jdk Cdiff src/java.base/share/classes/sun/security/jca/Providers.java

src/java.base/share/classes/sun/security/jca/Providers.java

7191662: JCE providers should be located via ServiceLoader


*** 1,7 ****
  /*
!  * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   *
   * This code is free software; you can redistribute it and/or modify it
   * under the terms of the GNU General Public License version 2 only, as
   * published by the Free Software Foundation.  Oracle designates this
--- 1,7 ----
  /*
!  * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   *
   * This code is free software; you can redistribute it and/or modify it
   * under the terms of the GNU General Public License version 2 only, as
   * published by the Free Software Foundation.  Oracle designates this
*** 56,68 ****
  
      private Providers() {
          // empty
      }
  
!     // we need special handling to resolve circularities when loading
!     // signed JAR files during startup. The code below is part of that.
! 
      // Basically, before we load data from a signed JAR file, we parse
      // the PKCS#7 file and verify the signature. We need a
      // CertificateFactory, Signatures, etc. to do that. We have to make
      // sure that we do not try to load the implementation from the JAR
      // file we are just verifying.
--- 56,72 ----
  
      private Providers() {
          // empty
      }
  
!     // After the switch to modules, JDK providers are all in modules and JDK
!     // no longer needs to load signed jars during start up.
!     //
!     // However, for earlier releases, it need special handling to resolve
!     // circularities when loading signed JAR files during startup. The code
!     // below is part of that.
!     //
      // Basically, before we load data from a signed JAR file, we parse
      // the PKCS#7 file and verify the signature. We need a
      // CertificateFactory, Signatures, etc. to do that. We have to make
      // sure that we do not try to load the implementation from the JAR
      // file we are just verifying.
*** 76,103 ****
      // See there for details.
  
      private static final String BACKUP_PROVIDER_CLASSNAME =
          "sun.security.provider.VerificationProvider";
  
!     // Hardcoded classnames of providers to use for JAR verification.
      // MUST NOT be on the bootclasspath and not in signed JAR files.
      private static final String[] jarVerificationProviders = {
          "sun.security.provider.Sun",
          "sun.security.rsa.SunRsaSign",
!         // Note: SunEC *is* in a signed JAR file, but it's not signed
!         // by EC itself. So it's still safe to be listed here.
          "sun.security.ec.SunEC",
-         BACKUP_PROVIDER_CLASSNAME,
      };
  
      // Return to Sun provider or its backup.
      // This method should only be called by
      // sun.security.util.ManifestEntryVerifier and java.security.SecureRandom.
      public static Provider getSunProvider() {
          try {
!             Class<?> clazz = Class.forName(jarVerificationProviders[0]);
!             return (Provider)clazz.newInstance();
          } catch (Exception e) {
              try {
                  Class<?> clazz = Class.forName(BACKUP_PROVIDER_CLASSNAME);
                  return (Provider)clazz.newInstance();
              } catch (Exception ee) {
--- 80,105 ----
      // See there for details.
  
      private static final String BACKUP_PROVIDER_CLASSNAME =
          "sun.security.provider.VerificationProvider";
  
!     // Hardcoded names of providers to use for JAR verification.
      // MUST NOT be on the bootclasspath and not in signed JAR files.
      private static final String[] jarVerificationProviders = {
          "sun.security.provider.Sun",
          "sun.security.rsa.SunRsaSign",
!         // Note: when SunEC is in a signed JAR file, it's not signed
!         // by EC algorithms. So it's still safe to be listed here.
          "sun.security.ec.SunEC",
      };
  
      // Return to Sun provider or its backup.
      // This method should only be called by
      // sun.security.util.ManifestEntryVerifier and java.security.SecureRandom.
      public static Provider getSunProvider() {
          try {
!             return new sun.security.provider.Sun();
          } catch (Exception e) {
              try {
                  Class<?> clazz = Class.forName(BACKUP_PROVIDER_CLASSNAME);
                  return (Provider)clazz.newInstance();
              } catch (Exception ee) {
*** 113,122 ****
--- 115,128 ----
       * once you are done.
       */
      public static Object startJarVerification() {
          ProviderList currentList = getProviderList();
          ProviderList jarList = currentList.getJarList(jarVerificationProviders);
+         if (jarList.size() < 3) {
+             // add backup provider
+             ProviderList.add(jarList, getSunProvider());
+         }
          // return the old thread-local provider list, usually null
          return beginThreadProviderList(jarList);
      }
  
      /**