Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8302493

Minor cleanup could be done in java.security

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P4 P4
    • 20
    • security-libs
    • None
    • source
    • minimal
    • Hide
      Subclasses will now be permitted to override the `CertStore::getDefaultType()` method, but that should not cause any compatibility risk because prior to this change we did not allow any child class to override the method. The behavior of code calling `CertStore::getDefaultType()` remains unchanged.
      Show
      Subclasses will now be permitted to override the `CertStore::getDefaultType()` method, but that should not cause any compatibility risk because prior to this change we did not allow any child class to override the method. The behavior of code calling `CertStore::getDefaultType()` remains unchanged.
    • Java API
    • SE

      Summary

      Remove the final keyword from the static java.security.cert.CertStore::getDefaultType() method. Remove InvalidParameterException from the throws clause of the java.security.interfaces.DSAKeyPairGenerator::initialize() methods.

      Problem

      As part of JDK-8302493, two changes were made that changed the signature of public APIs:

      1. The final keyword was inadvertently removed from the static java.security.cert.CertStore::getDefaultType() method as part of this change. However, this change has an extremely low compatibility risk and we have decided not to revert the change. There is no security risk to removing this keyword. The behavior of code currently calling this method will not be affected if a subclass now overrides the method.

        Going forward, we will do a broader analysis of other public final static methods in the security libs area and determine if any changes should be made. If there is consensus that the final keyword should be subsequently restored for this method, we will consider making that change and filing a CSR in the next JDK release.

      2. The signature of the two java.security.interfaces.DSAKeyPairGenerator::initialize() methods were changed to not throw InvalidParameterException. This associated change has no behavioral impact. InvalidParameterException is a RuntimeException and was already specified in a javadoc @throws clause of these methods.

      Solution

      Remove the final keyword from the static java.security.cert.CertStore::getDefaultType() method. Remove InvalidParameterException from the throws clause of the java.security.interfaces.DSAKeyPairGenerator::initialize() methods.

      Specification

      Changes for java.security.cert.CertStore:

       -    public static final String getDefaultType() {
 -    public static String getDefaultType() {

      Changes for java.security.interfaces.DSAKeyPairGenerator:

      -   public void initialize(DSAParams params, SecureRandom random)
-   throws InvalidParameterException;
+   void initialize(DSAParams params, SecureRandom random);
      -   public void initialize(int modlen, boolean genParams, SecureRandom random)
-   throws InvalidParameterException;
+   void initialize(int modlen, boolean genParams, SecureRandom random);

            mullan Sean Mullan
            mpowers Mark Powers
            Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: