Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8302596

Minor cleanup could be done in javax.net

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P4 P4
    • 19
    • security-libs
    • None
    • source
    • minimal
    • Hide
      Subclasses will now be permitted to override `KeyManagerFactory::getDefaultAlgorithm()` and `TrustManagerFactory::getDefaultAlgorithm()` methods, but that should not cause any compatibility risk because prior to this change we did not allow any child class to override the method. The behavior of code calling these two methods remains unchanged.
      Show
      Subclasses will now be permitted to override `KeyManagerFactory::getDefaultAlgorithm()` and `TrustManagerFactory::getDefaultAlgorithm()` methods, but that should not cause any compatibility risk because prior to this change we did not allow any child class to override the method. The behavior of code calling these two methods remains unchanged.
    • Java API
    • SE

      Summary

      Remove the final keyword from the static javax.net.ssl.KeyManagerFactory::getDefaultAlgorithm() and javax.net.ssl.TrustManagerFactory::getDefaultAlgorithm() methods. Remove IllegalArgumentException from the throws clause of the javax.net.ssl.SSLSessionContext::setSessionCacheSize() and javax.net.ssl.SSLSessionContext::setSessionTimeout() methods.

      Problem

      As part of JDK-8285504, two changes were made that changed the signature of public APIs:

      1. The final keyword was inadvertently removed from the static javax.net.ssl.KeyManagerFactory::getDefaultAlgorithm() and javax.net.ssl.TrustManagerFactory::getDefaultAlgorithm() methods as part of this change. However, this change has an extremely low compatibility risk and we have decided not to revert the change. There is no security risk to removing this keyword. The behavior of code currently calling this method will not be affected if a subclass now overrides the method. Going forward, we will do a broader analysis of other public final static methods in the security libs area and determine if any changes should be made. If there is consensus that the final keyword should be subsequently restored for this method, we will consider making that change and filing a CSR in a later JDK release.

      2. The signature of the javax.net.ssl.SSLSessionContext::setSessionCacheSize() and javax.net.ssl.SSLSessionContext::setSessionTimeout() methods were changed to not throw IllegalArgumentException. This associated change has no behavioral impact. IllegalArgumentException is a RuntimeException and was already specified in a javadoc @throws clause of these methods.

      Solution

      Remove the final keyword from the static javax.net.ssl.KeyManagerFactory::getDefaultAlgorithm() and javax.net.ssl.TrustManagerFactory::getDefaultAlgorithm() methods. Remove IllegalArgumentException from the throws clause of the javax.net.ssl.SSLSessionContext::setSessionCacheSize() and javax.net.ssl.SSLSessionContext::setSessionTimeout() methods.

      Specification

      Changes for javax.net.ssl.KeyManagerFactory

      -  public static final String getDefaultTypeAlgorithm() {
+  public static String getDefaultAlgorithm() {

      Changes for javax.net.ssl.TrustManagerFactory

      -  public static final String getDefaultAlgorithm() {
+  public static String getDefaultAlgorithm() {

      Changes for javax.net.ssl.SSLSessionContext:

      -   public void setSessionTimeout(int seconds)
-   throws IllegalArgumentException;
+   void setSessionTimeout(int seconds);
-   public void setSessionCacheSize(int size);
-   throws IllegalArgumentException;
+   void setSessionCacheSize(int size);

            mpowers Mark Powers
            mpowers Mark Powers
            Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: