archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 22:34:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8209416: Refactoring GetPropertyAction calls in security libs

Browse source 
Reviewed-by: xuelei, rriggs
This commit is contained in:
Weijun Wang 2018-08-14 22:39:34 +08:00
parent 815cdefb43
commit 33a96c6df9
29 changed files with 146 additions and 196 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/java.base/share/classes/com/sun/security/ntlm/NTLM.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2010, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,8 @@
package com.sun.security.ntlm; package com.sun.security.ntlm;
import sun.security.action.GetBooleanAction;
import static com.sun.security.ntlm.Version.*; import static com.sun.security.ntlm.Version.*;
import java.io.IOException; import java.io.IOException;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
@ -55,10 +57,8 @@ class NTLM {
private final MessageDigest md4; private final MessageDigest md4;
private final Mac hmac; private final Mac hmac;
private final MessageDigest md5; private final MessageDigest md5;
private static final boolean DEBUG = private static final boolean DEBUG
java.security.AccessController.doPrivileged( = GetBooleanAction.privilegedGetProperty("ntlm.debug");
new sun.security.action.GetBooleanAction("ntlm.debug"))
.booleanValue();
final Version v; final Version v;

25
src/java.base/share/classes/sun/security/action/GetBooleanAction.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1998, 2006, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,8 @@
package sun.security.action; package sun.security.action;
import java.security.AccessController;
/** /**
* A convenience class for retrieving the boolean value of a system property * A convenience class for retrieving the boolean value of a system property
* as a privileged action. * as a privileged action.
@ -69,4 +71,25 @@ public class GetBooleanAction
public Boolean run() { public Boolean run() {
return Boolean.getBoolean(theProp); return Boolean.getBoolean(theProp);
} }
/**
* Convenience method to get a property without going through doPrivileged
* if no security manager is present. This is unsafe for inclusion in a
* public API but allowable here since this class is now encapsulated.
*
* Note that this method performs a privileged action using caller-provided
* inputs. The caller of this method should take care to ensure that the
* inputs are not tainted and the returned property is not made accessible
* to untrusted code if it contains sensitive information.
*
* @param theProp the name of the system property.
*/
public static boolean privilegedGetProperty(String theProp) {
if (System.getSecurityManager() == null) {
return Boolean.getBoolean(theProp);
} else {
return AccessController.doPrivileged(
new GetBooleanAction(theProp));
}
}
} }

24
src/java.base/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -25,9 +25,9 @@
package sun.security.internal.spec; package sun.security.internal.spec;
import sun.security.action.GetBooleanAction;
import java.security.spec.AlgorithmParameterSpec; import java.security.spec.AlgorithmParameterSpec;
import java.security.AccessController;
import java.security.PrivilegedAction;
/** /**
* Parameters for SSL/TLS RSA premaster secret. * Parameters for SSL/TLS RSA premaster secret.
@ -51,25 +51,11 @@ public class TlsRsaPremasterSecretParameterSpec
* requested in its client hello version). However, we (and other * requested in its client hello version). However, we (and other
* implementations) used to send the active negotiated version. The * implementations) used to send the active negotiated version. The
* system property below allows to toggle the behavior. * system property below allows to toggle the behavior.
*/
private static final String PROP_NAME =
"com.sun.net.ssl.rsaPreMasterSecretFix";
/*
* Default is "false" (old behavior) for compatibility reasons in * Default is "false" (old behavior) for compatibility reasons in
* SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property. * SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property.
*/ */
private static final boolean rsaPreMasterSecretFix = private static final boolean rsaPreMasterSecretFix = GetBooleanAction
AccessController.doPrivileged(new PrivilegedAction<Boolean>() { .privilegedGetProperty("com.sun.net.ssl.rsaPreMasterSecretFix");
public Boolean run() {
String value = System.getProperty(PROP_NAME);
if (value != null && value.equalsIgnoreCase("true")) {
return Boolean.TRUE;
}
return Boolean.FALSE;
}
});
private final int clientVersion; private final int clientVersion;
private final int serverVersion; private final int serverVersion;

6
src/java.base/share/classes/sun/security/provider/certpath/Builder.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -63,8 +63,8 @@ public abstract class Builder {
* Authority Information Access extension shall be enabled. Currently * Authority Information Access extension shall be enabled. Currently
* disabled by default for compatibility reasons. * disabled by default for compatibility reasons.
*/ */
static final boolean USE_AIA = AccessController.doPrivileged static final boolean USE_AIA = GetBooleanAction
(new GetBooleanAction("com.sun.security.enableAIAcaIssuers")); .privilegedGetProperty("com.sun.security.enableAIAcaIssuers");
/** /**
* Initialize the builder with the input parameters. * Initialize the builder with the input parameters.

