archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 22:34:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8209416: Refactoring GetPropertyAction calls in security libs

Browse source 
Reviewed-by: xuelei, rriggs
This commit is contained in:
Weijun Wang 2018-08-14 22:39:34 +08:00
parent 815cdefb43
commit 33a96c6df9
29 changed files with 146 additions and 196 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/java.base/share/classes/com/sun/security/ntlm/NTLM.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,8 @@
package com.sun.security.ntlm;
import sun.security.action.GetBooleanAction;
import static com.sun.security.ntlm.Version.*;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
@ -55,10 +57,8 @@ class NTLM {
private final MessageDigest md4;
private final Mac hmac;
private final MessageDigest md5;
private static final boolean DEBUG =
java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction("ntlm.debug"))
.booleanValue();
private static final boolean DEBUG
= GetBooleanAction.privilegedGetProperty("ntlm.debug");
final Version v;

25
src/java.base/share/classes/sun/security/action/GetBooleanAction.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,8 @@
package sun.security.action;
import java.security.AccessController;
/**
* A convenience class for retrieving the boolean value of a system property
* as a privileged action.
@ -69,4 +71,25 @@ public class GetBooleanAction
public Boolean run() {
return Boolean.getBoolean(theProp);
}
/**
* Convenience method to get a property without going through doPrivileged
* if no security manager is present. This is unsafe for inclusion in a
* public API but allowable here since this class is now encapsulated.
*
* Note that this method performs a privileged action using caller-provided
* inputs. The caller of this method should take care to ensure that the
* inputs are not tainted and the returned property is not made accessible
* to untrusted code if it contains sensitive information.
*
* @param theProp the name of the system property.
*/
public static boolean privilegedGetProperty(String theProp) {
if (System.getSecurityManager() == null) {
return Boolean.getBoolean(theProp);
} else {
return AccessController.doPrivileged(
new GetBooleanAction(theProp));
}
}
}

24
src/java.base/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,9 +25,9 @@
package sun.security.internal.spec;
import sun.security.action.GetBooleanAction;
import java.security.spec.AlgorithmParameterSpec;
import java.security.AccessController;
import java.security.PrivilegedAction;
/**
* Parameters for SSL/TLS RSA premaster secret.
@ -51,25 +51,11 @@ public class TlsRsaPremasterSecretParameterSpec
* requested in its client hello version). However, we (and other
* implementations) used to send the active negotiated version. The
* system property below allows to toggle the behavior.
*/
private static final String PROP_NAME =
"com.sun.net.ssl.rsaPreMasterSecretFix";
/*
* Default is "false" (old behavior) for compatibility reasons in
* SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property.
*/
private static final boolean rsaPreMasterSecretFix =
AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
public Boolean run() {
String value = System.getProperty(PROP_NAME);
if (value != null && value.equalsIgnoreCase("true")) {
return Boolean.TRUE;
}
return Boolean.FALSE;
}
});
private static final boolean rsaPreMasterSecretFix = GetBooleanAction
.privilegedGetProperty("com.sun.net.ssl.rsaPreMasterSecretFix");
private final int clientVersion;
private final int serverVersion;

6
src/java.base/share/classes/sun/security/provider/certpath/Builder.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -63,8 +63,8 @@ public abstract class Builder {
* Authority Information Access extension shall be enabled. Currently
* disabled by default for compatibility reasons.
*/
static final boolean USE_AIA = AccessController.doPrivileged
(new GetBooleanAction("com.sun.security.enableAIAcaIssuers"));
static final boolean USE_AIA = GetBooleanAction
.privilegedGetProperty("com.sun.security.enableAIAcaIssuers");
/**
* Initialize the builder with the input parameters.

14
src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java
View file

@ -31,6 +31,8 @@ import java.util.Enumeration;
import java.util.Locale;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import sun.security.action.GetPropertyAction;
import sun.security.util.Cache;
@ -196,15 +198,9 @@ final class SSLSessionContextImpl implements SSLSessionContext {
private static int getDefaultCacheLimit() {
int defaultCacheLimit = 0;
try {
String s = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<String>() {
@Override
public String run() {
return System.getProperty(
"javax.net.ssl.sessionCacheSize");
}
});
defaultCacheLimit = (s != null) ? Integer.parseInt(s) : 0;
String s = GetPropertyAction
.privilegedGetProperty("javax.net.ssl.sessionCacheSize");
defaultCacheLimit = (s != null) ? Integer.parseInt(s) : 0;
} catch (Exception e) {
// swallow the exception
}

8
src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java
View file

@ -96,10 +96,10 @@ final class StatusResponseManager {
}
defaultResponder = tmpURI;
respOverride = AccessController.doPrivileged(
new GetBooleanAction("jdk.tls.stapling.responderOverride"));
ignoreExtensions = AccessController.doPrivileged(
new GetBooleanAction("jdk.tls.stapling.ignoreExtensions"));
respOverride = GetBooleanAction
.privilegedGetProperty("jdk.tls.stapling.responderOverride");
ignoreExtensions = GetBooleanAction
.privilegedGetProperty("jdk.tls.stapling.ignoreExtensions");
threadMgr = new ScheduledThreadPoolExecutor(DEFAULT_CORE_THREADS,
new ThreadFactory() {

4
src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
View file

@ -482,8 +482,8 @@ final class SupportedGroupsExtension {
//
// If the System Property is not defined or the value is empty, the
// default groups and preferences will be used.
String property = AccessController.doPrivileged(
new GetPropertyAction("jdk.tls.namedGroups"));
String property = GetPropertyAction
.privilegedGetProperty("jdk.tls.namedGroups");
if (property != null && property.length() != 0) {
// remove double quote marks from beginning/end of the property
if (property.length() > 1 && property.charAt(0) == '"' &&

7
src/java.base/share/classes/sun/security/validator/PKIXValidator.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -57,9 +57,8 @@ public final class PKIXValidator extends Validator {
* manager. Typically, this will only work if the PKIX implementation
* supports CRL distribution points as we do not manually setup CertStores.
*/
private static final boolean checkTLSRevocation =
AccessController.doPrivileged
(new GetBooleanAction("com.sun.net.ssl.checkRevocation"));
private static final boolean checkTLSRevocation = GetBooleanAction
.privilegedGetProperty("com.sun.net.ssl.checkRevocation");
private final Set<X509Certificate> trustedCerts;
private final PKIXBuilderParameters parameterTemplate;

7
src/java.base/share/classes/sun/security/x509/AVA.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -64,9 +64,8 @@ public class AVA implements DerEncoder {
// See CR 6391482: if enabled this flag preserves the old but incorrect
// PrintableString encoding for DomainComponent. It may need to be set to
// avoid breaking preexisting certificates generated with sun.security APIs.
private static final boolean PRESERVE_OLD_DC_ENCODING =
AccessController.doPrivileged(new GetBooleanAction
("com.sun.security.preserveOldDCEncoding"));
private static final boolean PRESERVE_OLD_DC_ENCODING = GetBooleanAction
.privilegedGetProperty("com.sun.security.preserveOldDCEncoding");
/**
* DEFAULT format allows both RFC1779 and RFC2253 syntax and

