I need a reviewer for a small update to the "refs.allowed" file used by
the dependency checking tool in the profiles build.
To re-cap, the profiles build does not subset jsse.jar even though there
is JSSE code that references Kerberos classes that do not exist in
compact1 and compact2 builds. These references aren't a problem at
runtime because the support for Kerberos cipher suites is predicated on
Kerberos being present. However for static analysis tools (including
CheckDeps) then it means there are references to Kerberos clsses that do
not exist. To avoid the tool flagging these references and failing the
build, the tool has refs.allowed to allow for a small set of "allowed
references". To date we have not needed to touch this but the recent
push of 8005523 to jdk8/tl/jdk introduces new references that are
currently causing the profiles build to fail.
It remains to seen whether maintaining this list will be maintenance
chore. If it proves to be then we may just have to do something special
for jsse.jar to avoid needing to update the file when new dependencies
are introduced. For now I propose to just update refs.allowed to get the
profile build working again. The proposed diffs are attached.
-Alan
diff --git a/make/tools/src/build/tools/deps/refs.allowed
b/make/tools/src/build/tools/deps/refs.allowed
--- a/make/tools/src/build/tools/deps/refs.allowed
+++ b/make/tools/src/build/tools/deps/refs.allowed
@@ -13,10 +13,11 @@
javax.security.auth.kerberos.KerberosKey=sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,sun.security.ssl.krb5.Krb5ProxyImpl,compact1,compact2
javax.security.auth.kerberos.KerberosPrincipal=sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,sun.security.ssl.krb5.Krb5ProxyImpl,compact1,compact2
javax.security.auth.kerberos.KerberosTicket=sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,compact1,compact2
+javax.security.auth.kerberos.KeyTab=sun.security.ssl.krb5.Krb5ProxyImpl,compact1,compact2
javax.security.auth.kerberos.ServicePermission=sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,sun.security.ssl.krb5.Krb5ProxyImpl,compact1,compact2
sun.security.jgss.GSSCaller=sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,sun.security.ssl.krb5.Krb5ProxyImpl,compact1,compact2
sun.security.jgss.krb5.Krb5Util=sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,sun.security.ssl.krb5.Krb5ProxyImpl,compact1,compact2
-sun.security.jgss.krb5.ServiceCreds=sun.security.ssl.krb5.Krb5ProxyImpl,compact1,compact2
+sun.security.jgss.krb5.ServiceCreds=sun.security.ssl.krb5.Krb5ProxyImpl,sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,compact1,compact2
sun.security.krb5.EncryptedData=
sun.security.ssl.krb5.KerberosPreMasterSecret,sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,compact1,compact2
sun.security.krb5.EncryptionKey=sun.security.ssl.krb5.KerberosPreMasterSecret,sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,compact1,compact2
sun.security.krb5.internal.crypto.KeyUsage=sun.security.ssl.krb5.KerberosPreMasterSecret,sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,compact1,compact2
