src/java.base/share/classes/sun/security/jca/Providers.java

Print this page
7191662: JCE providers should be located via ServiceLoader

@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.  Oracle designates this

@@ -56,13 +56,17 @@
 
     private Providers() {
         // empty
     }
 
-    // we need special handling to resolve circularities when loading
-    // signed JAR files during startup. The code below is part of that.
-
+    // After the switch to modules, JDK providers are all in modules and JDK
+    // no longer needs to load signed jars during start up.
+    //
+    // However, for earlier releases, it need special handling to resolve
+    // circularities when loading signed JAR files during startup. The code
+    // below is part of that.
+    //
     // Basically, before we load data from a signed JAR file, we parse
     // the PKCS#7 file and verify the signature. We need a
     // CertificateFactory, Signatures, etc. to do that. We have to make
     // sure that we do not try to load the implementation from the JAR
     // file we are just verifying.

@@ -76,28 +80,26 @@
     // See there for details.
 
     private static final String BACKUP_PROVIDER_CLASSNAME =
         "sun.security.provider.VerificationProvider";
 
-    // Hardcoded classnames of providers to use for JAR verification.
+    // Hardcoded names of providers to use for JAR verification.
     // MUST NOT be on the bootclasspath and not in signed JAR files.
     private static final String[] jarVerificationProviders = {
         "sun.security.provider.Sun",
         "sun.security.rsa.SunRsaSign",
-        // Note: SunEC *is* in a signed JAR file, but it's not signed
-        // by EC itself. So it's still safe to be listed here.
+        // Note: when SunEC is in a signed JAR file, it's not signed
+        // by EC algorithms. So it's still safe to be listed here.
         "sun.security.ec.SunEC",
-        BACKUP_PROVIDER_CLASSNAME,
     };
 
     // Return to Sun provider or its backup.
     // This method should only be called by
     // sun.security.util.ManifestEntryVerifier and java.security.SecureRandom.
     public static Provider getSunProvider() {
         try {
-            Class<?> clazz = Class.forName(jarVerificationProviders[0]);
-            return (Provider)clazz.newInstance();
+            return new sun.security.provider.Sun();
         } catch (Exception e) {
             try {
                 Class<?> clazz = Class.forName(BACKUP_PROVIDER_CLASSNAME);
                 return (Provider)clazz.newInstance();
             } catch (Exception ee) {

@@ -113,10 +115,14 @@
      * once you are done.
      */
     public static Object startJarVerification() {
         ProviderList currentList = getProviderList();
         ProviderList jarList = currentList.getJarList(jarVerificationProviders);
+        if (jarList.size() < 3) {
+            // add backup provider
+            ProviderList.add(jarList, getSunProvider());
+        }
         // return the old thread-local provider list, usually null
         return beginThreadProviderList(jarList);
     }
 
     /**