17
src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -34,6 +34,8 @@ import org.ietf.jgss.Oid;
import sun.net.www.protocol.http.HttpCallerInfo;
import sun.net.www.protocol.http.Negotiator;
import sun.security.action.GetBooleanAction;
import sun.security.action.GetPropertyAction;
import sun.security.jgss.GSSManagerImpl;
import sun.security.jgss.GSSContextImpl;
import sun.security.jgss.GSSUtil;
@ -50,8 +52,7 @@ import sun.security.jgss.HttpCaller;
public class NegotiatorImpl extends Negotiator {
private static final boolean DEBUG =
java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction("sun.security.krb5.debug"));
GetBooleanAction.privilegedGetProperty("sun.security.krb5.debug");
private GSSContext context;
private byte[] oneToken;
@ -71,14 +72,8 @@ public class NegotiatorImpl extends Negotiator {
// we can only use Kerberos mech when the scheme is kerberos
oid = GSSUtil.GSS_KRB5_MECH_OID;
} else {
String pref = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<String>() {
public String run() {
return System.getProperty(
"http.auth.preference",
"spnego");
}
});
String pref = GetPropertyAction
.privilegedGetProperty("http.auth.preference", "spnego");
if (pref.equalsIgnoreCase("kerberos")) {
oid = GSSUtil.GSS_KRB5_MECH_OID;
} else {

19
src/java.security.jgss/share/classes/sun/security/jgss/GSSManagerImpl.java
View file

@ -26,10 +26,9 @@
package sun.security.jgss;
import org.ietf.jgss.*;
import sun.security.action.GetBooleanAction;
import sun.security.jgss.spi.*;
import java.security.Provider;
import java.security.AccessController;
import java.security.PrivilegedAction;
/**
* This class provides the default implementation of the GSSManager
@ -38,20 +37,8 @@ import java.security.PrivilegedAction;
public class GSSManagerImpl extends GSSManager {
// Undocumented property
private static final String USE_NATIVE_PROP =
"sun.security.jgss.native";
private static final Boolean USE_NATIVE;
static {
USE_NATIVE =
AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
public Boolean run() {
return Boolean.valueOf(System.getProperty
(USE_NATIVE_PROP));
}
});
}
private static final Boolean USE_NATIVE = GetBooleanAction
.privilegedGetProperty("sun.security.jgss.native");
private ProviderList list;

26
src/java.security.jgss/share/classes/sun/security/jgss/GSSUtil.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -68,15 +68,8 @@ public class GSSUtil {
public static final Oid NT_GSS_KRB5_PRINCIPAL =
GSSUtil.createOid("1.2.840.113554.1.2.2.1");
private static final String DEFAULT_HANDLER =
"auth.login.defaultCallbackHandler";
static final boolean DEBUG;
static {
DEBUG = (AccessController.doPrivileged
(new GetBooleanAction("sun.security.jgss.debug"))).
booleanValue();
}
static final boolean DEBUG =
GetBooleanAction.privilegedGetProperty("sun.security.jgss.debug");
static void debug(String message) {
if (DEBUG) {
@ -240,8 +233,8 @@ public class GSSUtil {
cb = new sun.net.www.protocol.http.spnego.NegotiateCallbackHandler(
((HttpCaller)caller).info());
} else {
String defaultHandler =
java.security.Security.getProperty(DEFAULT_HANDLER);
String defaultHandler = java.security.Security
.getProperty("auth.login.defaultCallbackHandler");
// get the default callback handler
if ((defaultHandler != null) && (defaultHandler.length() != 0)) {
cb = null;
@ -270,8 +263,8 @@ public class GSSUtil {
*/
public static boolean useSubjectCredsOnly(GSSCaller caller) {
String propValue = GetPropertyAction.privilegedGetProperty(
"javax.security.auth.useSubjectCredsOnly");
String propValue = GetPropertyAction
.privilegedGetProperty("javax.security.auth.useSubjectCredsOnly");
// Invalid values should be ignored and the default assumed.
if (caller instanceof HttpCaller) {
@ -295,9 +288,8 @@ public class GSSUtil {
* Don't use GetBooleanAction because the default value in the JRE
* (when this is unset) has to treated as true.
*/
String propValue = AccessController.doPrivileged(
new GetPropertyAction("sun.security.spnego.msinterop",
"true"));
String propValue = GetPropertyAction
.privilegedGetProperty("sun.security.spnego.msinterop", "true");
/*
* This property has to be explicitly set to "false". Invalid
* values should be ignored and the default "true" assumed.

