-
Enhancement
-
Resolution: Won't Fix
-
P2
-
7
-
x86
-
windows
CodeSigner objects and ProtectionDomain are used to ensure classes signed by other certificate can not be loaded for known package. This is achieved by associating some signers with the package and then rejecting attempts to load class if signers do not match. However, this seem to have significant cost - signers need to be created for each of the classes and then they need to be compared.
In 6u14/15/18 we added functionality that returns null signer objects for FX runtime and that saved 5-10% of warm start time (100-150ms) for simple FX apps. Current workaround in the deployment code can not be extended to arbitrary apps because it is not secure for generic case.
Reducing this overhead might be very helpful to improve startup experience of signed apps (popular in the enterprise).
In 6u14/15/18 we added functionality that returns null signer objects for FX runtime and that saved 5-10% of warm start time (100-150ms) for simple FX apps. Current workaround in the deployment code can not be extended to arbitrary apps because it is not secure for generic case.
Reducing this overhead might be very helpful to improve startup experience of signed apps (popular in the enterprise).
- relates to
-
JDK-6990459 Overhead of loading certificates
-
- Closed
-
-
JDK-7012160 read SF file in signed jar in streaming mode
-
- Closed
-