mirror of
https://github.com/openjdk/jdk.git
synced 2025-09-19 18:44:38 +02:00
8267543: Post JEP 411 refactoring: security
Reviewed-by: mullan
This commit is contained in:
Weijun Wang
parent
476775808f
commit
40d23a0c0b
19 changed files with 80 additions and 79 deletions
|
|
@ -683,7 +683,6 @@ public final class JceKeyStore extends KeyStoreSpi {
|
|||
* @exception CertificateException if any of the certificates in the
|
||||
* keystore could not be loaded
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
public void engineLoad(InputStream stream, char[] password)
|
||||
throws IOException, NoSuchAlgorithmException, CertificateException
|
||||
{
|
||||
|
|
@ -838,7 +837,8 @@ public final class JceKeyStore extends KeyStoreSpi {
|
|||
ois = new ObjectInputStream(dis);
|
||||
final ObjectInputStream ois2 = ois;
|
||||
// Set a deserialization checker
|
||||
AccessController.doPrivileged(
|
||||
@SuppressWarnings("removal")
|
||||
var dummy = AccessController.doPrivileged(
|
||||
(PrivilegedAction<Void>)() -> {
|
||||
ois2.setObjectInputFilter(
|
||||
new DeserializationChecker(fullLength));
|
||||
|
|
|
|||
|
|
@ -987,10 +987,9 @@ public class KeyStore {
|
|||
* if no such property exists.
|
||||
* @see java.security.Security security properties
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
public static final String getDefaultType() {
|
||||
String kstype;
|
||||
kstype = AccessController.doPrivileged(new PrivilegedAction<>() {
|
||||
@SuppressWarnings("removal")
|
||||
String kstype = AccessController.doPrivileged(new PrivilegedAction<>() {
|
||||
public String run() {
|
||||
return Security.getProperty(KEYSTORE_TYPE);
|
||||
}
|
||||
|
|
@ -1957,7 +1956,6 @@ public class KeyStore {
|
|||
* of either PasswordProtection or CallbackHandlerProtection; or
|
||||
* if file does not exist or does not refer to a normal file
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
public static Builder newInstance(String type, Provider provider,
|
||||
File file, ProtectionParameter protection) {
|
||||
if ((type == null) || (file == null) || (protection == null)) {
|
||||
|
|
@ -1974,8 +1972,9 @@ public class KeyStore {
|
|||
("File does not exist or it does not refer " +
|
||||
"to a normal file: " + file);
|
||||
}
|
||||
return new FileBuilder(type, provider, file, protection,
|
||||
AccessController.getContext());
|
||||
@SuppressWarnings("removal")
|
||||
var acc = AccessController.getContext();
|
||||
return new FileBuilder(type, provider, file, protection, acc);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -51,7 +51,6 @@ import sun.security.jca.*;
|
|||
* @since 1.1
|
||||
*/
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
public final class Security {
|
||||
|
||||
/* Are we debugging? -- for developers */
|
||||
|
|
@ -72,7 +71,8 @@ public final class Security {
|
|||
// things in initialize that might require privs.
|
||||
// (the FileInputStream call and the File.exists call,
|
||||
// the securityPropFile call, etc)
|
||||
AccessController.doPrivileged(new PrivilegedAction<>() {
|
||||
@SuppressWarnings("removal")
|
||||
var dummy = AccessController.doPrivileged(new PrivilegedAction<>() {
|
||||
public Void run() {
|
||||
initialize();
|
||||
return null;
|
||||
|
|
@ -761,6 +761,7 @@ public final class Security {
|
|||
* @see java.security.SecurityPermission
|
||||
*/
|
||||
public static String getProperty(String key) {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new SecurityPermission("getProperty."+
|
||||
|
|
@ -828,6 +829,7 @@ public final class Security {
|
|||
}
|
||||
|
||||
private static void check(String directive) {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager security = System.getSecurityManager();
|
||||
if (security != null) {
|
||||
security.checkSecurityAccess(directive);
|
||||
|
|
@ -835,6 +837,7 @@ public final class Security {
|
|||
}
|
||||
|
||||
private static void checkInsertProvider(String name) {
|
||||
@SuppressWarnings("removal")
|
||||
SecurityManager security = System.getSecurityManager();
|
||||
if (security != null) {
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -83,7 +83,6 @@ final class ProviderVerifier {
|
|||
* In OpenJDK, we just need to examine the "cryptoperms" file to see
|
||||
* if any permissions were bundled together with this jar file.
