-
Enhancement
-
Resolution: Fixed
-
P4
-
6u24
-
b52
-
x86
-
windows_xp
-
Verified
A DESCRIPTION OF THE REQUEST :
We would like to specify a Signature Provider object that is not registered in the provider list. But for the available method verify(PublicKey key, String sigProvider) the named Provider must be registered.
JUSTIFICATION :
The classes CertificateFactory and Signature each have the method getInstance(String type/algorithm, Provider provider) with a Provider object that does not have to be registered. It is inconsistent that Certificate.verify does not support all variants of Signature.getInstance.
In a servlet container like tomcat it is critical to register a Provider that is not defined outside the web applications since each web application has its own class loader. A second web application cannot register the Provider again although the classes would be different. Log messages of the Provider should appear in the log file of the specific web application.
We would like to specify a Signature Provider object that is not registered in the provider list. But for the available method verify(PublicKey key, String sigProvider) the named Provider must be registered.
JUSTIFICATION :
The classes CertificateFactory and Signature each have the method getInstance(String type/algorithm, Provider provider) with a Provider object that does not have to be registered. It is inconsistent that Certificate.verify does not support all variants of Signature.getInstance.
In a servlet container like tomcat it is critical to register a Provider that is not defined outside the web applications since each web application has its own class loader. A second web application cannot register the Provider again although the classes would be different. Log messages of the Provider should appear in the log file of the specific web application.
- relates to
-
JDK-8175029 StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider)
-
- Resolved
-