archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 22:34:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8344310: Remove Security Manager dependencies from javax.crypto and com.sun.crypto packages

Browse source 
Reviewed-by: jpai, ascarpino
This commit is contained in:
Sean Mullan 2024-11-18 19:35:42 +00:00
parent 92271af635
commit de6e013e0e
7 changed files with 29 additions and 101 deletions
Download patch file Download diff file Expand all files Collapse all files

33
src/java.base/share/classes/javax/crypto/JceSecurity.java.template
View file

@ -76,7 +76,6 @@ import sun.security.util.Debug;
* @since 1.4
*/
@SuppressWarnings("removal")
final class JceSecurity {
private static final Debug debug = Debug.getInstance("jca");
@ -109,15 +108,7 @@ final class JceSecurity {
static {
try {
AccessController.doPrivileged(
new PrivilegedExceptionAction<> () {
@Override
public Void run() throws Exception {
setupJurisdictionPolicies();
return null;
}
}
);
setupJurisdictionPolicies();
isRestricted = defaultPolicy.implies(
CryptoAllPermission.INSTANCE) ? false : true;
@ -285,20 +276,14 @@ final class JceSecurity {
synchronized (codeBaseCacheRef) {
URL url = codeBaseCacheRef.get(clazz);
if (url == null) {
url = AccessController.doPrivileged(
new PrivilegedAction<>() {
@Override
public URL run() {
ProtectionDomain pd = clazz.getProtectionDomain();
if (pd != null) {
CodeSource cs = pd.getCodeSource();
if (cs != null) {
return cs.getLocation();
}
}
return NULL_URL;
}
});
url = NULL_URL;
ProtectionDomain pd = clazz.getProtectionDomain();
if (pd != null) {
CodeSource cs = pd.getCodeSource();
if (cs != null) {
url = cs.getLocation();
}
}
codeBaseCacheRef.put(clazz, url);
}
return (url == NULL_URL) ? null : url;

14
src/java.base/share/classes/javax/crypto/JceSecurityManager.java
View file

@ -65,18 +65,10 @@ final class JceSecurityManager {
exemptPolicy = JceSecurity.getExemptPolicy();
allPerm = CryptoAllPermission.INSTANCE;
PrivilegedAction<JceSecurityManager> paSM = JceSecurityManager::new;
@SuppressWarnings("removal")
JceSecurityManager dummySecurityManager =
AccessController.doPrivileged(paSM);
INSTANCE = dummySecurityManager;
INSTANCE = new JceSecurityManager();
PrivilegedAction<StackWalker> paWalker =
() -> StackWalker.getInstance(Set.of(Option.DROP_METHOD_INFO, Option.RETAIN_CLASS_REFERENCE));
@SuppressWarnings("removal")
StackWalker dummyWalker = AccessController.doPrivileged(paWalker);
WALKER = dummyWalker;
WALKER = StackWalker.getInstance(
Set.of(Option.DROP_METHOD_INFO, Option.RETAIN_CLASS_REFERENCE));
}
private JceSecurityManager() {

22
src/java.base/share/classes/javax/crypto/ProviderVerifier.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -100,20 +100,12 @@ final class ProviderVerifier {
// Get a link to the Jarfile to search.
try {
@SuppressWarnings("removal")
var tmp = AccessController.doPrivileged(
(PrivilegedExceptionAction<JarFile>) () -> {
JarURLConnection conn =
(JarURLConnection) url.openConnection();
// You could do some caching here as
// an optimization.
conn.setUseCaches(false);
return conn.getJarFile();
});
jf = tmp;
} catch (java.security.PrivilegedActionException pae) {
throw new SecurityException("Cannot load " + url,
pae.getCause());
JarURLConnection conn = (JarURLConnection) url.openConnection();
// You could do some caching here as an optimization.
conn.setUseCaches(false);
jf = conn.getJarFile();
} catch (IOException ioe) {
throw new SecurityException("Cannot load " + url, ioe);
}
if (jf != null) {