11
src/java.security.jgss/share/classes/sun/security/jgss/ProviderList.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,7 +27,6 @@ package sun.security.jgss;
import java.lang.reflect.InvocationTargetException;
import org.ietf.jgss.*;
import java.security.AccessController;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
@ -93,10 +92,6 @@ public final class ProviderList {
private static final String SPI_MECH_FACTORY_TYPE
= "sun.security.jgss.spi.MechanismFactory";
// Undocumented property?
private static final String DEFAULT_MECH_PROP =
"sun.security.jgss.mechanism";
public static final Oid DEFAULT_MECH_OID;
static {
@ -106,8 +101,8 @@ public final class ProviderList {
* with a valid OID value
*/
Oid defOid = null;
String defaultOidStr = AccessController.doPrivileged
(new GetPropertyAction(DEFAULT_MECH_PROP));
String defaultOidStr = GetPropertyAction
.privilegedGetProperty("sun.security.jgss.mechanism");
if (defaultOidStr != null) {
defOid = GSSUtil.createOid(defaultOidStr);
}

7
src/java.security.jgss/share/classes/sun/security/jgss/krb5/AcceptSecContextToken.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,6 @@ package sun.security.jgss.krb5;
import org.ietf.jgss.*;
import java.io.InputStream;
import java.io.IOException;
import java.security.AccessController;
import sun.security.action.GetBooleanAction;
import sun.security.krb5.*;
@ -45,8 +44,8 @@ class AcceptSecContextToken extends InitialToken {
KrbApReq apReq)
throws KrbException, IOException, GSSException {
boolean useSubkey = AccessController.doPrivileged(
new GetBooleanAction("sun.security.krb5.acceptor.subkey"));
boolean useSubkey = GetBooleanAction
.privilegedGetProperty("sun.security.krb5.acceptor.subkey");
boolean useSequenceNumber = true;

15
src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,12 +26,13 @@
package sun.security.jgss.krb5;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KeyTab;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import java.security.AccessControlContext;
import sun.security.action.GetBooleanAction;
import sun.security.jgss.GSSUtil;
import sun.security.jgss.GSSCaller;
@ -39,20 +40,16 @@ import sun.security.krb5.Credentials;
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.KrbException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import sun.security.krb5.KerberosSecrets;
import sun.security.krb5.PrincipalName;
/**
* Utilities for obtaining and converting Kerberos tickets.
*
*/
public class Krb5Util {
static final boolean DEBUG =
java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction
("sun.security.krb5.debug")).booleanValue();
static final boolean DEBUG = GetBooleanAction
.privilegedGetProperty("sun.security.krb5.debug");
/**
* Default constructor

9
src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoContext.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,6 +28,7 @@ package sun.security.jgss.spnego;
import java.io.*;
import java.security.Provider;
import org.ietf.jgss.*;
import sun.security.action.GetBooleanAction;
import sun.security.jgss.*;
import sun.security.jgss.spi.*;
import sun.security.util.*;
@ -81,10 +82,8 @@ public class SpNegoContext implements GSSContextSpi {
final private SpNegoMechFactory factory;
// debug property
static final boolean DEBUG =
java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction
("sun.security.spnego.debug")).booleanValue();
static final boolean DEBUG = GetBooleanAction
.privilegedGetProperty("sun.security.spnego.debug");
/**
* Constructor for SpNegoContext to be called on the context initiator's

