archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 14:54:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8344397: Remove Security Manager dependencies from java.security and sun.security packages

Browse source 
Reviewed-by: rriggs, hchao, weijun, alanb
This commit is contained in:
Sean Mullan 2024-12-02 21:30:53 +00:00
parent 3d0d0e6290
commit 940aa7c4cf
45 changed files with 406 additions and 1436 deletions
Download patch file Download diff file Expand all files Collapse all files

179
src/java.base/share/classes/sun/security/jca/ProviderConfig.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -94,23 +94,11 @@ final class ProviderConfig {
// avoid if not available (pre Solaris 10) to reduce startup time
// or if disabled via system property
private void checkSunPKCS11Solaris() {
@SuppressWarnings("removal")
Boolean o = AccessController.doPrivileged(
new PrivilegedAction<Boolean>() {
public Boolean run() {
File file = new File("/usr/lib/libpkcs11.so");
if (file.exists() == false) {
return Boolean.FALSE;
}
if ("false".equalsIgnoreCase(System.getProperty
("sun.security.pkcs11.enable-solaris"))) {
return Boolean.FALSE;
}
return Boolean.TRUE;
}
});
if (o == Boolean.FALSE) {
tries = MAX_LOAD_TRIES;
File file = new File("/usr/lib/libpkcs11.so");
if (file.exists() == false ||
("false".equalsIgnoreCase(System.getProperty
("sun.security.pkcs11.enable-solaris")))) {
tries = MAX_LOAD_TRIES;
}
}
@ -190,28 +178,22 @@ final class ProviderConfig {
case "Apple", "apple.security.AppleProvider" -> {
// Reflection is needed for compile time as the class
// is not available for non-macosx systems
@SuppressWarnings("removal")
var tmp = AccessController.doPrivileged(
new PrivilegedAction<Provider>() {
public Provider run() {
try {
Class<?> c = Class.forName(
"apple.security.AppleProvider");
if (Provider.class.isAssignableFrom(c)) {
@SuppressWarnings("deprecation")
Object tmp = c.newInstance();
return (Provider) tmp;
}
} catch (Exception ex) {
if (debug != null) {
debug.println("Error loading provider Apple");
ex.printStackTrace();
}
}
return null;
}
});
yield tmp;
Provider ap = null;
try {
Class<?> c = Class.forName(
"apple.security.AppleProvider");
if (Provider.class.isAssignableFrom(c)) {
@SuppressWarnings("deprecation")
Object tmp = c.newInstance();
ap = (Provider) tmp;
}
} catch (Exception ex) {
if (debug != null) {
debug.println("Error loading provider Apple");
ex.printStackTrace();
}
}
yield ap;
}
default -> {
if (isLoading) {
@ -240,83 +222,69 @@ final class ProviderConfig {
/**
* Load and instantiate the Provider described by this class.
*
* NOTE use of doPrivileged().
*
* @return null if the Provider could not be loaded
*
* @throws ProviderException if executing the Provider's constructor
* throws a ProviderException. All other Exceptions are ignored.
*/
@SuppressWarnings("removal")
private Provider doLoadProvider() {
return AccessController.doPrivileged(new PrivilegedAction<Provider>() {
public Provider run() {
if (debug != null) {
debug.println("Loading provider " + ProviderConfig.this);
}
try {
Provider p = ProviderLoader.INSTANCE.load(provName);
if (p != null) {
if (hasArgument()) {
p = p.configure(argument);
}
if (debug != null) {
debug.println("Loading provider " + ProviderConfig.this);
debug.println("Loaded provider " + p.getName());
}
try {
Provider p = ProviderLoader.INSTANCE.load(provName);
if (p != null) {
if (hasArgument()) {
p = p.configure(argument);
}
if (debug != null) {
debug.println("Loaded provider " + p.getName());
}
} else {
if (debug != null) {
debug.println("Error loading provider " +
ProviderConfig.this);
}
disableLoad();
}
return p;
} catch (Exception e) {
if (e instanceof ProviderException) {
// pass up
throw e;
} else {
if (debug != null) {
debug.println("Error loading provider " +
ProviderConfig.this);
e.printStackTrace();
}
disableLoad();
return null;
}
} catch (ExceptionInInitializerError err) {
// no sufficient permission to initialize provider class
if (debug != null) {
debug.println("Error loading provider " + ProviderConfig.this);
err.printStackTrace();
}
disableLoad();
return null;
} else {
if (debug != null) {
debug.println("Error loading provider " +
ProviderConfig.this);
}
disableLoad();
}
});
return p;
} catch (Exception e) {
if (e instanceof ProviderException) {
// pass up
throw e;
} else {
if (debug != null) {
debug.println("Error loading provider " +
ProviderConfig.this);
e.printStackTrace();
}
disableLoad();
return null;
}
} catch (ExceptionInInitializerError err) {
// unable to initialize provider class
if (debug != null) {
debug.println("Error loading provider " + ProviderConfig.this);
err.printStackTrace();
}
disableLoad();
return null;
}
}
/**
* Perform property expansion of the provider value.
*
* NOTE use of doPrivileged().
*/
@SuppressWarnings("removal")
private static String expand(final String value) {
// shortcut if value does not contain any properties
if (value.contains("${") == false) {
return value;
}
return AccessController.doPrivileged(new PrivilegedAction<String>() {
public String run() {
try {
return PropertyExpander.expand(value);
} catch (GeneralSecurityException e) {
throw new ProviderException(e);
}
}
});
try {
return PropertyExpander.expand(value);
} catch (GeneralSecurityException e) {
throw new ProviderException(e);
}
}
// Inner class for loading security providers listed in java.security file
@ -356,9 +324,9 @@ final class ProviderConfig {
if (pName.equals(pn)) {
return p;
}
} catch (SecurityException | ServiceConfigurationError |
} catch (ServiceConfigurationError |
InvalidParameterException ex) {
// if provider loading fail due to security permission,
// if provider loading failed
// log it and move on to next provider
if (debug != null) {
debug.println("Encountered " + ex +
@ -385,6 +353,7 @@ final class ProviderConfig {
}
}
@SuppressWarnings("deprecation") // Class.newInstance
private Provider legacyLoad(String classname) {
if (debug != null) {
@ -403,15 +372,7 @@ final class ProviderConfig {
return null;
}
@SuppressWarnings("removal")
Provider p = AccessController.doPrivileged
(new PrivilegedExceptionAction<Provider>() {
@SuppressWarnings("deprecation") // Class.newInstance
public Provider run() throws Exception {
return (Provider) provClass.newInstance();
}
});
return p;
return (Provider) provClass.newInstance();
} catch (Exception e) {
Throwable t;
if (e instanceof InvocationTargetException) {
@ -429,7 +390,7 @@ final class ProviderConfig {
}
return null;
} catch (ExceptionInInitializerError | NoClassDefFoundError err) {
// no sufficient permission to access/initialize provider class
// unable to access/initialize provider class
if (debug != null) {
debug.println("Error loading legacy provider " + classname);
err.printStackTrace();