archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 14:24:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8345060: Remove Security Manager dependencies from java.security.KeyStore and Identity APIs and implementations

Browse source 
Reviewed-by: hchao, alanb, weijun
This commit is contained in:
Sean Mullan 2024-12-02 15:23:47 +00:00
parent 1ca764454b
commit 30b8bbe255
11 changed files with 96 additions and 231 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/java.base/share/classes/java/security/Identity.java
View file

@ -178,7 +178,6 @@ public abstract class Identity implements Principal, Serializable {
/* Should we throw an exception if this is already set? */
public void setPublicKey(PublicKey key) throws KeyManagementException {
check("setIdentityPublicKey");
this.publicKey = key;
certificates = new Vector<>();
}
@ -191,7 +190,6 @@ public abstract class Identity implements Principal, Serializable {
* @see #getInfo
*/
public void setInfo(String info) {
check("setIdentityInfo");
this.info = info;
}
@ -221,8 +219,6 @@ public abstract class Identity implements Principal, Serializable {
public void addCertificate(Certificate certificate)
throws KeyManagementException {
check("addIdentityCertificate");
if (certificates == null) {
certificates = new Vector<>();
}
@ -260,7 +256,6 @@ public abstract class Identity implements Principal, Serializable {
*/
public void removeCertificate(Certificate certificate)
throws KeyManagementException {
check("removeIdentityCertificate");
if (certificates != null) {
certificates.removeElement(certificate);
}
@ -358,7 +353,6 @@ public abstract class Identity implements Principal, Serializable {
* name of its scope (if any).
*/
public String toString() {
check("printIdentity");
String printable = name;
if (scope != null) {
printable += "[" + scope.getName() + "]";
@ -429,11 +423,4 @@ public abstract class Identity implements Principal, Serializable {
public int hashCode() {
return name.hashCode();
}
private static void check(String directive) {
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkSecurityAccess(directive);
}
}
}

17
src/java.base/share/classes/java/security/IdentityScope.java
View file

@ -76,13 +76,7 @@ class IdentityScope extends Identity {
// initialize the system scope
private static void initializeSystemScope() {
String classname = AccessController.doPrivileged(
new PrivilegedAction<>() {
public String run() {
return Security.getProperty("system.scope");
}
});
String classname = Security.getProperty("system.scope");
if (classname == null) {
return;
@ -153,7 +147,6 @@ class IdentityScope extends Identity {
* @see #getSystemScope
*/
protected static void setSystemScope(IdentityScope scope) {
check("setSystemScope");
IdentityScope.scope = scope;
}
@ -241,12 +234,4 @@ class IdentityScope extends Identity {
public String toString() {
return super.toString() + "[" + size() + "]";
}
private static void check(String directive) {
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkSecurityAccess(directive);
}
}
}