14
src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java
View file

@ -31,6 +31,8 @@ import java.util.Enumeration;
import java.util.Locale; import java.util.Locale;
import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext; import javax.net.ssl.SSLSessionContext;
import sun.security.action.GetPropertyAction;
import sun.security.util.Cache; import sun.security.util.Cache;
@ -196,15 +198,9 @@ final class SSLSessionContextImpl implements SSLSessionContext {
private static int getDefaultCacheLimit() { private static int getDefaultCacheLimit() {
int defaultCacheLimit = 0; int defaultCacheLimit = 0;
try { try {
String s = java.security.AccessController.doPrivileged( String s = GetPropertyAction
new java.security.PrivilegedAction<String>() { .privilegedGetProperty("javax.net.ssl.sessionCacheSize");
@Override defaultCacheLimit = (s != null) ? Integer.parseInt(s) : 0;
public String run() {
return System.getProperty(
"javax.net.ssl.sessionCacheSize");
}
});
defaultCacheLimit = (s != null) ? Integer.parseInt(s) : 0;
} catch (Exception e) { } catch (Exception e) {
// swallow the exception // swallow the exception
} }

8
src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java
View file

@ -96,10 +96,10 @@ final class StatusResponseManager {
} }
defaultResponder = tmpURI; defaultResponder = tmpURI;
respOverride = AccessController.doPrivileged( respOverride = GetBooleanAction
new GetBooleanAction("jdk.tls.stapling.responderOverride")); .privilegedGetProperty("jdk.tls.stapling.responderOverride");
ignoreExtensions = AccessController.doPrivileged( ignoreExtensions = GetBooleanAction
new GetBooleanAction("jdk.tls.stapling.ignoreExtensions")); .privilegedGetProperty("jdk.tls.stapling.ignoreExtensions");
threadMgr = new ScheduledThreadPoolExecutor(DEFAULT_CORE_THREADS, threadMgr = new ScheduledThreadPoolExecutor(DEFAULT_CORE_THREADS,
new ThreadFactory() { new ThreadFactory() {

4
src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
View file

@ -482,8 +482,8 @@ final class SupportedGroupsExtension {
// //
// If the System Property is not defined or the value is empty, the // If the System Property is not defined or the value is empty, the
// default groups and preferences will be used. // default groups and preferences will be used.
String property = AccessController.doPrivileged( String property = GetPropertyAction
new GetPropertyAction("jdk.tls.namedGroups")); .privilegedGetProperty("jdk.tls.namedGroups");
if (property != null && property.length() != 0) { if (property != null && property.length() != 0) {
// remove double quote marks from beginning/end of the property // remove double quote marks from beginning/end of the property
if (property.length() > 1 && property.charAt(0) == '"' && if (property.length() > 1 && property.charAt(0) == '"' &&

7
src/java.base/share/classes/sun/security/validator/PKIXValidator.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -57,9 +57,8 @@ public final class PKIXValidator extends Validator {
* manager. Typically, this will only work if the PKIX implementation * manager. Typically, this will only work if the PKIX implementation
* supports CRL distribution points as we do not manually setup CertStores. * supports CRL distribution points as we do not manually setup CertStores.
*/ */
private static final boolean checkTLSRevocation = private static final boolean checkTLSRevocation = GetBooleanAction
AccessController.doPrivileged .privilegedGetProperty("com.sun.net.ssl.checkRevocation");
(new GetBooleanAction("com.sun.net.ssl.checkRevocation"));
private final Set<X509Certificate> trustedCerts; private final Set<X509Certificate> trustedCerts;
private final PKIXBuilderParameters parameterTemplate; private final PKIXBuilderParameters parameterTemplate;

7
src/java.base/share/classes/sun/security/x509/AVA.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -64,9 +64,8 @@ public class AVA implements DerEncoder {
// See CR 6391482: if enabled this flag preserves the old but incorrect // See CR 6391482: if enabled this flag preserves the old but incorrect
// PrintableString encoding for DomainComponent. It may need to be set to // PrintableString encoding for DomainComponent. It may need to be set to
// avoid breaking preexisting certificates generated with sun.security APIs. // avoid breaking preexisting certificates generated with sun.security APIs.
private static final boolean PRESERVE_OLD_DC_ENCODING = private static final boolean PRESERVE_OLD_DC_ENCODING = GetBooleanAction
AccessController.doPrivileged(new GetBooleanAction .privilegedGetProperty("com.sun.security.preserveOldDCEncoding");
("com.sun.security.preserveOldDCEncoding"));
/** /**
* DEFAULT format allows both RFC1779 and RFC2253 syntax and * DEFAULT format allows both RFC1779 and RFC2253 syntax and

17
src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -34,6 +34,8 @@ import org.ietf.jgss.Oid;
import sun.net.www.protocol.http.HttpCallerInfo; import sun.net.www.protocol.http.HttpCallerInfo;
import sun.net.www.protocol.http.Negotiator; import sun.net.www.protocol.http.Negotiator;
import sun.security.action.GetBooleanAction;
import sun.security.action.GetPropertyAction;
import sun.security.jgss.GSSManagerImpl; import sun.security.jgss.GSSManagerImpl;
import sun.security.jgss.GSSContextImpl; import sun.security.jgss.GSSContextImpl;
import sun.security.jgss.GSSUtil; import sun.security.jgss.GSSUtil;
@ -50,8 +52,7 @@ import sun.security.jgss.HttpCaller;
public class NegotiatorImpl extends Negotiator { public class NegotiatorImpl extends Negotiator {
private static final boolean DEBUG = private static final boolean DEBUG =
java.security.AccessController.doPrivileged( GetBooleanAction.privilegedGetProperty("sun.security.krb5.debug");
new sun.security.action.GetBooleanAction("sun.security.krb5.debug"));
private GSSContext context; private GSSContext context;
private byte[] oneToken; private byte[] oneToken;
@ -71,14 +72,8 @@ public class NegotiatorImpl extends Negotiator {
// we can only use Kerberos mech when the scheme is kerberos // we can only use Kerberos mech when the scheme is kerberos
oid = GSSUtil.GSS_KRB5_MECH_OID; oid = GSSUtil.GSS_KRB5_MECH_OID;
} else { } else {
String pref = java.security.AccessController.doPrivileged( String pref = GetPropertyAction
new java.security.PrivilegedAction<String>() { .privilegedGetProperty("http.auth.preference", "spnego");
public String run() {
return System.getProperty(
"http.auth.preference",
"spnego");
}
});
if (pref.equalsIgnoreCase("kerberos")) { if (pref.equalsIgnoreCase("kerberos")) {
oid = GSSUtil.GSS_KRB5_MECH_OID; oid = GSSUtil.GSS_KRB5_MECH_OID;
} else { } else {

19
src/java.security.jgss/share/classes/sun/security/jgss/GSSManagerImpl.java
View file

@ -26,10 +26,9 @@
package sun.security.jgss; package sun.security.jgss;
import org.ietf.jgss.*; import org.ietf.jgss.*;
import sun.security.action.GetBooleanAction;
import sun.security.jgss.spi.*; import sun.security.jgss.spi.*;
import java.security.Provider; import java.security.Provider;
import java.security.AccessController;
import java.security.PrivilegedAction;
/** /**
* This class provides the default implementation of the GSSManager * This class provides the default implementation of the GSSManager
@ -38,20 +37,8 @@ import java.security.PrivilegedAction;
public class GSSManagerImpl extends GSSManager { public class GSSManagerImpl extends GSSManager {
// Undocumented property // Undocumented property
private static final String USE_NATIVE_PROP = private static final Boolean USE_NATIVE = GetBooleanAction
"sun.security.jgss.native"; .privilegedGetProperty("sun.security.jgss.native");
private static final Boolean USE_NATIVE;
static {
USE_NATIVE =
AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
public Boolean run() {
return Boolean.valueOf(System.getProperty
(USE_NATIVE_PROP));
}
});
}
private ProviderList list; private ProviderList list;

26
src/java.security.jgss/share/classes/sun/security/jgss/GSSUtil.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -68,15 +68,8 @@ public class GSSUtil {
public static final Oid NT_GSS_KRB5_PRINCIPAL = public static final Oid NT_GSS_KRB5_PRINCIPAL =
GSSUtil.createOid("1.2.840.113554.1.2.2.1"); GSSUtil.createOid("1.2.840.113554.1.2.2.1");
private static final String DEFAULT_HANDLER = static final boolean DEBUG =
"auth.login.defaultCallbackHandler"; GetBooleanAction.privilegedGetProperty("sun.security.jgss.debug");
static final boolean DEBUG;
static {
DEBUG = (AccessController.doPrivileged
(new GetBooleanAction("sun.security.jgss.debug"))).
booleanValue();
}
static void debug(String message) { static void debug(String message) {
if (DEBUG) { if (DEBUG) {
@ -240,8 +233,8 @@ public class GSSUtil {
cb = new sun.net.www.protocol.http.spnego.NegotiateCallbackHandler( cb = new sun.net.www.protocol.http.spnego.NegotiateCallbackHandler(
((HttpCaller)caller).info()); ((HttpCaller)caller).info());
} else { } else {
String defaultHandler = String defaultHandler = java.security.Security
java.security.Security.getProperty(DEFAULT_HANDLER); .getProperty("auth.login.defaultCallbackHandler");
// get the default callback handler // get the default callback handler
if ((defaultHandler != null) && (defaultHandler.length() != 0)) { if ((defaultHandler != null) && (defaultHandler.length() != 0)) {
cb = null; cb = null;
@ -270,8 +263,8 @@ public class GSSUtil {
*/ */
public static boolean useSubjectCredsOnly(GSSCaller caller) { public static boolean useSubjectCredsOnly(GSSCaller caller) {
String propValue = GetPropertyAction.privilegedGetProperty( String propValue = GetPropertyAction
"javax.security.auth.useSubjectCredsOnly"); .privilegedGetProperty("javax.security.auth.useSubjectCredsOnly");
// Invalid values should be ignored and the default assumed. // Invalid values should be ignored and the default assumed.
if (caller instanceof HttpCaller) { if (caller instanceof HttpCaller) {
@ -295,9 +288,8 @@ public class GSSUtil {
* Don't use GetBooleanAction because the default value in the JRE * Don't use GetBooleanAction because the default value in the JRE
* (when this is unset) has to treated as true. * (when this is unset) has to treated as true.
*/ */
String propValue = AccessController.doPrivileged( String propValue = GetPropertyAction
new GetPropertyAction("sun.security.spnego.msinterop", .privilegedGetProperty("sun.security.spnego.msinterop", "true");
"true"));
/* /*
* This property has to be explicitly set to "false". Invalid * This property has to be explicitly set to "false". Invalid
* values should be ignored and the default "true" assumed. * values should be ignored and the default "true" assumed.

