archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 22:34:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8242565: Policy initialization issues when the denyAfter constraint is enabled

Browse source 
Reviewed-by: weijun
This commit is contained in:
Sean Mullan 2020-04-16 09:48:32 -04:00
parent 3cc1fdf2b6
commit 3efd000036
6 changed files with 18 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/java.base/share/classes/sun/security/jca/Providers.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -87,6 +87,7 @@ public class Providers {
// Note: when SunEC is in a signed JAR file, it's not signed // Note: when SunEC is in a signed JAR file, it's not signed
// by EC algorithms. So it's still safe to be listed here. // by EC algorithms. So it's still safe to be listed here.
"SunEC", "SunEC",
"SunJCE",
}; };
// Return Sun provider. // Return Sun provider.

12
src/java.base/share/classes/sun/security/tools/KeyStoreUtil.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -48,6 +48,7 @@ import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.Locale; import java.util.Locale;
import java.util.Properties; import java.util.Properties;
import java.util.ResourceBundle;
import java.util.ServiceLoader; import java.util.ServiceLoader;
import sun.security.util.PropertyExpander; import sun.security.util.PropertyExpander;
@ -63,12 +64,6 @@ public class KeyStoreUtil {
// this class is not meant to be instantiated // this class is not meant to be instantiated
} }
private static final Collator collator = Collator.getInstance();
static {
// this is for case insensitive string comparisons
collator.setStrength(Collator.PRIMARY);
};
/** /**
* Returns true if the certificate is self-signed, false otherwise. * Returns true if the certificate is self-signed, false otherwise.
*/ */
@ -133,7 +128,8 @@ public class KeyStoreUtil {
} }
public static char[] getPassWithModifier(String modifier, String arg, public static char[] getPassWithModifier(String modifier, String arg,
java.util.ResourceBundle rb) { ResourceBundle rb,
Collator collator) {
if (modifier == null) { if (modifier == null) {
return arg.toCharArray(); return arg.toCharArray();
} else if (collator.compare(modifier, "env") == 0) { } else if (collator.compare(modifier, "env") == 0) {

3
src/java.base/share/classes/sun/security/tools/keytool/Main.java
View file

@ -4802,7 +4802,8 @@ public final class Main {
} }
private char[] getPass(String modifier, String arg) { private char[] getPass(String modifier, String arg) {
char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb); char[] output =
KeyStoreUtil.getPassWithModifier(modifier, arg, rb, collator);
if (output != null) return output; if (output != null) return output;
tinyHelp(); tinyHelp();
return null; // Useless, tinyHelp() already exits. return null; // Useless, tinyHelp() already exits.

5
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -556,7 +556,8 @@ public class Main {
} }
static char[] getPass(String modifier, String arg) { static char[] getPass(String modifier, String arg) {
char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb); char[] output =
KeyStoreUtil.getPassWithModifier(modifier, arg, rb, collator);
if (output != null) return output; if (output != null) return output;
usage(); usage();
return null; // Useless, usage() already exit return null; // Useless, usage() already exit

6
test/jdk/java/security/Policy/SignedJar/SignedJarTest.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -32,7 +32,7 @@ import jdk.test.lib.process.ProcessTools;
/** /**
* @test * @test
* @bug 8048360 * @bug 8048360 8242565
* @summary test policy entry with signedBy alias * @summary test policy entry with signedBy alias
* @library /test/lib * @library /test/lib
* @run main/othervm SignedJarTest * @run main/othervm SignedJarTest
@ -52,6 +52,7 @@ public class SignedJarTest {
private static final String POLICY2 = "SignedJarTest_2.policy"; private static final String POLICY2 = "SignedJarTest_2.policy";
private static final String KEYSTORE1 = "both.jks"; private static final String KEYSTORE1 = "both.jks";
private static final String KEYSTORE2 = "first.jks"; private static final String KEYSTORE2 = "first.jks";
private static final String SECPROPS = TESTSRC + FS + "java.security";
public static void main(String args[]) throws Throwable { public static void main(String args[]) throws Throwable {
//copy PrivilegeTest.class, policy files and keystore password file into current direcotry //copy PrivilegeTest.class, policy files and keystore password file into current direcotry
@ -149,6 +150,7 @@ public class SignedJarTest {
"-classpath", classpath, "-classpath", classpath,
"-Djava.security.manager", "-Djava.security.manager",
"-Djava.security.policy=" + policy, "-Djava.security.policy=" + policy,
"-Djava.security.properties=" + SECPROPS,
"PrivilegeTest", "PrivilegeTest",
arg1, arg2}; arg1, arg2};
return cmd; return cmd;

3
test/jdk/java/security/Policy/SignedJar/java.security Normal file
View file

@ -0,0 +1,3 @@
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, include jdk.disabled.namedCurves, \
SHA1 jdkCA & denyAfter 2019-01-01