archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8209416: Refactoring GetPropertyAction calls in security libs

Browse source 
Reviewed-by: xuelei, rriggs
This commit is contained in:
Weijun Wang 2018-08-14 22:39:34 +08:00
parent 815cdefb43
commit 33a96c6df9
29 changed files with 146 additions and 196 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/java.base/share/classes/com/sun/security/ntlm/NTLM.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,8 @@
package com.sun.security.ntlm;
import sun.security.action.GetBooleanAction;
import static com.sun.security.ntlm.Version.*;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
@ -55,10 +57,8 @@ class NTLM {
private final MessageDigest md4;
private final Mac hmac;
private final MessageDigest md5;
private static final boolean DEBUG =
java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction("ntlm.debug"))
.booleanValue();
private static final boolean DEBUG
= GetBooleanAction.privilegedGetProperty("ntlm.debug");
final Version v;

25
src/java.base/share/classes/sun/security/action/GetBooleanAction.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,8 @@
package sun.security.action;
import java.security.AccessController;
/**
* A convenience class for retrieving the boolean value of a system property
* as a privileged action.
@ -69,4 +71,25 @@ public class GetBooleanAction
public Boolean run() {
return Boolean.getBoolean(theProp);
}
/**
* Convenience method to get a property without going through doPrivileged
* if no security manager is present. This is unsafe for inclusion in a
* public API but allowable here since this class is now encapsulated.
*
* Note that this method performs a privileged action using caller-provided
* inputs. The caller of this method should take care to ensure that the
* inputs are not tainted and the returned property is not made accessible
* to untrusted code if it contains sensitive information.
*
* @param theProp the name of the system property.
*/
public static boolean privilegedGetProperty(String theProp) {
if (System.getSecurityManager() == null) {
return Boolean.getBoolean(theProp);
} else {
return AccessController.doPrivileged(
new GetBooleanAction(theProp));
}
}
}

24
src/java.base/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,9 +25,9 @@
package sun.security.internal.spec;
import sun.security.action.GetBooleanAction;
import java.security.spec.AlgorithmParameterSpec;
import java.security.AccessController;
import java.security.PrivilegedAction;
/**
* Parameters for SSL/TLS RSA premaster secret.
@ -51,25 +51,11 @@ public class TlsRsaPremasterSecretParameterSpec
* requested in its client hello version). However, we (and other
* implementations) used to send the active negotiated version. The
* system property below allows to toggle the behavior.
*/
private static final String PROP_NAME =
"com.sun.net.ssl.rsaPreMasterSecretFix";
/*
* Default is "false" (old behavior) for compatibility reasons in
* SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property.
*/
private static final boolean rsaPreMasterSecretFix =
AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
public Boolean run() {
String value = System.getProperty(PROP_NAME);
if (value != null && value.equalsIgnoreCase("true")) {
return Boolean.TRUE;
}
return Boolean.FALSE;
}
});
private static final boolean rsaPreMasterSecretFix = GetBooleanAction
.privilegedGetProperty("com.sun.net.ssl.rsaPreMasterSecretFix");
private final int clientVersion;
private final int serverVersion;

6
src/java.base/share/classes/sun/security/provider/certpath/Builder.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -63,8 +63,8 @@ public abstract class Builder {
* Authority Information Access extension shall be enabled. Currently
* disabled by default for compatibility reasons.
*/
static final boolean USE_AIA = AccessController.doPrivileged
(new GetBooleanAction("com.sun.security.enableAIAcaIssuers"));
static final boolean USE_AIA = GetBooleanAction
.privilegedGetProperty("com.sun.security.enableAIAcaIssuers");
/**
* Initialize the builder with the input parameters.

14
src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java
View file

@ -31,6 +31,8 @@ import java.util.Enumeration;
import java.util.Locale;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import sun.security.action.GetPropertyAction;
import sun.security.util.Cache;
@ -196,15 +198,9 @@ final class SSLSessionContextImpl implements SSLSessionContext {
private static int getDefaultCacheLimit() {
int defaultCacheLimit = 0;
try {
String s = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<String>() {
@Override
public String run() {
return System.getProperty(
"javax.net.ssl.sessionCacheSize");
}
});
defaultCacheLimit = (s != null) ? Integer.parseInt(s) : 0;
String s = GetPropertyAction
.privilegedGetProperty("javax.net.ssl.sessionCacheSize");
defaultCacheLimit = (s != null) ? Integer.parseInt(s) : 0;
} catch (Exception e) {
// swallow the exception
}

8
src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java
View file

@ -96,10 +96,10 @@ final class StatusResponseManager {
}
defaultResponder = tmpURI;
respOverride = AccessController.doPrivileged(
new GetBooleanAction("jdk.tls.stapling.responderOverride"));
ignoreExtensions = AccessController.doPrivileged(
new GetBooleanAction("jdk.tls.stapling.ignoreExtensions"));
respOverride = GetBooleanAction
.privilegedGetProperty("jdk.tls.stapling.responderOverride");
ignoreExtensions = GetBooleanAction
.privilegedGetProperty("jdk.tls.stapling.ignoreExtensions");
threadMgr = new ScheduledThreadPoolExecutor(DEFAULT_CORE_THREADS,
new ThreadFactory() {

4
src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
View file

@ -482,8 +482,8 @@ final class SupportedGroupsExtension {
//
// If the System Property is not defined or the value is empty, the
// default groups and preferences will be used.
String property = AccessController.doPrivileged(
new GetPropertyAction("jdk.tls.namedGroups"));
String property = GetPropertyAction
.privilegedGetProperty("jdk.tls.namedGroups");
if (property != null && property.length() != 0) {
// remove double quote marks from beginning/end of the property
if (property.length() > 1 && property.charAt(0) == '"' &&

7
src/java.base/share/classes/sun/security/validator/PKIXValidator.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -57,9 +57,8 @@ public final class PKIXValidator extends Validator {
* manager. Typically, this will only work if the PKIX implementation
* supports CRL distribution points as we do not manually setup CertStores.
*/
private static final boolean checkTLSRevocation =
AccessController.doPrivileged
(new GetBooleanAction("com.sun.net.ssl.checkRevocation"));
private static final boolean checkTLSRevocation = GetBooleanAction
.privilegedGetProperty("com.sun.net.ssl.checkRevocation");
private final Set<X509Certificate> trustedCerts;
private final PKIXBuilderParameters parameterTemplate;

7
src/java.base/share/classes/sun/security/x509/AVA.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -64,9 +64,8 @@ public class AVA implements DerEncoder {
// See CR 6391482: if enabled this flag preserves the old but incorrect
// PrintableString encoding for DomainComponent. It may need to be set to
// avoid breaking preexisting certificates generated with sun.security APIs.
private static final boolean PRESERVE_OLD_DC_ENCODING =
AccessController.doPrivileged(new GetBooleanAction
("com.sun.security.preserveOldDCEncoding"));
private static final boolean PRESERVE_OLD_DC_ENCODING = GetBooleanAction
.privilegedGetProperty("com.sun.security.preserveOldDCEncoding");
/**
* DEFAULT format allows both RFC1779 and RFC2253 syntax and