Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8284105: Update security libraries to use sealed classes #8165

Closed
wants to merge 4 commits into from

Conversation

seanjmullan
Copy link
Member

@seanjmullan seanjmullan commented Apr 8, 2022

Please review these changes to update the security libraries to use sealed classes. See JEP 409 for more details on sealed classes.

No CSR is required as all the changes are to internal classes. A few classes that did not have subclasses were simply marked final instead of sealed.


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change must be properly reviewed

Issue

  • JDK-8284105: Update security libraries to use sealed classes

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/8165/head:pull/8165
$ git checkout pull/8165

Update a local copy of the PR:
$ git checkout pull/8165
$ git pull https://git.openjdk.java.net/jdk pull/8165/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 8165

View PR using the GUI difftool:
$ git pr show -t 8165

Using diff file

Download this PR as a diff file:
https://git.openjdk.java.net/jdk/pull/8165.diff

@bridgekeeper
Copy link

bridgekeeper bot commented Apr 8, 2022

👋 Welcome back mullan! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot added the rfr Pull request is ready for review label Apr 8, 2022
@openjdk
Copy link

openjdk bot commented Apr 8, 2022

@seanjmullan The following labels will be automatically applied to this pull request:

  • build
  • security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command.

@openjdk openjdk bot added security security-dev@openjdk.org build build-dev@openjdk.org labels Apr 8, 2022
@mlbridge
Copy link

mlbridge bot commented Apr 8, 2022

Webrevs

@wangweij
Copy link
Contributor

wangweij commented Apr 8, 2022

/label remove build

@openjdk openjdk bot removed the build build-dev@openjdk.org label Apr 8, 2022
@openjdk
Copy link

openjdk bot commented Apr 8, 2022

@wangweij
The build label was successfully removed.

@openjdk
Copy link

openjdk bot commented Apr 8, 2022

@seanjmullan This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8284105: Update security libraries to use sealed classes

Reviewed-by: darcy, weijun, xuelei

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been no new commits pushed to the master branch. If another commit should be pushed before you perform the /integrate command, your PR will be automatically rebased. If you prefer to avoid any potential automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Apr 8, 2022
Copy link
Contributor

@wangweij wangweij left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks KrbTgsRep.java, Krb5ProxyCredential.java, Builder.java, Vertex.java, Validator.java, and RSAKeyPairGenerator.java can all be made package private.

@@ -61,7 +61,14 @@
*
*/

public abstract class IntegerPolynomial implements IntegerFieldModuloP {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although we only have several implementations, I think this class is meant to be freely extendable for whatever new modulus.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can always add new ones to the permits clause later.

@@ -47,7 +47,7 @@
* @since 1.5
* @author Andreas Sterbenz
*/
public abstract class RSASignature extends SignatureSpi {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can probably move the RSASignature.encodeSignature method to RSAUtil and this class can be package private.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. I'll also move RSASignature.decodeSignature to RSAUtil to maintain symmetry even though it isn't called outside the package.

Copy link
Member

@XueleiFan XueleiFan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks safe to me as if compiling and test passed.

@seanjmullan
Copy link
Member Author

It looks KrbTgsRep.java, Krb5ProxyCredential.java, Builder.java, Vertex.java, Validator.java, and RSAKeyPairGenerator.java can all be made package private.

Good point, although I would prefer to leave Validator as public for now until we are more sure of the compatibility risk as there have been external dependencies on it.

It may be useful to apply the sealed modifier to package-private classes, but for this RFE that is not the goal, so I will remove the sealed modifier from these classes (if applicable) when I make them package-private.

Copy link
Contributor

@wangweij wangweij left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only one comment. Others look fine.

@@ -40,7 +40,7 @@
* This class encapsulates a TGS-REP that is sent from the KDC to the
* Kerberos client.
*/
public class KrbTgsRep extends KrbKdcRep {
final class KrbTgsRep extends KrbKdcRep {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Make KrbAsRep final also to be symmetric.

@seanjmullan
Copy link
Member Author

/integrate

@openjdk
Copy link

openjdk bot commented Apr 11, 2022

Going to push as commit dc6ec2a.
Since your change was applied there have been 6 commits pushed to the master branch:

  • 470a668: 8284687: validate-source failure after JDK-8283710
  • 523899e: 8265315: Support for CLDR version 41
  • abfd2f9: 8283710: JVMTI: Use BitSet for object marking
  • 7edd186: 8283507: Create a regression test for RFE 4287690
  • 74835f7: 8283719: java/util/logging/CheckZombieLockTest.java failing intermittently
  • 205cfb8: 8284093: Memory leak: X11SD_DisposeXImage should also free obdata

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot added the integrated Pull request has been integrated label Apr 11, 2022
@openjdk openjdk bot closed this Apr 11, 2022
@openjdk openjdk bot removed ready Pull request is ready to be integrated rfr Pull request is ready for review labels Apr 11, 2022
@openjdk
Copy link

openjdk bot commented Apr 11, 2022

@seanjmullan Pushed as commit dc6ec2a.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
integrated Pull request has been integrated security security-dev@openjdk.org
4 participants