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
void verify() throws IOException {
|
||||
|
||||
// Short-circuit. If we weren't asked to save any, we're done.
|
||||
|
|
@ -102,7 +101,8 @@ final class ProviderVerifier {
|
|||
|
||||
// Get a link to the Jarfile to search.
|
||||
try {
|
||||
jf = AccessController.doPrivileged(
|
||||
@SuppressWarnings("removal")
|
||||
var tmp = AccessController.doPrivileged(
|
||||
new PrivilegedExceptionAction<JarFile>() {
|
||||
public JarFile run() throws Exception {
|
||||
JarURLConnection conn =
|
||||
|
|
@ -113,6 +113,7 @@ final class ProviderVerifier {
|
|||
return conn.getJarFile();
|
||||
}
|
||||
});
|
||||
jf = tmp;
|
||||
} catch (java.security.PrivilegedActionException pae) {
|
||||
throw new SecurityException("Cannot load " + url.toString(),
|
||||
pae.getCause());
|
||||
|
|
|
|||
|
|
@ -160,7 +160,7 @@ final class ProviderConfig {
|
|||
/**
|
||||
* Get the provider object. Loads the provider if it is not already loaded.
|
||||
*/
|
||||
@SuppressWarnings({"removal","deprecation"})
|
||||
@SuppressWarnings("deprecation")
|
||||
Provider getProvider() {
|
||||
// volatile variable load
|
||||
Provider p = provider;
|
||||
|
|
@ -188,7 +188,8 @@ final class ProviderConfig {
|
|||
p = new sun.security.ssl.SunJSSE();
|
||||
} else if (provName.equals("Apple") || provName.equals("apple.security.AppleProvider")) {
|
||||
// need to use reflection since this class only exists on MacOsx
|
||||
p = AccessController.doPrivileged(new PrivilegedAction<Provider>() {
|
||||
@SuppressWarnings("removal")
|
||||
var tmp = AccessController.doPrivileged(new PrivilegedAction<Provider>() {
|
||||
public Provider run() {
|
||||
try {
|
||||
Class<?> c = Class.forName("apple.security.AppleProvider");
|
||||
|
|
@ -208,6 +209,7 @@ final class ProviderConfig {
|
|||
}
|
||||
}
|
||||
});
|
||||
p = tmp;
|
||||
} else {
|
||||
if (isLoading) {
|
||||
// because this method is synchronized, this can only
|
||||
|
|
|
|||
|
|
@ -43,7 +43,6 @@ import static sun.security.util.SecurityConstants.PROVIDER_VER;
|
|||
*
|
||||
* @author Andreas Sterbenz
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
public final class MD4 extends DigestBase {
|
||||
|
||||
// state of this object
|
||||
|
|
@ -71,7 +70,8 @@ public final class MD4 extends DigestBase {
|
|||
@java.io.Serial
|
||||
private static final long serialVersionUID = -8850464997518327965L;
|
||||
};
|
||||
AccessController.doPrivileged(new PrivilegedAction<Void>() {
|
||||
@SuppressWarnings("removal")
|
||||
var dummy = AccessController.doPrivileged(new PrivilegedAction<Void>() {
|
||||
public Void run() {
|
||||
md4Provider.put("MessageDigest.MD4", "sun.security.provider.MD4");
|
||||
return null;
|
||||
|
|
|
|||
|
|
@ -81,7 +81,6 @@ import static sun.security.util.SecurityProviderConstants.getAliases;
|
|||
* - JavaLoginConfig is the default file-based LoginModule Configuration type.
|
||||
*/
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
public final class SunEntries {
|
||||
|
||||
// the default algo used by SecureRandom class for new SecureRandom() calls
|
||||
|
|
@ -325,10 +324,8 @@ public final class SunEntries {
|
|||
static final String URL_DEV_RANDOM = "file:/dev/random";
|
||||
static final String URL_DEV_URANDOM = "file:/dev/urandom";
|
||||
|
||||
private static final String seedSource;
|
||||
|
||||
static {
|
||||
seedSource = AccessController.doPrivileged(
|
||||
@SuppressWarnings("removal")
|
||||
private static final String seedSource = AccessController.doPrivileged(
|
||||
new PrivilegedAction<String>() {
|
||||
|
||||
@Override
|
||||
|
|
@ -345,6 +342,7 @@ public final class SunEntries {
|
|||
}
|
||||
});
|
||||
|
||||
static {
|
||||
DEF_SECURE_RANDOM_ALGO = (NativePRNG.isAvailable() &&
|
||||
(seedSource.equals(URL_DEV_URANDOM) ||
|
||||
seedSource.equals(URL_DEV_RANDOM)) ?