11
src/java.security.jgss/share/classes/sun/security/jgss/ProviderList.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -27,7 +27,6 @@ package sun.security.jgss;
import java.lang.reflect.InvocationTargetException; import java.lang.reflect.InvocationTargetException;
import org.ietf.jgss.*; import org.ietf.jgss.*;
import java.security.AccessController;
import java.security.Provider; import java.security.Provider;
import java.security.Security; import java.security.Security;
import java.util.ArrayList; import java.util.ArrayList;
@ -93,10 +92,6 @@ public final class ProviderList {
private static final String SPI_MECH_FACTORY_TYPE private static final String SPI_MECH_FACTORY_TYPE
= "sun.security.jgss.spi.MechanismFactory"; = "sun.security.jgss.spi.MechanismFactory";
// Undocumented property?
private static final String DEFAULT_MECH_PROP =
"sun.security.jgss.mechanism";
public static final Oid DEFAULT_MECH_OID; public static final Oid DEFAULT_MECH_OID;
static { static {
@ -106,8 +101,8 @@ public final class ProviderList {
* with a valid OID value * with a valid OID value
*/ */
Oid defOid = null; Oid defOid = null;
String defaultOidStr = AccessController.doPrivileged String defaultOidStr = GetPropertyAction
(new GetPropertyAction(DEFAULT_MECH_PROP)); .privilegedGetProperty("sun.security.jgss.mechanism");
if (defaultOidStr != null) { if (defaultOidStr != null) {
defOid = GSSUtil.createOid(defaultOidStr); defOid = GSSUtil.createOid(defaultOidStr);
} }

7
src/java.security.jgss/share/classes/sun/security/jgss/krb5/AcceptSecContextToken.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,6 @@ package sun.security.jgss.krb5;
import org.ietf.jgss.*; import org.ietf.jgss.*;
import java.io.InputStream; import java.io.InputStream;
import java.io.IOException; import java.io.IOException;
import java.security.AccessController;
import sun.security.action.GetBooleanAction; import sun.security.action.GetBooleanAction;
import sun.security.krb5.*; import sun.security.krb5.*;
@ -45,8 +44,8 @@ class AcceptSecContextToken extends InitialToken {
KrbApReq apReq) KrbApReq apReq)
throws KrbException, IOException, GSSException { throws KrbException, IOException, GSSException {
boolean useSubkey = AccessController.doPrivileged( boolean useSubkey = GetBooleanAction
new GetBooleanAction("sun.security.krb5.acceptor.subkey")); .privilegedGetProperty("sun.security.krb5.acceptor.subkey");
boolean useSequenceNumber = true; boolean useSequenceNumber = true;

15
src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -26,12 +26,13 @@
package sun.security.jgss.krb5; package sun.security.jgss.krb5;
import javax.security.auth.kerberos.KerberosTicket; import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KeyTab; import javax.security.auth.kerberos.KeyTab;
import javax.security.auth.Subject; import javax.security.auth.Subject;
import javax.security.auth.login.LoginException; import javax.security.auth.login.LoginException;
import java.security.AccessControlContext; import java.security.AccessControlContext;
import sun.security.action.GetBooleanAction;
import sun.security.jgss.GSSUtil; import sun.security.jgss.GSSUtil;
import sun.security.jgss.GSSCaller; import sun.security.jgss.GSSCaller;
@ -39,20 +40,16 @@ import sun.security.krb5.Credentials;
import sun.security.krb5.EncryptionKey; import sun.security.krb5.EncryptionKey;
import sun.security.krb5.KrbException; import sun.security.krb5.KrbException;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import sun.security.krb5.KerberosSecrets; import sun.security.krb5.KerberosSecrets;
import sun.security.krb5.PrincipalName; import sun.security.krb5.PrincipalName;
/** /**
* Utilities for obtaining and converting Kerberos tickets. * Utilities for obtaining and converting Kerberos tickets.
*
*/ */
public class Krb5Util { public class Krb5Util {
static final boolean DEBUG = static final boolean DEBUG = GetBooleanAction
java.security.AccessController.doPrivileged( .privilegedGetProperty("sun.security.krb5.debug");
new sun.security.action.GetBooleanAction
("sun.security.krb5.debug")).booleanValue();
/** /**
* Default constructor * Default constructor

9
src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoContext.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -28,6 +28,7 @@ package sun.security.jgss.spnego;
import java.io.*; import java.io.*;
import java.security.Provider; import java.security.Provider;
import org.ietf.jgss.*; import org.ietf.jgss.*;
import sun.security.action.GetBooleanAction;
import sun.security.jgss.*; import sun.security.jgss.*;
import sun.security.jgss.spi.*; import sun.security.jgss.spi.*;
import sun.security.util.*; import sun.security.util.*;
@ -81,10 +82,8 @@ public class SpNegoContext implements GSSContextSpi {
final private SpNegoMechFactory factory; final private SpNegoMechFactory factory;
// debug property // debug property
static final boolean DEBUG = static final boolean DEBUG = GetBooleanAction
java.security.AccessController.doPrivileged( .privilegedGetProperty("sun.security.spnego.debug");
new sun.security.action.GetBooleanAction
("sun.security.spnego.debug")).booleanValue();
/** /**
* Constructor for SpNegoContext to be called on the context initiator's * Constructor for SpNegoContext to be called on the context initiator's

9
src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
View file

@ -51,8 +51,6 @@ public final class SunNativeProvider extends Provider {
private static final String INFO = "Sun Native GSS provider"; private static final String INFO = "Sun Native GSS provider";
private static final String MF_CLASS = private static final String MF_CLASS =
"sun.security.jgss.wrapper.NativeGSSFactory"; "sun.security.jgss.wrapper.NativeGSSFactory";
private static final String LIB_PROP = "sun.security.jgss.lib";
private static final String DEBUG_PROP = "sun.security.nativegss.debug";
private static final HashMap<String, String> MECH_MAP; private static final HashMap<String, String> MECH_MAP;
static final Provider INSTANCE; static final Provider INSTANCE;
static boolean DEBUG; static boolean DEBUG;
@ -70,8 +68,8 @@ public final class SunNativeProvider extends Provider {
AccessController.doPrivileged( AccessController.doPrivileged(
new PrivilegedAction<HashMap<String, String>>() { new PrivilegedAction<HashMap<String, String>>() {
public HashMap<String, String> run() { public HashMap<String, String> run() {
DEBUG = Boolean.parseBoolean DEBUG = Boolean.parseBoolean(
(System.getProperty(DEBUG_PROP)); System.getProperty("sun.security.nativegss.debug"));
try { try {
System.loadLibrary("j2gss"); System.loadLibrary("j2gss");
} catch (Error err) { } catch (Error err) {
@ -80,7 +78,8 @@ public final class SunNativeProvider extends Provider {
return null; return null;
} }
String[] gssLibs = new String[0]; String[] gssLibs = new String[0];
String defaultLib = System.getProperty(LIB_PROP); String defaultLib
= System.getProperty("sun.security.jgss.lib");
if (defaultLib == null || defaultLib.trim().equals("")) { if (defaultLib == null || defaultLib.trim().equals("")) {
String osname = System.getProperty("os.name"); String osname = System.getProperty("os.name");
if (osname.startsWith("SunOS")) { if (osname.startsWith("SunOS")) {

29
src/java.security.jgss/share/classes/sun/security/krb5/Config.java
View file

@ -45,6 +45,7 @@ import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import sun.net.dns.ResolverConfiguration; import sun.net.dns.ResolverConfiguration;
import sun.security.action.GetPropertyAction;
import sun.security.krb5.internal.crypto.EType; import sun.security.krb5.internal.crypto.EType;
import sun.security.krb5.internal.Krb5; import sun.security.krb5.internal.Krb5;
@ -122,12 +123,12 @@ public class Config {
private static boolean isMacosLionOrBetter() { private static boolean isMacosLionOrBetter() {
// split the "10.x.y" version number // split the "10.x.y" version number
String osname = getProperty("os.name"); String osname = GetPropertyAction.privilegedGetProperty("os.name");
if (!osname.contains("OS X")) { if (!osname.contains("OS X")) {
return false; return false;
} }
String osVersion = getProperty("os.version"); String osVersion = GetPropertyAction.privilegedGetProperty("os.version");
String[] fragments = osVersion.split("\\."); String[] fragments = osVersion.split("\\.");
// sanity check the "10." part of the version // sanity check the "10." part of the version
@ -152,14 +153,16 @@ public class Config {
/* /*
* If either one system property is specified, we throw exception. * If either one system property is specified, we throw exception.
*/ */
String tmp = getProperty("java.security.krb5.kdc"); String tmp = GetPropertyAction
.privilegedGetProperty("java.security.krb5.kdc");
if (tmp != null) { if (tmp != null) {
// The user can specify a list of kdc hosts separated by ":" // The user can specify a list of kdc hosts separated by ":"
defaultKDC = tmp.replace(':', ' '); defaultKDC = tmp.replace(':', ' ');
} else { } else {
defaultKDC = null; defaultKDC = null;
} }
defaultRealm = getProperty("java.security.krb5.realm"); defaultRealm = GetPropertyAction
.privilegedGetProperty("java.security.krb5.realm");
if ((defaultKDC == null && defaultRealm != null) || if ((defaultKDC == null && defaultRealm != null) ||
(defaultRealm == null && defaultKDC != null)) { (defaultRealm == null && defaultKDC != null)) {
throw new KrbException throw new KrbException
@ -818,11 +821,12 @@ public class Config {
* The method returns null if it cannot find a Java config file. * The method returns null if it cannot find a Java config file.
*/ */
private String getJavaFileName() { private String getJavaFileName() {
String name = getProperty("java.security.krb5.conf"); String name = GetPropertyAction
.privilegedGetProperty("java.security.krb5.conf");
if (name == null) { if (name == null) {
name = getProperty("java.home") + File.separator + name = GetPropertyAction.privilegedGetProperty("java.home")
"conf" + File.separator + "security" + + File.separator + "conf" + File.separator + "security"
File.separator + "krb5.conf"; + File.separator + "krb5.conf";
if (!fileExists(name)) { if (!fileExists(name)) {
name = null; name = null;
} }
@ -852,7 +856,7 @@ public class Config {
*/ */
private String getNativeFileName() { private String getNativeFileName() {
String name = null; String name = null;
String osname = getProperty("os.name"); String osname = GetPropertyAction.privilegedGetProperty("os.name");
if (osname.startsWith("Windows")) { if (osname.startsWith("Windows")) {
try { try {
Credentials.ensureLoaded(); Credentials.ensureLoaded();
@ -899,13 +903,8 @@ public class Config {
return name; return name;
} }
private static String getProperty(String property) {
return java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction(property));
}
private String findMacosConfigFile() { private String findMacosConfigFile() {
String userHome = getProperty("user.home"); String userHome = GetPropertyAction.privilegedGetProperty("user.home");
final String PREF_FILE = "/Library/Preferences/edu.mit.Kerberos"; final String PREF_FILE = "/Library/Preferences/edu.mit.Kerberos";
String userPrefs = userHome + PREF_FILE; String userPrefs = userHome + PREF_FILE;

6
src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,7 @@
package sun.security.krb5; package sun.security.krb5;
import sun.security.action.GetPropertyAction;
import sun.security.krb5.internal.*; import sun.security.krb5.internal.*;
import sun.security.krb5.internal.ccache.CredentialsCache; import sun.security.krb5.internal.ccache.CredentialsCache;
import sun.security.krb5.internal.crypto.EType; import sun.security.krb5.internal.crypto.EType;
@ -288,8 +289,7 @@ public class Credentials {
if (ticketCache == null) { if (ticketCache == null) {
// The default ticket cache on Windows and Mac is not a file. // The default ticket cache on Windows and Mac is not a file.
String os = java.security.AccessController.doPrivileged( String os = GetPropertyAction.privilegedGetProperty("os.name");
new sun.security.action.GetPropertyAction("os.name"));
if (os.toUpperCase(Locale.ENGLISH).startsWith("WINDOWS") || if (os.toUpperCase(Locale.ENGLISH).startsWith("WINDOWS") ||
os.toUpperCase(Locale.ENGLISH).contains("OS X")) { os.toUpperCase(Locale.ENGLISH).contains("OS X")) {
Credentials creds = acquireDefaultCreds(); Credentials creds = acquireDefaultCreds();

