Skip to content

Commit fc8fb34

Browse files
seanjmullanseanjmullan
committed
8344214: Remove Security Manager dependencies from jdk.crypto.mscapi module
Reviewed-by: rriggs, ascarpino
1 parent ff12ff5 commit fc8fb34

File tree

2 files changed

+110
-137
lines changed

2 files changed

+110
-137
lines changed

src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/CKeyStore.java

Lines changed: 2 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
2+
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
33
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
44
*
55
* This code is free software; you can redistribute it and/or modify it
@@ -29,15 +29,12 @@
2929
import java.io.IOException;
3030
import java.io.InputStream;
3131
import java.io.OutputStream;
32-
import java.security.AccessController;
3332
import java.security.InvalidKeyException;
3433
import java.security.Key;
3534
import java.security.KeyStoreSpi;
3635
import java.security.KeyStoreException;
37-
import java.security.PrivilegedAction;
3836
import java.security.UnrecoverableKeyException;
3937
import java.security.NoSuchAlgorithmException;
40-
import java.security.SecurityPermission;
4138
import java.security.cert.X509Certificate;
4239
import java.security.cert.Certificate;
4340
import java.security.cert.CertificateException;
@@ -242,9 +239,7 @@ public void delete() throws KeyStoreException {
242239

243240
CKeyStore(String storeName, int storeLocation) {
244241
// Get the compatibility mode
245-
@SuppressWarnings("removal")
246-
String prop = AccessController.doPrivileged(
247-
(PrivilegedAction<String>) () -> System.getProperty(KEYSTORE_COMPATIBILITY_MODE_PROP));
242+
String prop = System.getProperty(KEYSTORE_COMPATIBILITY_MODE_PROP);
248243

249244
if ("false".equalsIgnoreCase(prop)) {
250245
keyStoreCompatibilityMode = false;
@@ -695,10 +690,6 @@ public void engineStore(OutputStream stream, char[] password)
695690
* the integrity of the keystore cannot be found
696691
* @exception CertificateException if any of the certificates in the
697692
* keystore could not be loaded
698-
* @exception SecurityException if the security check for
699-
* <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
700-
* pass, where <i>name</i> is the value returned by
701-
* this provider's <code>getName</code> method.
702693
*/
703694
public void engineLoad(InputStream stream, char[] password)
704695
throws IOException, NoSuchAlgorithmException, CertificateException {
@@ -710,16 +701,6 @@ public void engineLoad(InputStream stream, char[] password)
710701
throw new IOException("Keystore password must be null");
711702
}
712703

713-
/*
714-
* Use the same security check as AuthProvider.login
715-
*/
716-
@SuppressWarnings("removal")
717-
SecurityManager sm = System.getSecurityManager();
718-
if (sm != null) {
719-
sm.checkPermission(new SecurityPermission(
720-
"authProvider.SunMSCAPI"));
721-
}
722-
723704
// Clear all key entries
724705
entries.clear();
725706

src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/SunMSCAPI.java

Lines changed: 108 additions & 116 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
2+
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
33
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
44
*
55
* This code is free software; you can redistribute it and/or modify it
@@ -25,8 +25,6 @@
2525

2626
package sun.security.mscapi;
2727

28-
import java.security.AccessController;
29-
import java.security.PrivilegedAction;
3028
import java.security.Provider;
3129
import java.security.NoSuchAlgorithmException;
3230
import java.security.InvalidParameterException;
@@ -50,14 +48,14 @@ public final class SunMSCAPI extends Provider {
5048
private static final String INFO = "Sun's Microsoft Crypto API provider";
5149

5250
static {
53-
@SuppressWarnings({"removal", "restricted"})
54-
var dummy = AccessController.doPrivileged(new PrivilegedAction<Void>() {
55-
public Void run() {
56-
System.loadLibrary("sunmscapi");
57-
return null;
58-
}
59-
});
51+
loadLibrary();
52+
}
53+
54+
@SuppressWarnings("restricted")
55+
private static void loadLibrary() {
56+
System.loadLibrary("sunmscapi");
6057
}
58+
6159
private static class ProviderServiceA extends ProviderService {
6260
ProviderServiceA(Provider p, String type, String algo, String cn,
6361
HashMap<String, String> attrs) {
@@ -148,119 +146,113 @@ public Object newInstance(Object ctrParamObj)
148146
}
149147
}
150148

151-
@SuppressWarnings("removal")
152149
public SunMSCAPI() {
153150
super("SunMSCAPI", PROVIDER_VER, INFO);
154151

155152
final Provider p = this;
156-
AccessController.doPrivileged(new PrivilegedAction<Void>() {
157-
public Void run() {
158-
/*
159-
* Secure random
160-
*/
161-
HashMap<String, String> srattrs = new HashMap<>(1);
162-
srattrs.put("ThreadSafe", "true");
163-
putService(new ProviderService(p, "SecureRandom",
164-
"Windows-PRNG", "sun.security.mscapi.PRNG",
165-
null, srattrs));
153+
/*
154+
* Secure random
155+
*/
156+
HashMap<String, String> srattrs = new HashMap<>(1);
157+
srattrs.put("ThreadSafe", "true");
158+
putService(new ProviderService(p, "SecureRandom",
159+
"Windows-PRNG", "sun.security.mscapi.PRNG",
160+
null, srattrs));
166161

167-
/*
168-
* Key store
169-
*/
170-
putService(new ProviderService(p, "KeyStore",
171-
"Windows-MY", "sun.security.mscapi.CKeyStore$MY"));
172-
putService(new ProviderService(p, "KeyStore",
173-
"Windows-MY-CURRENTUSER", "sun.security.mscapi.CKeyStore$MY"));
174-
putService(new ProviderService(p, "KeyStore",
175-
"Windows-ROOT", "sun.security.mscapi.CKeyStore$ROOT"));
176-
putService(new ProviderService(p, "KeyStore",
177-
"Windows-ROOT-CURRENTUSER", "sun.security.mscapi.CKeyStore$ROOT"));
178-
putService(new ProviderService(p, "KeyStore",
179-
"Windows-MY-LOCALMACHINE", "sun.security.mscapi.CKeyStore$MYLocalMachine"));
180-
putService(new ProviderService(p, "KeyStore",
181-
"Windows-ROOT-LOCALMACHINE", "sun.security.mscapi.CKeyStore$ROOTLocalMachine"));
162+
/*
163+
* Key store
164+
*/
165+
putService(new ProviderService(p, "KeyStore",
166+
"Windows-MY", "sun.security.mscapi.CKeyStore$MY"));
167+
putService(new ProviderService(p, "KeyStore",
168+
"Windows-MY-CURRENTUSER", "sun.security.mscapi.CKeyStore$MY"));
169+
putService(new ProviderService(p, "KeyStore",
170+
"Windows-ROOT", "sun.security.mscapi.CKeyStore$ROOT"));
171+
putService(new ProviderService(p, "KeyStore",
172+
"Windows-ROOT-CURRENTUSER", "sun.security.mscapi.CKeyStore$ROOT"));
173+
putService(new ProviderService(p, "KeyStore",
174+
"Windows-MY-LOCALMACHINE", "sun.security.mscapi.CKeyStore$MYLocalMachine"));
175+
putService(new ProviderService(p, "KeyStore",
176+
"Windows-ROOT-LOCALMACHINE", "sun.security.mscapi.CKeyStore$ROOTLocalMachine"));
182177

183-
/*
184-
* Signature engines
185-
*/
186-
HashMap<String, String> attrs = new HashMap<>(1);
187-
attrs.put("SupportedKeyClasses", "sun.security.mscapi.CKey");
178+
/*
179+
* Signature engines
180+
*/
181+
HashMap<String, String> attrs = new HashMap<>(1);
182+
attrs.put("SupportedKeyClasses", "sun.security.mscapi.CKey");
188183

