Re: [9] RFR 8159488 "Deprivilege java.xml.crypto" and 8161171 "Missed the make/common/Modules.gmk file when integrating JDK-8154191"

2016-07-25 Thread Valerie Peng
Right, it doesn't. I will update it. Thanks, Valerie On 7/25/2016 8:49 AM, Sean Mullan wrote: Does the test need to run in othervm? It doesn't seem like it adds or changes the order of providers. Otherwise looks good. --Sean On 07/22/2016 06:19 PM, Valerie Peng wrote: I added a new tes

Re: [9] RFR 8159488 "Deprivilege java.xml.crypto" and 8161171 "Missed the make/common/Modules.gmk file when integrating JDK-8154191"

2016-07-25 Thread Sean Mullan
Does the test need to run in othervm? It doesn't seem like it adds or changes the order of providers. Otherwise looks good. --Sean On 07/22/2016 06:19 PM, Valerie Peng wrote: I added a new test covering the basics of getInstance() methods. Webrev updated: http://cr.openjdk.java.net/~valerie

Re: Code Review Request JDK-8161898 Mark the use of deprecated javax.security.cert APIs with forRemoval=true

2016-07-25 Thread Sean Mullan
Looks fine to me. --Sean On 07/20/2016 10:32 PM, Xuelei Fan wrote: Hi, javax.security.cert was deprecated and marked with forRemoval=true in JDK 9. The use of javax.security.cert APIs should be marked with forRemoval=true too. Please review the update: http://cr.openjdk.java.net/~xuelei/

Re: RFR 8054536: sun.security.x509.Extension object may throw NPE for hashCode and equals method

2016-07-25 Thread Wang Weijun
Hi Svetlana > http://cr.openjdk.java.net/~snikandrova/8054536/webrev.03/ > Change looks fine. One nit: we usually combine the null check and the assignment into a single line. For example, this.x = Objects.requireNonNull(x). > >

Re: RFR 8054536: sun.security.x509.Extension object may throw NPE for hashCode and equals method

2016-07-25 Thread Svetlana Nikandrova
Hi Max, yes, comment states that this constructor is only for sub-classes so I've made it protected. Compilation didn't broke (at least in jdk and tests). AFAIK extensionId should never be null, as for extensionValue there are extensions without value (e.g. OCSPNocheck) but in that case value

Re: Kerberos Authentication Issue

2016-07-25 Thread Weijun Wang
The JGSS/krb5 provider in jdk7 does not allow "insecure" hostname canonicalization for security reason. (A "secure" canonicalization means the result starts with the input. We still support this for compatibility). This is the reason why you see the service not found error. When -Dsun.security