153
src/java.base/share/classes/java/security/KeyStore.java
View file

@ -987,9 +987,7 @@ public class KeyStore {
* @see java.security.Security security properties
*/
public static final String getDefaultType() {
@SuppressWarnings("removal")
String kstype = AccessController.doPrivileged((PrivilegedAction<String>) () ->
Security.getProperty(KEYSTORE_TYPE));
String kstype = Security.getProperty(KEYSTORE_TYPE);
if (kstype == null) {
kstype = "pkcs12";
}
@ -1993,9 +1991,7 @@ public class KeyStore {
("File does not exist or it does not refer " +
"to a normal file: " + file);
}
@SuppressWarnings("removal")
var acc = AccessController.getContext();
return new FileBuilder(type, provider, file, protection, acc);
return new FileBuilder(type, provider, file, protection);
}
/**
@ -2048,24 +2044,19 @@ public class KeyStore {
private final File file;
private final ProtectionParameter protection;
private ProtectionParameter keyProtection;
@SuppressWarnings("removal")
private final AccessControlContext context;
private KeyStore keyStore;
private Throwable oldException;
FileBuilder(String type, Provider provider, File file,
ProtectionParameter protection,
@SuppressWarnings("removal") AccessControlContext context) {
ProtectionParameter protection) {
this.type = type;
this.provider = provider;
this.file = file;
this.protection = protection;
this.context = context;
}
@SuppressWarnings("removal")
public synchronized KeyStore getKeyStore() throws KeyStoreException
{
if (keyStore != null) {
@ -2076,19 +2067,18 @@ public class KeyStore {
("Previous KeyStore instantiation failed",
oldException);
}
PrivilegedExceptionAction<KeyStore> action =
new PrivilegedExceptionAction<KeyStore>() {
public KeyStore run() throws Exception {
if (!(protection instanceof CallbackHandlerProtection)) {
return run0();
}
try {
if (!(protection instanceof CallbackHandlerProtection)) {
keyStore = getKeyStore0();
} else {
// when using a CallbackHandler,
// reprompt if the password is wrong
int tries = 0;
while (true) {
tries++;
try {
return run0();
keyStore = getKeyStore0();
break;
} catch (IOException e) {
if ((tries < MAX_CALLBACK_TRIES)
&& (e.getCause() instanceof UnrecoverableKeyException)) {
@ -2098,58 +2088,53 @@ public class KeyStore {
}
}
}
public KeyStore run0() throws Exception {
KeyStore ks;
char[] password;
// Acquire keystore password
if (protection instanceof PasswordProtection) {
password =
((PasswordProtection)protection).getPassword();
keyProtection = protection;
} else {
CallbackHandler handler =
((CallbackHandlerProtection)protection)
.getCallbackHandler();
PasswordCallback callback = new PasswordCallback
("Password for keystore " + file.getName(),
false);
handler.handle(new Callback[] {callback});
password = callback.getPassword();
if (password == null) {
throw new KeyStoreException("No password" +
" provided");
}
callback.clearPassword();
keyProtection = new PasswordProtection(password);
}
if (type.isEmpty()) {
// Instantiate keystore and load keystore data
ks = KeyStore.getInstance(file, password);
} else {
// Instantiate keystore
if (provider == null) {
ks = KeyStore.getInstance(type);
} else {
ks = KeyStore.getInstance(type, provider);
}
// Load keystore data
try (InputStream in = new FileInputStream(file)) {
ks.load(in, password);
}
}
return ks;
}
};
try {
keyStore = AccessController.doPrivileged(action, context);
return keyStore;
} catch (PrivilegedActionException e) {
oldException = e.getCause();
} catch (Exception e) {
oldException = e;
throw new KeyStoreException
("KeyStore instantiation failed", oldException);
}
return keyStore;
}
private KeyStore getKeyStore0() throws Exception {
KeyStore ks;
char[] password;
// Acquire keystore password
if (protection instanceof PasswordProtection) {
password = ((PasswordProtection)protection).getPassword();
keyProtection = protection;
} else {
CallbackHandler handler =
((CallbackHandlerProtection)protection)
.getCallbackHandler();
PasswordCallback callback = new PasswordCallback
("Password for keystore " + file.getName(), false);
handler.handle(new Callback[] {callback});
password = callback.getPassword();
if (password == null) {
throw new KeyStoreException("No password" + " provided");
}
callback.clearPassword();
keyProtection = new PasswordProtection(password);
}
if (type.isEmpty()) {
// Instantiate keystore and load keystore data
ks = KeyStore.getInstance(file, password);
} else {
// Instantiate keystore
if (provider == null) {
ks = KeyStore.getInstance(type);
} else {
ks = KeyStore.getInstance(type, provider);
}
// Load keystore data
try (InputStream in = new FileInputStream(file)) {
ks.load(in, password);
}
}
return ks;
}
public synchronized ProtectionParameter
@ -2195,16 +2180,18 @@ public class KeyStore {
if ((type == null) || (protection == null)) {
throw new NullPointerException();
}
@SuppressWarnings("removal")
final AccessControlContext context = AccessController.getContext();
return new Builder() {
private volatile boolean getCalled;
private IOException oldException;
private final PrivilegedExceptionAction<KeyStore> action
= new PrivilegedExceptionAction<>() {
public KeyStore run() throws Exception {
public synchronized KeyStore getKeyStore()
throws KeyStoreException {
if (oldException != null) {
throw new KeyStoreException
("Previous KeyStore instantiation failed",
oldException);
}
try {
KeyStore ks;
if (provider == null) {
ks = KeyStore.getInstance(type);
@ -2237,23 +2224,9 @@ public class KeyStore {
}
getCalled = true;
return ks;
}
};
@SuppressWarnings("removal")
public synchronized KeyStore getKeyStore()
throws KeyStoreException {
if (oldException != null) {
} catch (Exception e) {
throw new KeyStoreException
("Previous KeyStore instantiation failed",
oldException);
}
try {
return AccessController.doPrivileged(action, context);
} catch (PrivilegedActionException e) {
Throwable cause = e.getCause();
throw new KeyStoreException
("KeyStore instantiation failed", cause);
("KeyStore instantiation failed", e);
}
}

24
src/java.base/share/classes/java/security/Signer.java
View file

@ -99,7 +99,6 @@ public abstract class Signer extends Identity {
* not yet been set.
*/
public PrivateKey getPrivateKey() {
check("getSignerPrivateKey");
return privateKey;
}
@ -115,24 +114,13 @@ public abstract class Signer extends Identity {
*/
public final void setKeyPair(KeyPair pair)
throws InvalidParameterException, KeyException {
check("setSignerKeyPair");
final PublicKey pub = pair.getPublic();
PublicKey pub = pair.getPublic();
PrivateKey priv = pair.getPrivate();
if (pub == null || priv == null) {
throw new InvalidParameterException();
}
try {
AccessController.doPrivileged(
new PrivilegedExceptionAction<>() {
public Void run() throws KeyManagementException {
setPublicKey(pub);
return null;
}
});
} catch (PrivilegedActionException pae) {
throw (KeyManagementException) pae.getException();
}
setPublicKey(pub);
privateKey = priv;
}
@ -156,12 +144,4 @@ public abstract class Signer extends Identity {
public String toString() {
return "[Signer]" + super.toString();
}
private static void check(String directive) {
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkSecurityAccess(directive);
}
}
}