On Tue, 1 Feb 2022 21:54:29 GMT, Sean Mullan <[email protected]> wrote:
> This fixes a bootstrapping issue if a custom system class loader is set with
> the `-Djava.system.class.loader` option and the custom class loader is inside
> a signed JAR. In order to load the custom class loader, the runtime must
> verify the signed JAR first, and the algorithm constraint code tries to load
> a `Locale` provider using a `ServiceLoader` before the class loader is set,
> and this causes a `ServiceConfigurationError`.
>
> The fix removes a dependency from the security algorithm "denyAfter"
> constraint parsing code on the `Calendar` API which uses a `ServiceLoader`
> for gathering default locale information. Instead the `ZonedDateTime` API is
> now used, which simplifies the code and removes some unnecessary code from
> `keytool` as well.
test/jdk/java/security/SignedJar/SignedJarWithCustomClassLoader.java line 65:
> 63:
> 64: // create signer's keypair
> 65: SecurityTools.keytool("-genkeypair -keyalg RSA -keystore ks " +
Hello Sean,
Looking at the `SecurityTools.keytool` and `SecurityTools.jarsigner` methods,
they internally launch a process corresponding to these tools but do not check
for the exit code of that process execution. Perhaps the calls to these methods
in this test, should add a check to assert that the exit code is `0` by using
the returned `OutputAnalyzer`?
-------------
PR: https://git.openjdk.java.net/jdk/pull/7316
