JDK-4918769 : Provider.equals() returns true for non-matching objects
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 5.0
  • Priority: P5
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2003-09-08
  • Updated: 2017-05-16
  • Resolved: 2003-12-15
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
5.0 b32Fixed
Related Reports
Duplicate :  
Description
The java.security.Provider class inherits the implementations of the equals() and hashCode() methods from java.util.Hashtable. That means that two Provider objects are considered equal if they implement the same set of algorithms using the same set of classes. It also means that provider.equals(map) would return true if map contained the same entries.

The values of provider.getName() or provider.getVersion() are not examined at all. This is questionable in particular since the framework now explicitly allows multiple instances of a provider implementation to support hardware tokens.

Compatibility considerations limit the available options. Still, it may be acceptable to add a comparision of the provider name and version number to equals().

I am filing this as a P5 since there are very few occasions where it is sensible to compare provider objects.

###@###.### 2003-09-08

Changed synopsis from "Provider.equals() implementation inappropriate" to "Provider.equals() returns true for non-matching objects".

###@###.### 2003-11-10

Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: tiger-beta FIXED IN: tiger-beta INTEGRATED IN: tiger-b32 tiger-beta
14-06-2004

EVALUATION To avoid the problems with the equals() contract mentioned in comments, the equals() and hashCode() methods will not be changed. Instead, the following attributes will automatically be added to the Provider`s Hashtable upon construction: "Provider.id name" = provider.getName() "Provider.id version" = String.valueOf(provider.getVersion()) "Provider.id info" = provider.getInfo() "Provider.id className" = provider.getClass().getName() The provider class will be modified to ensure that these attributes cannot be removed or modified. The JCA documentation will be updated to list the engine type "Provider" as reserved. ###@###.### 2003-11-10
10-11-2003