archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 14:54:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8285662: Better permission resolution

Browse source 
Reviewed-by: rhalade, weijun, mullan
This commit is contained in:
Jamil Nimeh 2022-05-11 23:06:42 +00:00 committed by Henry Jen
parent ff1867438f
commit 48cc9a8717
1 changed files with 51 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

94
src/java.base/share/classes/java/security/UnresolvedPermission.java
View file

@ -153,7 +153,7 @@ implements java.io.Serializable
* Each chain is ordered bottom-to-top (i.e., with the signer certificate * Each chain is ordered bottom-to-top (i.e., with the signer certificate
* first and the (root) certificate authority last). The signer * first and the (root) certificate authority last). The signer
* certificates are copied from the array. Subsequent changes to * certificates are copied from the array. Subsequent changes to
* the array will not affect this UnsolvedPermission. * the array will not affect this UnresolvedPermission.
*/ */
public UnresolvedPermission(String type, public UnresolvedPermission(String type,
String name, String name,
@ -165,59 +165,63 @@ implements java.io.Serializable
if (type == null) if (type == null)
throw new NullPointerException("type can't be null"); throw new NullPointerException("type can't be null");
// Perform a defensive copy and reassign certs if we have a non-null
// reference
if (certs != null) {
certs = certs.clone();
}
this.type = type; this.type = type;
this.name = name; this.name = name;
this.actions = actions; this.actions = actions;
if (certs != null) { if (certs != null) {
// Extract the signer certs from the list of certificates. // Extract the signer certs from the list of certificates.
for (int i=0; i<certs.length; i++) { for (int i = 0; i < certs.length; i++) {
if (!(certs[i] instanceof X509Certificate)) { if (!(certs[i] instanceof X509Certificate)) {
// there is no concept of signer certs, so we store the // there is no concept of signer certs, so we store the
// entire cert array // entire cert array. No further processing is necessary.
this.certs = certs.clone(); this.certs = certs;
break; return;
} }
} }
if (this.certs == null) { // Go through the list of certs and see if all the certs are
// Go through the list of certs and see if all the certs are // signer certs.
// signer certs. int i = 0;
int i = 0; int count = 0;
int count = 0; while (i < certs.length) {
while (i < certs.length) { count++;
count++; while (((i + 1) < certs.length) &&
while (((i+1) < certs.length) && ((X509Certificate)certs[i]).getIssuerX500Principal().equals(
((X509Certificate)certs[i]).getIssuerX500Principal().equals( ((X509Certificate)certs[i + 1]).getSubjectX500Principal())) {
((X509Certificate)certs[i+1]).getSubjectX500Principal())) {
i++;
}
i++; i++;
} }
if (count == certs.length) { i++;
// All the certs are signer certs, so we store the entire
// array
this.certs = certs.clone();
}
if (this.certs == null) {
// extract the signer certs
ArrayList<java.security.cert.Certificate> signerCerts =
new ArrayList<>();
i = 0;
while (i < certs.length) {
signerCerts.add(certs[i]);
while (((i+1) < certs.length) &&
((X509Certificate)certs[i]).getIssuerX500Principal().equals(
((X509Certificate)certs[i+1]).getSubjectX500Principal())) {
i++;
}
i++;
}
this.certs =
new java.security.cert.Certificate[signerCerts.size()];
signerCerts.toArray(this.certs);
}
} }
if (count == certs.length) {
// All the certs are signer certs, so we store the entire
// array. No further processing is needed.
this.certs = certs;
return;
}
// extract the signer certs
ArrayList<java.security.cert.Certificate> signerCerts =
new ArrayList<>();
i = 0;
while (i < certs.length) {
signerCerts.add(certs[i]);
while (((i + 1) < certs.length) &&
((X509Certificate)certs[i]).getIssuerX500Principal().equals(
((X509Certificate)certs[i + 1]).getSubjectX500Principal())) {
i++;
}
i++;
}
this.certs =
new java.security.cert.Certificate[signerCerts.size()];
signerCerts.toArray(this.certs);
} }
} }
@ -310,6 +314,7 @@ implements java.io.Serializable
* *
* @return {@code false}. * @return {@code false}.
*/ */
@Override
public boolean implies(Permission p) { public boolean implies(Permission p) {
return false; return false;
} }
@ -330,6 +335,7 @@ implements java.io.Serializable
* and has the same type (class) name, permission name, actions, and * and has the same type (class) name, permission name, actions, and
* certificates as this object. * certificates as this object.
*/ */
@Override
public boolean equals(Object obj) { public boolean equals(Object obj) {
if (obj == this) if (obj == this)
return true; return true;
@ -402,7 +408,7 @@ implements java.io.Serializable
* *
* @return a hash code value for this object. * @return a hash code value for this object.
*/ */
@Override
public int hashCode() { public int hashCode() {
int hash = type.hashCode(); int hash = type.hashCode();
if (name != null) if (name != null)
@ -422,6 +428,7 @@ implements java.io.Serializable
* *
* @return the empty string "". * @return the empty string "".
*/ */
@Override
public String getActions() public String getActions()
{ {
return ""; return "";
@ -491,6 +498,7 @@ implements java.io.Serializable
* *
* @return information about this {@code UnresolvedPermission}. * @return information about this {@code UnresolvedPermission}.
*/ */
@Override
public String toString() { public String toString() {
return "(unresolved " + type + " " + name + " " + actions + ")"; return "(unresolved " + type + " " + name + " " + actions + ")";
} }
@ -502,7 +510,7 @@ implements java.io.Serializable
* @return a new PermissionCollection object suitable for * @return a new PermissionCollection object suitable for
* storing {@code UnresolvedPermissions}. * storing {@code UnresolvedPermissions}.
*/ */
@Override
public PermissionCollection newPermissionCollection() { public PermissionCollection newPermissionCollection() {
return new UnresolvedPermissionCollection(); return new UnresolvedPermissionCollection();
} }