RE: [9] RFR:8130360: Add tests to verify 3rd party security providers if they are in signed/unsigned modular JARs

Mon, 30 Nov 2015 03:14:30 -0800 

Here is the updated webrev: 
http://cr.openjdk.java.net/~asmotrak/siba/8130360/webrev.02/

I have one question:
What should be the behavior when the older version of 3rd party JCE provider 
jar file(without service descriptor "META-INF/services/*" & working with <= 
JDK8) configured by "java.security" file, will be place in CLASS_PATH, running 
through JDK9 and the client is using Security.getProvider() to look for the 
provider?

Currently the scenario fails to find the JCE provider. Is this right behavior? 
If it is, then jdk9 is not backward compatible to find the security provider 
provided through older jar files from CLASS_PATH.

Thanks,
Siba

-----Original Message-----
From: Wang Weijun 
Sent: Sunday, November 29, 2015 2:54 PM
To: Siba Sahoo
Cc: security-dev@openjdk.java.net; jigsaw-...@openjdk.java.net; Sean Mullan
Subject: Re: [9] RFR:8130360: Add tests to verify 3rd party security providers 
if they are in signed/unsigned modular JARs

Some comments:

1. Maybe use jdk/testlibrary/JDKToolLauncher.java to launch jarsigner?

2. You mentioned it's difficult to set a security provider in java.security 
file. Have you tried "-Djava.security.properties=="? It is described at the 
beginning of java.security.

Thanks
Max

> On Nov 23, 2015, at 9:14 PM, Siba Sahoo <sibabrata.sa...@oracle.com> wrote:
> 
> +HYPERLINK "mailto:security-dev@openjdk.java.net"security-dev@openjdk.java.net
> 
> 
> 
> From: Siba Sahoo 
> Sent: Monday, November 23, 2015 4:56 PM
> To: jigsaw-...@openjdk.java.net; Sean Mullan
> Subject: [9] RFR:8130360: Add tests to verify 3rd party security providers if 
> they are in signed/unsigned modular JARs
> 
> 
> 
> Hi,
> 
> 
> 
> Please help me with your review of this test for JBS: 
> https://bugs.openjdk.java.net/browse/JDK-8130360, 
> 
> 
> 
> Webrev: http://cr.openjdk.java.net/~asmotrak/siba/8130360/webrev.01/
> 
> 
> 
> Description
> 
> Tests to verify 3rd party security providers if they are in signed/unsigned 
> modular JARs. The test code checks the modular behavior with different 
> combination of separate client & security provider, when available as 
> modular(signed/unsigned) jar. It address total  of 72 test cases with the 
> following criteria:
> 
> 
> 
> (Signed/Unsigned Jar) X (ClassLoader/ServiceLoader) X (combination of 
> EXPLICIT/AUTO/UNAMED modules) X (With/Without Service descriptor) 
> 
> 
> 
> Thanks,
> 
> Siba
> 
>

Reply via email to