8
src/java.security.jgss/share/classes/sun/security/krb5/KdcComm.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -74,8 +74,6 @@ public final class KdcComm {
private static final boolean DEBUG = Krb5.DEBUG; private static final boolean DEBUG = Krb5.DEBUG;
private static final String BAD_POLICY_KEY = "krb5.kdc.bad.policy";
/** /**
* What to do when a KDC is unavailable, specified in the * What to do when a KDC is unavailable, specified in the
* java.security file with key krb5.kdc.bad.policy. * java.security file with key krb5.kdc.bad.policy.
@ -100,7 +98,7 @@ public final class KdcComm {
String value = AccessController.doPrivileged( String value = AccessController.doPrivileged(
new PrivilegedAction<String>() { new PrivilegedAction<String>() {
public String run() { public String run() {
return Security.getProperty(BAD_POLICY_KEY); return Security.getProperty("krb5.kdc.bad.policy");
} }
}); });
if (value != null) { if (value != null) {
@ -120,7 +118,7 @@ public final class KdcComm {
// Ignored. Please note that tryLess is recognized and // Ignored. Please note that tryLess is recognized and
// used, parameters using default values // used, parameters using default values
if (DEBUG) { if (DEBUG) {
System.out.println("Invalid " + BAD_POLICY_KEY + System.out.println("Invalid krb5.kdc.bad.policy" +
" parameter for tryLess: " + " parameter for tryLess: " +
value + ", use default"); value + ", use default");
} }

9
src/java.security.jgss/share/classes/sun/security/krb5/Realm.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,7 @@
package sun.security.krb5; package sun.security.krb5;
import sun.security.action.GetBooleanAction;
import sun.security.krb5.internal.Krb5; import sun.security.krb5.internal.Krb5;
import sun.security.util.*; import sun.security.util.*;
import java.io.IOException; import java.io.IOException;
@ -47,10 +48,8 @@ import sun.security.krb5.internal.util.KerberosString;
*/ */
public class Realm implements Cloneable { public class Realm implements Cloneable {
public static final boolean AUTODEDUCEREALM = public static final boolean AUTODEDUCEREALM = GetBooleanAction
java.security.AccessController.doPrivileged( .privilegedGetProperty("sun.security.krb5.autodeducerealm");
new sun.security.action.GetBooleanAction(
"sun.security.krb5.autodeducerealm"));
private final String realm; // not null nor empty private final String realm; // not null nor empty

10
src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,8 @@
package sun.security.krb5.internal; package sun.security.krb5.internal;
import sun.security.action.GetBooleanAction;
import java.util.Hashtable; import java.util.Hashtable;
// Constants and other defined values from RFC 4120 // Constants and other defined values from RFC 4120
@ -303,9 +305,9 @@ public class Krb5 {
} }
public static final boolean DEBUG = public static final boolean DEBUG = GetBooleanAction
java.security.AccessController.doPrivileged( .privilegedGetProperty("sun.security.krb5.debug");
new sun.security.action.GetBooleanAction("sun.security.krb5.debug"));
public static final sun.security.util.HexDumpEncoder hexDumper = public static final sun.security.util.HexDumpEncoder hexDumper =
new sun.security.util.HexDumpEncoder(); new sun.security.util.HexDumpEncoder();

8
src/java.security.jgss/share/classes/sun/security/krb5/internal/ReplayCache.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -30,8 +30,6 @@ import sun.security.krb5.internal.rcache.AuthTimeWithHash;
import sun.security.krb5.internal.rcache.MemoryCache; import sun.security.krb5.internal.rcache.MemoryCache;
import sun.security.krb5.internal.rcache.DflCache; import sun.security.krb5.internal.rcache.DflCache;
import java.security.AccessController;
/** /**
* Models the replay cache of an acceptor as described in * Models the replay cache of an acceptor as described in
* RFC 4120 3.2.3. * RFC 4120 3.2.3.
@ -56,8 +54,8 @@ public abstract class ReplayCache {
} }
} }
public static ReplayCache getInstance() { public static ReplayCache getInstance() {
String type = AccessController.doPrivileged( String type = GetPropertyAction
new GetPropertyAction("sun.security.krb5.rcache")); .privilegedGetProperty("sun.security.krb5.rcache");
return getInstance(type); return getInstance(type);
} }

19
src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -33,6 +33,7 @@
*/ */
package sun.security.krb5.internal.ccache; package sun.security.krb5.internal.ccache;
import sun.security.action.GetPropertyAction;
import sun.security.krb5.*; import sun.security.krb5.*;
import sun.security.krb5.internal.*; import sun.security.krb5.internal.*;
import java.util.StringTokenizer; import java.util.StringTokenizer;
@ -381,9 +382,7 @@ public class FileCredentialsCache extends CredentialsCache
} }
// get cache name from system.property // get cache name from system.property
String osname = String osname = GetPropertyAction.privilegedGetProperty("os.name");
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("os.name"));
/* /*
* For Unix platforms we use the default cache name to be * For Unix platforms we use the default cache name to be
@ -417,18 +416,12 @@ public class FileCredentialsCache extends CredentialsCache
// we did not get the uid; // we did not get the uid;
String user_name = String user_name = GetPropertyAction.privilegedGetProperty("user.name");
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("user.name"));
String user_home = String user_home = GetPropertyAction.privilegedGetProperty("user.home");
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("user.home"));
if (user_home == null) { if (user_home == null) {
user_home = user_home = GetPropertyAction.privilegedGetProperty("user.dir");
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("user.dir"));
} }
if (user_name != null) { if (user_name != null) {

