src/java.base/share/classes/sun/security/jca/Providers.java
Print this page
7191662: JCE providers should be located via ServiceLoader
@@ -1,7 +1,7 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
@@ -56,13 +56,17 @@
private Providers() {
// empty
}
- // we need special handling to resolve circularities when loading
- // signed JAR files during startup. The code below is part of that.
-
+ // After the switch to modules, JDK providers are all in modules and JDK
+ // no longer needs to load signed jars during start up.
+ //
+ // However, for earlier releases, it need special handling to resolve
+ // circularities when loading signed JAR files during startup. The code
+ // below is part of that.
+ //
// Basically, before we load data from a signed JAR file, we parse
// the PKCS#7 file and verify the signature. We need a
// CertificateFactory, Signatures, etc. to do that. We have to make
// sure that we do not try to load the implementation from the JAR
// file we are just verifying.
@@ -76,28 +80,26 @@
// See there for details.
private static final String BACKUP_PROVIDER_CLASSNAME =
"sun.security.provider.VerificationProvider";
- // Hardcoded classnames of providers to use for JAR verification.
+ // Hardcoded names of providers to use for JAR verification.
// MUST NOT be on the bootclasspath and not in signed JAR files.
private static final String[] jarVerificationProviders = {
"sun.security.provider.Sun",
"sun.security.rsa.SunRsaSign",
- // Note: SunEC *is* in a signed JAR file, but it's not signed
- // by EC itself. So it's still safe to be listed here.
+ // Note: when SunEC is in a signed JAR file, it's not signed
+ // by EC algorithms. So it's still safe to be listed here.
"sun.security.ec.SunEC",
- BACKUP_PROVIDER_CLASSNAME,
};
// Return to Sun provider or its backup.
// This method should only be called by
// sun.security.util.ManifestEntryVerifier and java.security.SecureRandom.
public static Provider getSunProvider() {
try {
- Class<?> clazz = Class.forName(jarVerificationProviders[0]);
- return (Provider)clazz.newInstance();
+ return new sun.security.provider.Sun();
} catch (Exception e) {
try {
Class<?> clazz = Class.forName(BACKUP_PROVIDER_CLASSNAME);
return (Provider)clazz.newInstance();
} catch (Exception ee) {
@@ -113,10 +115,14 @@
* once you are done.
*/
public static Object startJarVerification() {
ProviderList currentList = getProviderList();
ProviderList jarList = currentList.getJarList(jarVerificationProviders);
+ if (jarList.size() < 3) {
+ // add backup provider
+ ProviderList.add(jarList, getSunProvider());
+ }
// return the old thread-local provider list, usually null
return beginThreadProviderList(jarList);
}
/**