Skip to content
This repository has been archived by the owner on Feb 2, 2023. It is now read-only.
/ jdk13u-dev Public archive

Commit

Permalink
8242565: Policy initialization issues when the denyAfter constraint i…
Browse files Browse the repository at this point in the history
…s enabled

Reviewed-by: yan, vkempik
Backport-of: 3efd000
  • Loading branch information
Alexey Bakhtin committed Oct 10, 2022
1 parent 5c1369c commit ff31243
Show file tree
Hide file tree
Showing 6 changed files with 17 additions and 13 deletions.
3 changes: 2 additions & 1 deletion src/java.base/share/classes/sun/security/jca/Providers.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -87,6 +87,7 @@ private Providers() {
// Note: when SunEC is in a signed JAR file, it's not signed
// by EC algorithms. So it's still safe to be listed here.
"SunEC",
"SunJCE",
};

// Return Sun provider.
Expand Down
12 changes: 4 additions & 8 deletions src/java.base/share/classes/sun/security/tools/KeyStoreUtil.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -48,6 +48,7 @@
import java.util.List;
import java.util.Locale;
import java.util.Properties;
import java.util.ResourceBundle;
import java.util.ServiceLoader;

import sun.security.util.PropertyExpander;
Expand All @@ -63,12 +64,6 @@ private KeyStoreUtil() {
// this class is not meant to be instantiated
}

private static final Collator collator = Collator.getInstance();
static {
// this is for case insensitive string comparisons
collator.setStrength(Collator.PRIMARY);
};

/**
* Returns true if the certificate is self-signed, false otherwise.
*/
Expand Down Expand Up @@ -133,7 +128,8 @@ public static KeyStore getCacertsKeyStore() throws Exception {
}

public static char[] getPassWithModifier(String modifier, String arg,
java.util.ResourceBundle rb) {
ResourceBundle rb,
Collator collator) {
if (modifier == null) {
return arg.toCharArray();
} else if (collator.compare(modifier, "env") == 0) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4812,7 +4812,8 @@ private void errorNeedArgument(String flag) {
}

private char[] getPass(String modifier, String arg) {
char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb);
char[] output =
KeyStoreUtil.getPassWithModifier(modifier, arg, rb, collator);
if (output != null) return output;
tinyHelp();
return null; // Useless, tinyHelp() already exits.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -565,7 +565,8 @@ String[] parseArgs(String args[]) throws Exception {
}

static char[] getPass(String modifier, String arg) {
char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb);
char[] output =
KeyStoreUtil.getPassWithModifier(modifier, arg, rb, collator);
if (output != null) return output;
usage();
return null; // Useless, usage() already exit
Expand Down
6 changes: 4 additions & 2 deletions test/jdk/java/security/Policy/SignedJar/SignedJarTest.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -32,7 +32,7 @@

/**
* @test
* @bug 8048360
* @bug 8048360 8242565
* @summary test policy entry with signedBy alias
* @library /test/lib
* @run main/othervm SignedJarTest
Expand All @@ -52,6 +52,7 @@ public class SignedJarTest {
private static final String POLICY2 = "SignedJarTest_2.policy";
private static final String KEYSTORE1 = "both.jks";
private static final String KEYSTORE2 = "first.jks";
private static final String SECPROPS = TESTSRC + FS + "java.security";

public static void main(String args[]) throws Throwable {
//copy PrivilegeTest.class, policy files and keystore password file into current direcotry
Expand Down Expand Up @@ -147,6 +148,7 @@ private static String[] constructCMD(String classpath, String policy, String arg
"-classpath", classpath,
"-Djava.security.manager",
"-Djava.security.policy=" + policy,
"-Djava.security.properties=" + SECPROPS,
"PrivilegeTest",
arg1, arg2};
return cmd;
Expand Down
3 changes: 3 additions & 0 deletions test/jdk/java/security/Policy/SignedJar/java.security
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, include jdk.disabled.namedCurves, \
SHA1 jdkCA & denyAfter 2019-01-01

1 comment on commit ff31243

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.