Skip to content

Commit

Permalink
Fixed illegal access to internal API by using Provider.getService(typ…
Browse files Browse the repository at this point in the history 
…e,alorithm) instead of reflection (https://issues.redhat.com/browse/JGRP-2611)
  • Loading branch information
@belaban
belaban committed Apr 7, 2022
1 parent 41eaa9c commit 65a7330
Showing 1 changed file with 16 additions and 2 deletions.
18 changes: 16 additions & 2 deletions src/org/jgroups/auth/sasl/SaslUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import javax.security.sasl.SaslClientFactory;
import javax.security.sasl.SaslServerFactory;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.util.*;
Expand Down Expand Up @@ -89,9 +90,22 @@ private static <T> Iterator<T> getFactories(Class<T> type, ClassLoader classLoad
String className=currentProvider.getProperty((String)currentKey);
if(className != null && loadedClasses.add(className)) {
try {
factories.add(Class.forName(className, true, cl).asSubclass(type).getDeclaredConstructor().newInstance());
int index=((String)currentKey).indexOf(".");
if(index >= 0) {
String service_type=((String)currentKey).substring(0, index);
String algorithm=((String)currentKey).substring(index+1);
Provider.Service svc=currentProvider.getService(service_type, algorithm);
if(svc != null) {
Object inst=svc.newInstance(null);
factories.add((T)inst);
}
}
else {
Class<?> clazz=Class.forName(className, true, cl);
factories.add(clazz.asSubclass(type).getDeclaredConstructor().newInstance());
}
}
catch(ClassCastException | ReflectiveOperationException e) {
catch(ClassCastException | ReflectiveOperationException | NoSuchAlgorithmException e) {
}
}
});
Expand Down

0 comments on commit 65a7330

Please sign in to comment.