JDK-7026347 : Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6u24
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2011-03-10
  • Updated: 2017-05-16
  • Resolved: 2012-09-04
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8
8 b52Fixed
Related Reports
Relates :  
JDK-8175029 - StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider)
Description
A DESCRIPTION OF THE REQUEST :
We would like to specify a Signature Provider object that is not registered in the provider list. But for the available method verify(PublicKey key, String sigProvider) the named Provider must be registered.

JUSTIFICATION :
The classes CertificateFactory and Signature each have the method getInstance(String type/algorithm, Provider provider) with a Provider object that does not have to be registered. It is inconsistent that Certificate.verify does not support all variants of Signature.getInstance.
In a servlet container like tomcat it is critical to register a Provider that is not defined outside the web applications since each web application has its own class loader. A second web application cannot register the Provider again although the classes would be different. Log messages of the Provider should appear in the log file of the specific web application.
Comments
EVALUATION http://hg.openjdk.java.net/hsx/hotspot-comp/jdk/rev/b0bfa441d70f
14-08-2012
EVALUATION http://hg.openjdk.java.net/hsx/hotspot-main/jdk/rev/b0bfa441d70f
11-08-2012
EVALUATION + Created verify(PublicKey key, Provider sigProvider) methods for Certificate and X509CRL. + Prevented incompatibility with existing provider implementations by providing default implementations for: - X509Certificate.verify(PublicKey key, Provider sigProvider) - X509CRL.verify(PublicKey key, Provider sigProvider)
02-08-2012