providers.java
Print this page
7191662: JCE providers should be located via ServiceLoader
*** 1,7 ****
/*
! * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
--- 1,7 ----
/*
! * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
*** 56,68 ****
private Providers() {
// empty
}
! // we need special handling to resolve circularities when loading
! // signed JAR files during startup. The code below is part of that.
!
// Basically, before we load data from a signed JAR file, we parse
// the PKCS#7 file and verify the signature. We need a
// CertificateFactory, Signatures, etc. to do that. We have to make
// sure that we do not try to load the implementation from the JAR
// file we are just verifying.
--- 56,72 ----
private Providers() {
// empty
}
! // After the switch to modules, JDK providers are all in modules and JDK
! // no longer needs to load signed jars during start up.
! //
! // However, for earlier releases, it need special handling to resolve
! // circularities when loading signed JAR files during startup. The code
! // below is part of that.
! //
// Basically, before we load data from a signed JAR file, we parse
// the PKCS#7 file and verify the signature. We need a
// CertificateFactory, Signatures, etc. to do that. We have to make
// sure that we do not try to load the implementation from the JAR
// file we are just verifying.
*** 76,103 ****
// See there for details.
private static final String BACKUP_PROVIDER_CLASSNAME =
"sun.security.provider.VerificationProvider";
! // Hardcoded classnames of providers to use for JAR verification.
// MUST NOT be on the bootclasspath and not in signed JAR files.
private static final String[] jarVerificationProviders = {
"sun.security.provider.Sun",
"sun.security.rsa.SunRsaSign",
! // Note: SunEC *is* in a signed JAR file, but it's not signed
! // by EC itself. So it's still safe to be listed here.
"sun.security.ec.SunEC",
- BACKUP_PROVIDER_CLASSNAME,
};
// Return to Sun provider or its backup.
// This method should only be called by
// sun.security.util.ManifestEntryVerifier and java.security.SecureRandom.
public static Provider getSunProvider() {
try {
! Class<?> clazz = Class.forName(jarVerificationProviders[0]);
! return (Provider)clazz.newInstance();
} catch (Exception e) {
try {
Class<?> clazz = Class.forName(BACKUP_PROVIDER_CLASSNAME);
return (Provider)clazz.newInstance();
} catch (Exception ee) {
--- 80,105 ----
// See there for details.
private static final String BACKUP_PROVIDER_CLASSNAME =
"sun.security.provider.VerificationProvider";
! // Hardcoded names of providers to use for JAR verification.
// MUST NOT be on the bootclasspath and not in signed JAR files.
private static final String[] jarVerificationProviders = {
"sun.security.provider.Sun",
"sun.security.rsa.SunRsaSign",
! // Note: when SunEC is in a signed JAR file, it's not signed
! // by EC algorithms. So it's still safe to be listed here.
"sun.security.ec.SunEC",
};
// Return to Sun provider or its backup.
// This method should only be called by
// sun.security.util.ManifestEntryVerifier and java.security.SecureRandom.
public static Provider getSunProvider() {
try {
! return new sun.security.provider.Sun();
} catch (Exception e) {
try {
Class<?> clazz = Class.forName(BACKUP_PROVIDER_CLASSNAME);
return (Provider)clazz.newInstance();
} catch (Exception ee) {
*** 113,122 ****
--- 115,128 ----
* once you are done.
*/
public static Object startJarVerification() {
ProviderList currentList = getProviderList();
ProviderList jarList = currentList.getJarList(jarVerificationProviders);
+ if (jarList.size() < 3) {
+ // add backup provider
+ ProviderList.add(jarList, getSunProvider());
+ }
// return the old thread-local provider list, usually null
return beginThreadProviderList(jarList);
}
/**