5
src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/Des.java
View file

@ -53,9 +53,8 @@ public final class Des {
// string-to-key encoding. When set, the specified charset // string-to-key encoding. When set, the specified charset
// name is used. Otherwise, the system default charset. // name is used. Otherwise, the system default charset.
private final static String CHARSET = private final static String CHARSET = GetPropertyAction
java.security.AccessController.doPrivileged( .privilegedGetProperty("sun.security.krb5.msinterop.des.s2kcharset");
new GetPropertyAction("sun.security.krb5.msinterop.des.s2kcharset"));
private static final long[] bad_keys = { private static final long[] bad_keys = {
0x0101010101010101L, 0xfefefefefefefefeL, 0x0101010101010101L, 0xfefefefefefefefeL,

13
src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTab.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,7 @@
package sun.security.krb5.internal.ktab; package sun.security.krb5.internal.ktab;
import sun.security.action.GetPropertyAction;
import sun.security.krb5.*; import sun.security.krb5.*;
import sun.security.krb5.internal.*; import sun.security.krb5.internal.*;
import sun.security.krb5.internal.crypto.*; import sun.security.krb5.internal.crypto.*;
@ -203,14 +204,12 @@ public class KeyTab implements KeyTabConstants {
} }
if (kname == null) { if (kname == null) {
String user_home = String user_home = GetPropertyAction
java.security.AccessController.doPrivileged( .privilegedGetProperty("user.home");
new sun.security.action.GetPropertyAction("user.home"));
if (user_home == null) { if (user_home == null) {
user_home = user_home = GetPropertyAction
java.security.AccessController.doPrivileged( .privilegedGetProperty("user.dir");
new sun.security.action.GetPropertyAction("user.dir"));
} }
kname = user_home + File.separator + "krb5.keytab"; kname = user_home + File.separator + "krb5.keytab";

7
src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/AuthTimeWithHash.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -25,7 +25,7 @@
package sun.security.krb5.internal.rcache; package sun.security.krb5.internal.rcache;
import sun.security.action.GetPropertyAction; import sun.security.action.GetBooleanAction;
import java.util.Objects; import java.util.Objects;
@ -40,8 +40,7 @@ public class AuthTimeWithHash extends AuthTime
public static final String DEFAULT_HASH_ALG; public static final String DEFAULT_HASH_ALG;
static { static {
if (GetPropertyAction.privilegedGetProperty( if (GetBooleanAction.privilegedGetProperty("jdk.krb5.rcache.useMD5")) {
"jdk.krb5.rcache.useMD5", "false").equals("true")) {
DEFAULT_HASH_ALG = "HASH"; DEFAULT_HASH_ALG = "HASH";
} else { } else {
DEFAULT_HASH_ALG = "SHA256"; DEFAULT_HASH_ALG = "SHA256";

6
src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/DflCache.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -36,7 +36,6 @@ import java.nio.file.Path;
import java.nio.file.StandardCopyOption; import java.nio.file.StandardCopyOption;
import java.nio.file.StandardOpenOption; import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.PosixFilePermission; import java.nio.file.attribute.PosixFilePermission;
import java.security.AccessController;
import java.util.*; import java.util.*;
import sun.security.action.GetPropertyAction; import sun.security.action.GetPropertyAction;
@ -117,8 +116,7 @@ public class DflCache extends ReplayCache {
} }
private static String defaultPath() { private static String defaultPath() {
return AccessController.doPrivileged( return GetPropertyAction.privilegedGetProperty("java.io.tmpdir");
new GetPropertyAction("java.io.tmpdir"));
} }
private static String defaultFile(String server) { private static String defaultFile(String server) {

4
src/java.security.jgss/share/classes/sun/security/krb5/internal/util/KerberosString.java
View file

@ -55,8 +55,8 @@ public final class KerberosString {
public static final boolean MSNAME; public static final boolean MSNAME;
static { static {
String prop = GetPropertyAction.privilegedGetProperty( String prop = GetPropertyAction
"sun.security.krb5.msinterop.kstring", "true"); .privilegedGetProperty("sun.security.krb5.msinterop.kstring", "true");
MSNAME = Boolean.parseBoolean(prop); MSNAME = Boolean.parseBoolean(prop);
} }