9
src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
View file

@ -51,8 +51,6 @@ public final class SunNativeProvider extends Provider {
private static final String INFO = "Sun Native GSS provider";
private static final String MF_CLASS =
"sun.security.jgss.wrapper.NativeGSSFactory";
private static final String LIB_PROP = "sun.security.jgss.lib";
private static final String DEBUG_PROP = "sun.security.nativegss.debug";
private static final HashMap<String, String> MECH_MAP;
static final Provider INSTANCE;
static boolean DEBUG;
@ -70,8 +68,8 @@ public final class SunNativeProvider extends Provider {
AccessController.doPrivileged(
new PrivilegedAction<HashMap<String, String>>() {
public HashMap<String, String> run() {
DEBUG = Boolean.parseBoolean
(System.getProperty(DEBUG_PROP));
DEBUG = Boolean.parseBoolean(
System.getProperty("sun.security.nativegss.debug"));
try {
System.loadLibrary("j2gss");
} catch (Error err) {
@ -80,7 +78,8 @@ public final class SunNativeProvider extends Provider {
return null;
}
String[] gssLibs = new String[0];
String defaultLib = System.getProperty(LIB_PROP);
String defaultLib
= System.getProperty("sun.security.jgss.lib");
if (defaultLib == null || defaultLib.trim().equals("")) {
String osname = System.getProperty("os.name");
if (osname.startsWith("SunOS")) {

29
src/java.security.jgss/share/classes/sun/security/krb5/Config.java
View file

@ -45,6 +45,7 @@ import java.util.regex.Matcher;
import java.util.regex.Pattern;
import sun.net.dns.ResolverConfiguration;
import sun.security.action.GetPropertyAction;
import sun.security.krb5.internal.crypto.EType;
import sun.security.krb5.internal.Krb5;
@ -122,12 +123,12 @@ public class Config {
private static boolean isMacosLionOrBetter() {
// split the "10.x.y" version number
String osname = getProperty("os.name");
String osname = GetPropertyAction.privilegedGetProperty("os.name");
if (!osname.contains("OS X")) {
return false;
}
String osVersion = getProperty("os.version");
String osVersion = GetPropertyAction.privilegedGetProperty("os.version");
String[] fragments = osVersion.split("\\.");
// sanity check the "10." part of the version
@ -152,14 +153,16 @@ public class Config {
/*
* If either one system property is specified, we throw exception.
*/
String tmp = getProperty("java.security.krb5.kdc");
String tmp = GetPropertyAction
.privilegedGetProperty("java.security.krb5.kdc");
if (tmp != null) {
// The user can specify a list of kdc hosts separated by ":"
defaultKDC = tmp.replace(':', ' ');
} else {
defaultKDC = null;
}
defaultRealm = getProperty("java.security.krb5.realm");
defaultRealm = GetPropertyAction
.privilegedGetProperty("java.security.krb5.realm");
if ((defaultKDC == null && defaultRealm != null) ||
(defaultRealm == null && defaultKDC != null)) {
throw new KrbException
@ -818,11 +821,12 @@ public class Config {
* The method returns null if it cannot find a Java config file.
*/
private String getJavaFileName() {
String name = getProperty("java.security.krb5.conf");
String name = GetPropertyAction
.privilegedGetProperty("java.security.krb5.conf");
if (name == null) {
name = getProperty("java.home") + File.separator +
"conf" + File.separator + "security" +
File.separator + "krb5.conf";
name = GetPropertyAction.privilegedGetProperty("java.home")
+ File.separator + "conf" + File.separator + "security"
+ File.separator + "krb5.conf";
if (!fileExists(name)) {
name = null;
}
@ -852,7 +856,7 @@ public class Config {
*/
private String getNativeFileName() {
String name = null;
String osname = getProperty("os.name");
String osname = GetPropertyAction.privilegedGetProperty("os.name");
if (osname.startsWith("Windows")) {
try {
Credentials.ensureLoaded();
@ -899,13 +903,8 @@ public class Config {
return name;
}
private static String getProperty(String property) {
return java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction(property));
}
private String findMacosConfigFile() {
String userHome = getProperty("user.home");
String userHome = GetPropertyAction.privilegedGetProperty("user.home");
final String PREF_FILE = "/Library/Preferences/edu.mit.Kerberos";
String userPrefs = userHome + PREF_FILE;

