Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8216474

Allowed signed JARs on the module path that are signed with EC based cert

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: New
    • Priority: P4
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: core-libs
    • Labels:
      None

      Description

      This issue tracks investigating if it would be feasible to allow JAR files signed with an EC based cert on the module path. As things stand this is not currently allowed because signed JARs on the module path are verified during early startup when only code in java.base can execute. There are several tricky bootstrapping issues that arise when extending this to use security providers linked into the run-time image, mostly because the verification must be done before user code executes (and so before a custom security manager or custom application class loader is initialised). Furthermore, any verification must be restricted to use security providers that are linked into the run-time image. One possible approach is to skip verification until after the boot layer is created but before the steps in initPhase3 execute. This will require changes in several areas and prototyping will help us to determine if the approach is feasible or not.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                alanb Alan Bateman
                Reporter:
                alanb Alan Bateman
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: