archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 22:34:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8345060: Remove Security Manager dependencies from java.security.KeyStore and Identity APIs and implementations

Browse source 
Reviewed-by: hchao, alanb, weijun
This commit is contained in:
Sean Mullan 2024-12-02 15:23:47 +00:00
parent 1ca764454b
commit 30b8bbe255
11 changed files with 96 additions and 231 deletions
Download patch file Download diff file Expand all files Collapse all files

43
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
View file

@ -26,7 +26,6 @@
package sun.security.pkcs12;
import java.io.*;
import java.security.AccessController;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Key;
@ -36,7 +35,6 @@ import java.security.KeyStoreSpi;
import java.security.KeyStoreException;
import java.security.PKCS12Attribute;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.SecureRandom;
@ -66,7 +64,6 @@ import javax.security.auth.DestroyFailedException;
import javax.security.auth.x500.X500Principal;
import jdk.internal.access.SharedSecrets;
import sun.security.action.GetPropertyAction;
import sun.security.tools.KeyStoreUtil;
import sun.security.util.*;
import sun.security.pkcs.ContentInfo;
@ -2651,15 +2648,14 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
// key entries.
private static boolean useLegacy() {
return GetPropertyAction.privilegedGetProperty(
USE_LEGACY_PROP) != null;
return System.getProperty(USE_LEGACY_PROP) != null;
}
private static String defaultCertProtectionAlgorithm() {
if (useLegacy()) {
return LEGACY_CERT_PBE_ALGORITHM;
}
String result = SecurityProperties.privilegedGetOverridable(
String result = SecurityProperties.getOverridableProperty(
"keystore.pkcs12.certProtectionAlgorithm");
return (result != null && !result.isEmpty())
? result : DEFAULT_CERT_PBE_ALGORITHM;
@ -2669,7 +2665,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
if (useLegacy()) {
return LEGACY_PBE_ITERATION_COUNT;
}
String result = SecurityProperties.privilegedGetOverridable(
String result = SecurityProperties.getOverridableProperty(
"keystore.pkcs12.certPbeIterationCount");
return (result != null && !result.isEmpty())
? string2IC("certPbeIterationCount", result)
@ -2682,27 +2678,18 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
if (useLegacy()) {
return LEGACY_KEY_PBE_ALGORITHM;
}
@SuppressWarnings("removal")
String result = AccessController.doPrivileged(new PrivilegedAction<String>() {
public String run() {
String result;
String name1 = "keystore.pkcs12.keyProtectionAlgorithm";
String name2 = "keystore.PKCS12.keyProtectionAlgorithm";
result = System.getProperty(name1);
if (result != null) {
return result;
}
result = System.getProperty(name2);
if (result != null) {
return result;
}
String name1 = "keystore.pkcs12.keyProtectionAlgorithm";
String name2 = "keystore.PKCS12.keyProtectionAlgorithm";
String result = System.getProperty(name1);
if (result == null) {
result = System.getProperty(name2);
if (result == null) {
result = Security.getProperty(name1);
if (result != null) {
return result;
if (result == null) {
result = Security.getProperty(name2);
}
return Security.getProperty(name2);
}
});
}
return (result != null && !result.isEmpty())
? result : DEFAULT_KEY_PBE_ALGORITHM;
}
@ -2711,7 +2698,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
if (useLegacy()) {
return LEGACY_PBE_ITERATION_COUNT;
}
String result = SecurityProperties.privilegedGetOverridable(
String result = SecurityProperties.getOverridableProperty(
"keystore.pkcs12.keyPbeIterationCount");
return (result != null && !result.isEmpty())
? string2IC("keyPbeIterationCount", result)
@ -2722,7 +2709,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
if (useLegacy()) {
return LEGACY_MAC_ALGORITHM;
}
String result = SecurityProperties.privilegedGetOverridable(
String result = SecurityProperties.getOverridableProperty(
"keystore.pkcs12.macAlgorithm");
return (result != null && !result.isEmpty())
? result : DEFAULT_MAC_ALGORITHM;
@ -2732,7 +2719,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
if (useLegacy()) {
return LEGACY_MAC_ITERATION_COUNT;
}
String result = SecurityProperties.privilegedGetOverridable(
String result = SecurityProperties.getOverridableProperty(
"keystore.pkcs12.macIterationCount");
return (result != null && !result.isEmpty())
? string2IC("macIterationCount", result)

4
src/java.base/share/classes/sun/security/tools/keytool/Main.java
View file

@ -981,9 +981,9 @@ public final class Main {
// if certProtectionAlgorithm and macAlgorithm are both NONE.
if (storetype.equalsIgnoreCase("pkcs12")) {
isPasswordlessKeyStore =
"NONE".equals(SecurityProperties.privilegedGetOverridable(
"NONE".equals(SecurityProperties.getOverridableProperty(
"keystore.pkcs12.certProtectionAlgorithm"))
&& "NONE".equals(SecurityProperties.privilegedGetOverridable(
&& "NONE".equals(SecurityProperties.getOverridableProperty(
"keystore.pkcs12.macAlgorithm"));
}

6
src/java.base/share/classes/sun/security/util/KeyStoreDelegator.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -64,9 +64,7 @@ public class KeyStoreDelegator extends KeyStoreSpi {
Class<? extends KeyStoreSpi> secondaryKeyStore) {
// Check whether compatibility mode has been disabled
@SuppressWarnings("removal")
var prop = AccessController.doPrivileged((PrivilegedAction<String>) () ->
Security.getProperty(KEYSTORE_TYPE_COMPAT));
var prop = Security.getProperty(KEYSTORE_TYPE_COMPAT);
compatModeEnabled = "true".equalsIgnoreCase(prop);
if (compatModeEnabled) {