6
src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,7 @@
package sun.security.krb5;
import sun.security.action.GetPropertyAction;
import sun.security.krb5.internal.*;
import sun.security.krb5.internal.ccache.CredentialsCache;
import sun.security.krb5.internal.crypto.EType;
@ -288,8 +289,7 @@ public class Credentials {
if (ticketCache == null) {
// The default ticket cache on Windows and Mac is not a file.
String os = java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("os.name"));
String os = GetPropertyAction.privilegedGetProperty("os.name");
if (os.toUpperCase(Locale.ENGLISH).startsWith("WINDOWS") ||
os.toUpperCase(Locale.ENGLISH).contains("OS X")) {
Credentials creds = acquireDefaultCreds();

8
src/java.security.jgss/share/classes/sun/security/krb5/KdcComm.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -74,8 +74,6 @@ public final class KdcComm {
private static final boolean DEBUG = Krb5.DEBUG;
private static final String BAD_POLICY_KEY = "krb5.kdc.bad.policy";
/**
* What to do when a KDC is unavailable, specified in the
* java.security file with key krb5.kdc.bad.policy.
@ -100,7 +98,7 @@ public final class KdcComm {
String value = AccessController.doPrivileged(
new PrivilegedAction<String>() {
public String run() {
return Security.getProperty(BAD_POLICY_KEY);
return Security.getProperty("krb5.kdc.bad.policy");
}
});
if (value != null) {
@ -120,7 +118,7 @@ public final class KdcComm {
// Ignored. Please note that tryLess is recognized and
// used, parameters using default values
if (DEBUG) {
System.out.println("Invalid " + BAD_POLICY_KEY +
System.out.println("Invalid krb5.kdc.bad.policy" +
" parameter for tryLess: " +
value + ", use default");
}

9
src/java.security.jgss/share/classes/sun/security/krb5/Realm.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,7 @@
package sun.security.krb5;
import sun.security.action.GetBooleanAction;
import sun.security.krb5.internal.Krb5;
import sun.security.util.*;
import java.io.IOException;
@ -47,10 +48,8 @@ import sun.security.krb5.internal.util.KerberosString;
*/
public class Realm implements Cloneable {
public static final boolean AUTODEDUCEREALM =
java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction(
"sun.security.krb5.autodeducerealm"));
public static final boolean AUTODEDUCEREALM = GetBooleanAction
.privilegedGetProperty("sun.security.krb5.autodeducerealm");
private final String realm; // not null nor empty

10
src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,8 @@
package sun.security.krb5.internal;
import sun.security.action.GetBooleanAction;
import java.util.Hashtable;
// Constants and other defined values from RFC 4120
@ -303,9 +305,9 @@ public class Krb5 {
}
public static final boolean DEBUG =
java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction("sun.security.krb5.debug"));
public static final boolean DEBUG = GetBooleanAction
.privilegedGetProperty("sun.security.krb5.debug");
public static final sun.security.util.HexDumpEncoder hexDumper =
new sun.security.util.HexDumpEncoder();

8
src/java.security.jgss/share/classes/sun/security/krb5/internal/ReplayCache.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,8 +30,6 @@ import sun.security.krb5.internal.rcache.AuthTimeWithHash;
import sun.security.krb5.internal.rcache.MemoryCache;
import sun.security.krb5.internal.rcache.DflCache;
import java.security.AccessController;
/**
* Models the replay cache of an acceptor as described in
* RFC 4120 3.2.3.
@ -56,8 +54,8 @@ public abstract class ReplayCache {
}
}
public static ReplayCache getInstance() {
String type = AccessController.doPrivileged(
new GetPropertyAction("sun.security.krb5.rcache"));
String type = GetPropertyAction
.privilegedGetProperty("sun.security.krb5.rcache");
return getInstance(type);
}

