On Mon, 4 May 2026 19:29:02 GMT, Valerie Peng <[email protected]> wrote:
>> This PR adds a configuration option to SUN provider, named "no_crypto", so >> that SUN provider disables its support of crypto services such as >> MessageDigest, Signature, SecureRandom, etc. >> >> --------- >> - [x] I confirm that I make this contribution in accordance with the >> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai). > > Valerie Peng has updated the pull request incrementally with one additional > commit since the last revision: > > removed the duplicate provider configure call inside doLoadProvider() > method. src/java.base/share/classes/sun/security/provider/Sun.java line 58: > 56: // Additional JCE crypto services, e.g. Cipher, KDF, are not included > 57: // in this list since SUN provider does not support them > 58: private static final Set<String> CRYPTO_SERVICE_TYPES = Set.of( What do you think about making this an annotation? Instead of having to maintain a list of string representations of classes why not automatically construct it from annotated classes? Something like this: */ @OverwriteProvider("no_crypto") public class KeyFactory { ... or even */ @ExcludeNoCrypto public class KeyFactory { ... This way we will have a much lower chance of accidentally missing a new class that should be excluded from this list or vice versa. Also would make the functionality clearer when just reading the `java.security` package code. What do you think? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30804#discussion_r3187894987
