This all looks fine to me (except for the Makefile stuff which I'll
leave to others).
--Sean
On 05/21/2015 12:21 AM, Valerie Peng wrote:
Sean,
Could you please review this change? The changes are mostly the same as
the prototype in Jake, but I have to make some modification due to the
difference in ServiceLoader lookup in OpenJDK (corresponding
META-INF/services/java.security.Provider files in each module) and the
related makefile change (merge their content into one for the final
image build). Then, I adjusted the Provider.configure() method to take a
single String argument to be consistent with the "providerarg" option
that keytool defined.
In addition, I also made some misc changes, such as configuring the
providers inside ProviderConfig instead of ProviderLoader, add back the
doPrivileged block to all the provider constructors. I also have second
thought on making the switch to privider name (instead of provider class
name) in java.security file, so I reverted the changes on that - that
SunPKCS11 provider has its name specified in its configuration file, so
when ServiceLoader loads the PKCS11 provider, the configuration file has
not been passed to it, so the name is not known at that time. Thus,
using the class name for the provider list entry seems to fit the flow
better. I also updated the default policy for SunPKCS11 provider given
its recent change of using sun.misc.
Webrev: http://cr.openjdk.java.net/~valeriep/7191662/webrev.00/
CCC: http://ccc.us.oracle.com/7191662
Thanks,
Valerie