189-
// NONEwithRSA must be supplied with a pre-computed message digest.
190-
// Only the following digest algorithms are supported: MD5, SHA-1,
191-
// SHA-256, SHA-384, SHA-512 and a special-purpose digest
192-
// algorithm which is a concatenation of SHA-1 and MD5 digests.
193-
putService(new ProviderService(p, "Signature",
194-
"NONEwithRSA", "sun.security.mscapi.CSignature$NONEwithRSA",
195-
null, attrs));
196-
putService(new ProviderService(p, "Signature",
197-
"SHA1withRSA", "sun.security.mscapi.CSignature$SHA1withRSA",
198-
null, attrs));
199-
putService(new ProviderServiceA(p, "Signature",
200-
"SHA256withRSA",
201-
"sun.security.mscapi.CSignature$SHA256withRSA",
202-
attrs));
203-
putService(new ProviderServiceA(p, "Signature",
204-
"SHA384withRSA",
205-
"sun.security.mscapi.CSignature$SHA384withRSA",
206-
attrs));
207-
putService(new ProviderServiceA(p, "Signature",
208-
"SHA512withRSA",
209-
"sun.security.mscapi.CSignature$SHA512withRSA",
210-
attrs));
211-
putService(new ProviderServiceA(p, "Signature",
212-
"RSASSA-PSS", "sun.security.mscapi.CSignature$PSS",
213-
attrs));
214-
putService(new ProviderService(p, "Signature",
215-
"MD5withRSA", "sun.security.mscapi.CSignature$MD5withRSA",
216-
null, attrs));
217-
putService(new ProviderService(p, "Signature",
218-
"MD2withRSA", "sun.security.mscapi.CSignature$MD2withRSA",
219-
null, attrs));
220-
putService(new ProviderServiceA(p, "Signature",
221-
"SHA1withECDSA",
222-
"sun.security.mscapi.CSignature$SHA1withECDSA",
223-
attrs));
224-
putService(new ProviderServiceA(p, "Signature",
225-
"SHA224withECDSA",
226-
"sun.security.mscapi.CSignature$SHA224withECDSA",
227-
attrs));
228-
putService(new ProviderServiceA(p, "Signature",
229-
"SHA256withECDSA",
230-
"sun.security.mscapi.CSignature$SHA256withECDSA",
231-
attrs));
232-
putService(new ProviderServiceA(p, "Signature",
233-
"SHA384withECDSA",
234-
"sun.security.mscapi.CSignature$SHA384withECDSA",
235-
attrs));
236-
putService(new ProviderServiceA(p, "Signature",
237-
"SHA512withECDSA",
238-
"sun.security.mscapi.CSignature$SHA512withECDSA",
239-
attrs));
240-
/*
241-
* Key Pair Generator engines
242-
*/
243-
attrs.clear();
244-
attrs.put("KeySize", "16384");
245-
putService(new ProviderService(p, "KeyPairGenerator",
246-
"RSA", "sun.security.mscapi.CKeyPairGenerator$RSA",
247-
null, attrs));
184+
// NONEwithRSA must be supplied with a pre-computed message digest.
185+
// Only the following digest algorithms are supported: MD5, SHA-1,
186+
// SHA-256, SHA-384, SHA-512 and a special-purpose digest
187+
// algorithm which is a concatenation of SHA-1 and MD5 digests.
188+
putService(new ProviderService(p, "Signature",
189+
"NONEwithRSA", "sun.security.mscapi.CSignature$NONEwithRSA",
190+
null, attrs));
191+
putService(new ProviderService(p, "Signature",
192+
"SHA1withRSA", "sun.security.mscapi.CSignature$SHA1withRSA",
193+
null, attrs));
194+
putService(new ProviderServiceA(p, "Signature",
195+
"SHA256withRSA",
196+
"sun.security.mscapi.CSignature$SHA256withRSA",
197+
attrs));
198+
putService(new ProviderServiceA(p, "Signature",
199+
"SHA384withRSA",
200+
"sun.security.mscapi.CSignature$SHA384withRSA",
201+
attrs));
202+
putService(new ProviderServiceA(p, "Signature",
203+
"SHA512withRSA",
204+
"sun.security.mscapi.CSignature$SHA512withRSA",
205+
attrs));
206+
putService(new ProviderServiceA(p, "Signature",
207+
"RSASSA-PSS", "sun.security.mscapi.CSignature$PSS",
208+
attrs));
209+
putService(new ProviderService(p, "Signature",
210+
"MD5withRSA", "sun.security.mscapi.CSignature$MD5withRSA",
211+
null, attrs));
212+
putService(new ProviderService(p, "Signature",
213+
"MD2withRSA", "sun.security.mscapi.CSignature$MD2withRSA",
214+
null, attrs));
215+
putService(new ProviderServiceA(p, "Signature",
216+
"SHA1withECDSA",
217+
"sun.security.mscapi.CSignature$SHA1withECDSA",
218+
attrs));
219+
putService(new ProviderServiceA(p, "Signature",
220+
"SHA224withECDSA",
221+
"sun.security.mscapi.CSignature$SHA224withECDSA",
222+
attrs));
223+
putService(new ProviderServiceA(p, "Signature",
224+
"SHA256withECDSA",
225+
"sun.security.mscapi.CSignature$SHA256withECDSA",
226+
attrs));
227+
putService(new ProviderServiceA(p, "Signature",
228+
"SHA384withECDSA",
229+
"sun.security.mscapi.CSignature$SHA384withECDSA",
230+
attrs));
231+
putService(new ProviderServiceA(p, "Signature",
232+
"SHA512withECDSA",
233+
"sun.security.mscapi.CSignature$SHA512withECDSA",
234+
attrs));
235+
/*
236+
* Key Pair Generator engines
237+
*/
238+
attrs.clear();
239+
attrs.put("KeySize", "16384");
240+
putService(new ProviderService(p, "KeyPairGenerator",
241+
"RSA", "sun.security.mscapi.CKeyPairGenerator$RSA",
242+
null, attrs));
248243

249-
/*
250-
* Cipher engines
251-
*/
252-
attrs.clear();
253-
attrs.put("SupportedModes", "ECB");
254-
attrs.put("SupportedPaddings", "PKCS1PADDING");
255-
attrs.put("SupportedKeyClasses", "sun.security.mscapi.CKey");
256-
putService(new ProviderService(p, "Cipher",
257-
"RSA", "sun.security.mscapi.CRSACipher",
258-
null, attrs));
259-
putService(new ProviderService(p, "Cipher",
260-
"RSA/ECB/PKCS1Padding", "sun.security.mscapi.CRSACipher",
261-
null, attrs));
262-
return null;
263-
}
264-
});
244+
/*
245+
* Cipher engines
246+
*/
247+
attrs.clear();
248+
attrs.put("SupportedModes", "ECB");
249+
attrs.put("SupportedPaddings", "PKCS1PADDING");
250+
attrs.put("SupportedKeyClasses", "sun.security.mscapi.CKey");
251+
putService(new ProviderService(p, "Cipher",
252+
"RSA", "sun.security.mscapi.CRSACipher",
253+
null, attrs));
254+
putService(new ProviderService(p, "Cipher",
255+
"RSA/ECB/PKCS1Padding", "sun.security.mscapi.CRSACipher",
256+
null, attrs));
265257
}
266258
}

0 commit comments

Comments
 (0)