8242565: Policy initialization issues when the denyAfter constraint is enabled

Reviewed-by: weijun

src/java.base/share/classes/sun/security/jca/Providers.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -87,6 +87,7 @@ public class Providers {
         // Note: when SunEC is in a signed JAR file, it's not signed
         // by EC algorithms. So it's still safe to be listed here.
         "SunEC",
+        "SunJCE",
     };
 
     // Return Sun provider.

src/java.base/share/classes/sun/security/tools/KeyStoreUtil.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,6 +48,7 @@ import java.util.Arrays;
 import java.util.List;
 import java.util.Locale;
 import java.util.Properties;
+import java.util.ResourceBundle;
 import java.util.ServiceLoader;
 
 import sun.security.util.PropertyExpander;
@@ -63,12 +64,6 @@ public class KeyStoreUtil {
         // this class is not meant to be instantiated
     }
 
-    private static final Collator collator = Collator.getInstance();
-    static {
-        // this is for case insensitive string comparisons
-        collator.setStrength(Collator.PRIMARY);
-    };
-
     /**
      * Returns true if the certificate is self-signed, false otherwise.
      */
@@ -133,7 +128,8 @@ public class KeyStoreUtil {
     }
 
     public static char[] getPassWithModifier(String modifier, String arg,
-                                             java.util.ResourceBundle rb) {
+                                             ResourceBundle rb,
+                                             Collator collator) {
         if (modifier == null) {
             return arg.toCharArray();
         } else if (collator.compare(modifier, "env") == 0) {

src/java.base/share/classes/sun/security/tools/keytool/Main.java

@@ -4802,7 +4802,8 @@ public final class Main {
     }
 
     private char[] getPass(String modifier, String arg) {
-        char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb);
+        char[] output =
+            KeyStoreUtil.getPassWithModifier(modifier, arg, rb, collator);
         if (output != null) return output;
         tinyHelp();
         return null;    // Useless, tinyHelp() already exits.

src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -556,7 +556,8 @@ public class Main {
     }
 
     static char[] getPass(String modifier, String arg) {
-        char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb);
+        char[] output =
+            KeyStoreUtil.getPassWithModifier(modifier, arg, rb, collator);
         if (output != null) return output;
         usage();
         return null;    // Useless, usage() already exit

test/jdk/java/security/Policy/SignedJar/SignedJarTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,7 +32,7 @@ import jdk.test.lib.process.ProcessTools;
 
 /**
  * @test
- * @bug 8048360
+ * @bug 8048360 8242565
  * @summary test policy entry with signedBy alias
  * @library /test/lib
  * @run main/othervm SignedJarTest
@@ -52,6 +52,7 @@ public class SignedJarTest {
     private static final String POLICY2 = "SignedJarTest_2.policy";
     private static final String KEYSTORE1 = "both.jks";
     private static final String KEYSTORE2 = "first.jks";
+    private static final String SECPROPS = TESTSRC + FS + "java.security";
 
     public static void main(String args[]) throws Throwable {
         //copy PrivilegeTest.class, policy files and keystore password file into current direcotry
@@ -149,6 +150,7 @@ public class SignedJarTest {
             "-classpath", classpath,
             "-Djava.security.manager",
             "-Djava.security.policy=" + policy,
+            "-Djava.security.properties=" + SECPROPS,
             "PrivilegeTest",
             arg1, arg2};
         return cmd;

test/jdk/java/security/Policy/SignedJar/java.security

@@ -0,0 +1,3 @@
+jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
+      DSA keySize < 1024, include jdk.disabled.namedCurves, \
+      SHA1 jdkCA & denyAfter 2019-01-01