19
src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -33,6 +33,7 @@
*/
package sun.security.krb5.internal.ccache;
import sun.security.action.GetPropertyAction;
import sun.security.krb5.*;
import sun.security.krb5.internal.*;
import java.util.StringTokenizer;
@ -381,9 +382,7 @@ public class FileCredentialsCache extends CredentialsCache
}
// get cache name from system.property
String osname =
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("os.name"));
String osname = GetPropertyAction.privilegedGetProperty("os.name");
/*
* For Unix platforms we use the default cache name to be
@ -417,18 +416,12 @@ public class FileCredentialsCache extends CredentialsCache
// we did not get the uid;
String user_name =
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("user.name"));
String user_name = GetPropertyAction.privilegedGetProperty("user.name");
String user_home =
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("user.home"));
String user_home = GetPropertyAction.privilegedGetProperty("user.home");
if (user_home == null) {
user_home =
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("user.dir"));
user_home = GetPropertyAction.privilegedGetProperty("user.dir");
}
if (user_name != null) {

5
src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/Des.java
View file

@ -53,9 +53,8 @@ public final class Des {
// string-to-key encoding. When set, the specified charset
// name is used. Otherwise, the system default charset.
private final static String CHARSET =
java.security.AccessController.doPrivileged(
new GetPropertyAction("sun.security.krb5.msinterop.des.s2kcharset"));
private final static String CHARSET = GetPropertyAction
.privilegedGetProperty("sun.security.krb5.msinterop.des.s2kcharset");
private static final long[] bad_keys = {
0x0101010101010101L, 0xfefefefefefefefeL,

13
src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTab.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,7 @@
package sun.security.krb5.internal.ktab;
import sun.security.action.GetPropertyAction;
import sun.security.krb5.*;
import sun.security.krb5.internal.*;
import sun.security.krb5.internal.crypto.*;
@ -203,14 +204,12 @@ public class KeyTab implements KeyTabConstants {
}
if (kname == null) {
String user_home =
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("user.home"));
String user_home = GetPropertyAction
.privilegedGetProperty("user.home");
if (user_home == null) {
user_home =
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("user.dir"));
user_home = GetPropertyAction
.privilegedGetProperty("user.dir");
}
kname = user_home + File.separator + "krb5.keytab";

7
src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/AuthTimeWithHash.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,7 +25,7 @@
package sun.security.krb5.internal.rcache;
import sun.security.action.GetPropertyAction;
import sun.security.action.GetBooleanAction;
import java.util.Objects;
@ -40,8 +40,7 @@ public class AuthTimeWithHash extends AuthTime
public static final String DEFAULT_HASH_ALG;
static {
if (GetPropertyAction.privilegedGetProperty(
"jdk.krb5.rcache.useMD5", "false").equals("true")) {
if (GetBooleanAction.privilegedGetProperty("jdk.krb5.rcache.useMD5")) {
DEFAULT_HASH_ALG = "HASH";
} else {
DEFAULT_HASH_ALG = "SHA256";

6
src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/DflCache.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -36,7 +36,6 @@ import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.PosixFilePermission;
import java.security.AccessController;
import java.util.*;
import sun.security.action.GetPropertyAction;
@ -117,8 +116,7 @@ public class DflCache extends ReplayCache {
}
private static String defaultPath() {
return AccessController.doPrivileged(
new GetPropertyAction("java.io.tmpdir"));
return GetPropertyAction.privilegedGetProperty("java.io.tmpdir");
}
private static String defaultFile(String server) {

4
src/java.security.jgss/share/classes/sun/security/krb5/internal/util/KerberosString.java
View file

@ -55,8 +55,8 @@ public final class KerberosString {
public static final boolean MSNAME;
static {
String prop = GetPropertyAction.privilegedGetProperty(
"sun.security.krb5.msinterop.kstring", "true");
String prop = GetPropertyAction
.privilegedGetProperty("sun.security.krb5.msinterop.kstring", "true");
MSNAME = Boolean.parseBoolean(prop);
}