On Mon, 19 Sep 2022 15:25:43 GMT, Sean Coffey <coff...@openjdk.org> wrote:
>> src/java.base/share/classes/java/security/Provider.java line 1293:
>>
>>> 1291: }
>>> 1292:
>>> 1293: if (s != null && SecurityProviderServiceEvent.isTurnedOn()) {
>>
>> Would it be useful to generate an event even for the cases where a call to
>> this method was made but no service was available and `null` was returned?
>> The event perhaps could capture that there was no service found for such
>> type/algorithm combination? That would help identify usages in applications
>> where there might be fallbacks being used when this method returns null?
>
> I had this as the original design actually. I'm not sure how interesting it
> would be to record such "no-service" type events. It would probably add 2-4
> times the number of events for this event type to a typical recording, given
> that the framework iterates over the providers in preferential order.
Yes, I think this would generate too much noise and detract from the main
motivation for these events, which is to help users analyze the security of
algorithms that are being used by their applications at the JCE layer.
-------------
PR: https://git.openjdk.org/jdk/pull/9657