|
||||
|
|
|
|||
|
|
@ -1195,7 +1195,6 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
|
|||
this.engine = engineInstance;
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
@Override
|
||||
public void run() {
|
||||
engine.engineLock.lock();
|
||||
|
|
@ -1206,7 +1205,8 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
|
|||
}
|
||||
|
||||
try {
|
||||
AccessController.doPrivileged(
|
||||
@SuppressWarnings("removal")
|
||||
var dummy = AccessController.doPrivileged(
|
||||
new DelegatedAction(hc), engine.conContext.acc);
|
||||
} catch (PrivilegedActionException pae) {
|
||||
// Get the handshake context again in case the
|
||||
|
|
|
|||
|
|
@ -43,7 +43,6 @@ import sun.security.x509.X509CertImpl;
|
|||
* The purpose of this class is to determine the trust anchor certificates is in
|
||||
* the cacerts file. This is used for PKIX CertPath checking.
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
public class AnchorCertificates {
|
||||
|
||||
private static final Debug debug = Debug.getInstance("certpath");
|
||||
|
|
@ -52,7 +51,8 @@ public class AnchorCertificates {
|
|||
private static Set<X500Principal> certIssuers = Collections.emptySet();
|
||||
|
||||
static {
|
||||
AccessController.doPrivileged(new PrivilegedAction<>() {
|
||||
@SuppressWarnings("removal")
|
||||
var dummy = AccessController.doPrivileged(new PrivilegedAction<>() {
|
||||
@Override
|
||||
public Void run() {
|
||||
File f = new File(FilePaths.cacerts());
|
||||
|
|
|
|||
|
|
@ -55,7 +55,6 @@ public class KeyStoreDelegator extends KeyStoreSpi {
|
|||
private KeyStoreSpi keystore; // the delegate
|
||||
private boolean compatModeEnabled = true;
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
public KeyStoreDelegator(
|
||||
String primaryType,
|
||||
Class<? extends KeyStoreSpi> primaryKeyStore,
|
||||
|
|
@ -63,9 +62,10 @@ public class KeyStoreDelegator extends KeyStoreSpi {
|
|||
Class<? extends KeyStoreSpi> secondaryKeyStore) {
|
||||
|
||||
// Check whether compatibility mode has been disabled
|
||||
compatModeEnabled = "true".equalsIgnoreCase(
|
||||
AccessController.doPrivileged((PrivilegedAction<String>) () ->
|
||||
Security.getProperty(KEYSTORE_TYPE_COMPAT)));
|
||||
@SuppressWarnings("removal")
|
||||
var prop = AccessController.doPrivileged((PrivilegedAction<String>) () ->
|
||||
Security.getProperty(KEYSTORE_TYPE_COMPAT));
|
||||
compatModeEnabled = "true".equalsIgnoreCase(prop);
|
||||
|
||||
if (compatModeEnabled) {
|
||||
this.primaryType = primaryType;
|
||||
|
|
|
|||
|
|
@ -42,7 +42,6 @@ import sun.security.x509.X509CertImpl;
|
|||
* <b>Attention</b>: This check is NOT meant to replace the standard PKI-defined
|
||||
* validation check, neither is it used as an alternative to CRL.
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
public final class UntrustedCertificates {
|
||||
|
||||
private static final Debug debug = Debug.getInstance("certpath");
|
||||
|
|
@ -52,7 +51,8 @@ public final class UntrustedCertificates {
|
|||
private static final String algorithm;
|
||||
|
||||
static {
|
||||
AccessController.doPrivileged(new PrivilegedAction<Void>() {
|
||||
@SuppressWarnings("removal")
|
||||
var dummy = AccessController.doPrivileged(new PrivilegedAction<Void>() {
|
||||
@Override
|
||||
public Void run() {
|
||||
File f = new File(StaticProperty.javaHome(),
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue