JDK8 Code review request for 7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider) (original) (raw)

Sean Mullan sean.mullan at oracle.com
Fri Jul 20 20:43:55 UTC 2012

On 7/20/12 2:25 AM, Weijun Wang wrote:

Hi Jason

The existing verify(PublicKey key, String sigProvider) method caches the result and returns it if the same key and sigProvider is used. Is it possible to do the same in your new method? Also, the new method is very similar to the old one. I have no good idea how to reuse the old code but if you find a way that would be very nice. As for the CCC, is it really necessary to add these lines? * Note that the specified * Provider object does not have to be registered in the provider list.

Most of the getInstance methods that take a Provider object include this sentence, so adding this sentence makes the APIs consistent in that regard.

* *

This method was added to version 1.8 of the Java Platform

* Standard Edition. In order to maintain backwards compatibility with * existing service providers, this method cannot be abstract * and by default throws an UnsupportedOperationException.

Not critical, but I think it is nice to have this to provide further rationale why the method throws UOE by default, as that may not be apparent. We've done this in other places where we've added non-abstract methods to an abstract class.

--Sean

Thanks Max On 07/20/2012 01:03 PM, Jason Uh wrote: Hi all,

Please review my fix for 7026347. This change is introduces verify(PublicKey key, Provider sigProvider) methods for Certificate and X509CRL that allow Providers not registered in java.security. Change has been filed with CCC and is accepted. Webrev: http://cr.openjdk.java.net/~juh/7026347/webrev.03/ CR: http://bugs.sun.com/bugdatabase/viewbug.do?bugid=7026347 Thanks, Jason

More information about the security-dev mailing list