United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-4918769 : Provider.equals() returns true for non-matching objects

Details
Type:
Bug
Submit Date:
2003-09-08
Status:
Resolved
Updated Date:
2004-01-15
Project Name:
JDK
Resolved Date:
2003-12-15
Component:
security-libs
OS:
generic
Sub-Component:
java.security
CPU:
generic
Priority:
P5
Resolution:
Fixed
Affected Versions:
5.0
Fixed Versions:
5.0 (b32)

Related Reports
Duplicate:

Sub Tasks

Description
The java.security.Provider class inherits the implementations of the equals() and hashCode() methods from java.util.Hashtable. That means that two Provider objects are considered equal if they implement the same set of algorithms using the same set of classes. It also means that provider.equals(map) would return true if map contained the same entries.

The values of provider.getName() or provider.getVersion() are not examined at all. This is questionable in particular since the framework now explicitly allows multiple instances of a provider implementation to support hardware tokens.

Compatibility considerations limit the available options. Still, it may be acceptable to add a comparision of the provider name and version number to equals().

I am filing this as a P5 since there are very few occasions where it is sensible to compare provider objects.

###@###.### 2003-09-08

Changed synopsis from "Provider.equals() implementation inappropriate" to "Provider.equals() returns true for non-matching objects".

###@###.### 2003-11-10

                                    

Comments
EVALUATION

To avoid the problems with the equals() contract mentioned in comments, the equals() and hashCode() methods will not be changed. Instead, the following attributes will automatically be added to the Provider`s Hashtable upon construction:

"Provider.id name"      = provider.getName()
"Provider.id version"   = String.valueOf(provider.getVersion())
"Provider.id info"      = provider.getInfo()
"Provider.id className" = provider.getClass().getName()

The provider class will be modified to ensure that these attributes cannot be removed or modified. The JCA documentation will be updated to list the engine type "Provider" as reserved.

###@###.### 2003-11-10
                                     
2003-11-10
CONVERTED DATA

BugTraq+ Release Management Values

COMMIT TO FIX:
tiger-beta

FIXED IN:
tiger-beta

INTEGRATED IN:
tiger-b32
tiger-beta


                                     
2004-06-14



Hardware and Software, Engineered to Work Together