Skip to content

Commit

Permalink
8254711: Add java.security.Provider.getService JFR Event
Browse files Browse the repository at this point in the history
8294673: JFR: Add SecurityProviderService#threshold to TestActiveSettingEvent.java

Reviewed-by: mbaesken
Backport-of: bc2af47e1e4e6e96020e03a60ce098ddd17f63ba
  • Loading branch information
GoeLin committed Apr 27, 2023
1 parent 243e643 commit 394a756
Show file tree
Hide file tree
Showing 10 changed files with 286 additions and 10 deletions.
29 changes: 20 additions & 9 deletions src/java.base/share/classes/java/security/Provider.java
Expand Up @@ -25,6 +25,8 @@

package java.security;

import jdk.internal.event.SecurityProviderServiceEvent;

import java.io.*;
import java.util.*;
import static java.util.Locale.ENGLISH;
Expand Down Expand Up @@ -1234,19 +1236,28 @@ public Service getService(String type, String algorithm) {
key = new ServiceKey(type, algorithm, false);
previousKey = key;
}
Service s = null;
if (!serviceMap.isEmpty()) {
Service s = serviceMap.get(key);
if (s != null) {
return s;
}
s = serviceMap.get(key);
}
synchronized (this) {
ensureLegacyParsed();
if (legacyMap != null && !legacyMap.isEmpty()) {
return legacyMap.get(key);
if (s == null) {
synchronized (this) {
ensureLegacyParsed();
if (legacyMap != null && !legacyMap.isEmpty()) {
s = legacyMap.get(key);
}
}
}
return null;

if (s != null && SecurityProviderServiceEvent.isTurnedOn()) {
var e = new SecurityProviderServiceEvent();
e.provider = getName();
e.type = type;
e.algorithm = algorithm;
e.commit();
}

return s;
}

// ServiceKey from previous getService() call
Expand Down
@@ -0,0 +1,45 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

package jdk.internal.event;

/**
* Event recording details of Provider.getService(String type, String algorithm) calls
*/

public final class SecurityProviderServiceEvent extends Event {
private final static SecurityProviderServiceEvent EVENT = new SecurityProviderServiceEvent();

/**
* Returns {@code true} if event is enabled, {@code false} otherwise.
*/
public static boolean isTurnedOn() {
return EVENT.isEnabled();
}

public String type;
public String algorithm;
public String provider;
}
@@ -0,0 +1,48 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

package jdk.jfr.events;

import jdk.jfr.Category;
import jdk.jfr.Description;
import jdk.jfr.Label;
import jdk.jfr.Name;
import jdk.jfr.internal.MirrorEvent;

@Category({"Java Development Kit", "Security"})
@Label("Security Provider Instance Request")
@Name("jdk.SecurityProviderService")
@Description("Details of Provider.getInstance(String type, String algorithm) calls")
@MirrorEvent(className = "jdk.internal.event.SecurityProviderServiceEvent")
public final class SecurityProviderServiceEvent extends AbstractJDKEvent {
@Label("Type of Service")
public String type;

@Label("Algorithm Name")
public String algorithm;

@Label("Security Provider")
public String provider;
}
Expand Up @@ -27,7 +27,6 @@

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Properties;

import jdk.internal.access.SharedSecrets;
Expand All @@ -50,6 +49,7 @@
import jdk.jfr.events.InitialSecurityPropertyEvent;
import jdk.jfr.events.ProcessStartEvent;
import jdk.jfr.events.SecurityPropertyModificationEvent;
import jdk.jfr.events.SecurityProviderServiceEvent;
import jdk.jfr.events.SocketReadEvent;
import jdk.jfr.events.SocketWriteEvent;
import jdk.jfr.events.TLSHandshakeEvent;
Expand All @@ -70,6 +70,7 @@ public final class JDKEvents {
DeserializationEvent.class,
ProcessStartEvent.class,
SecurityPropertyModificationEvent.class,
SecurityProviderServiceEvent.class,
TLSHandshakeEvent.class,
X509CertificateEvent.class,
X509ValidationEvent.class
Expand All @@ -89,6 +90,7 @@ public final class JDKEvents {
jdk.internal.event.DeserializationEvent.class,
jdk.internal.event.ProcessStartEvent.class,
jdk.internal.event.SecurityPropertyModificationEvent.class,
jdk.internal.event.SecurityProviderServiceEvent.class,
jdk.internal.event.TLSHandshakeEvent.class,
jdk.internal.event.X509CertificateEvent.class,
jdk.internal.event.X509ValidationEvent.class,
Expand Down
5 changes: 5 additions & 0 deletions src/jdk.jfr/share/conf/jfr/default.jfc
Expand Up @@ -715,6 +715,11 @@
<setting name="stackTrace">true</setting>
</event>

<event name="jdk.SecurityProviderService">
<setting name="enabled">false</setting>
<setting name="stackTrace">true</setting>
</event>

<event name="jdk.TLSHandshake">
<setting name="enabled">false</setting>
<setting name="stackTrace">true</setting>
Expand Down
5 changes: 5 additions & 0 deletions src/jdk.jfr/share/conf/jfr/profile.jfc
Expand Up @@ -715,6 +715,11 @@
<setting name="stackTrace">true</setting>
</event>

<event name="jdk.SecurityProviderService">
<setting name="enabled">false</setting>
<setting name="stackTrace">true</setting>
</event>

<event name="jdk.TLSHandshake">
<setting name="enabled">false</setting>
<setting name="stackTrace">true</setting>
Expand Down
Expand Up @@ -172,6 +172,7 @@ private static Document createDocument(String content) throws ParserConfiguratio
insertSetting(doc, EventNames.JavaExceptionThrow, "threshold", "0 ns");
insertSetting(doc, EventNames.JavaErrorThrow, "threshold", "0 ns");
insertSetting(doc, EventNames.SecurityProperty, "threshold", "0 ns");
insertSetting(doc, EventNames.SecurityProviderService, "threshold", "0 ns");
insertSetting(doc, EventNames.TLSHandshake, "threshold", "0 ns");
insertSetting(doc, EventNames.X509Certificate, "threshold", "0 ns");
insertSetting(doc, EventNames.X509Validation, "threshold", "0 ns");
Expand Down
1 change: 1 addition & 0 deletions test/jdk/jdk/jfr/event/runtime/TestActiveSettingEvent.java
Expand Up @@ -206,6 +206,7 @@ private static void testSettingConfiguration(String configurationName) throws Ex
settingValues.put(EventNames.X509Validation + "#threshold", "0 ns");
settingValues.put(EventNames.ProcessStart + "#threshold", "0 ns");
settingValues.put(EventNames.Deserialization + "#threshold", "0 ns");
settingValues.put(EventNames.SecurityProviderService + "#threshold", "0 ns");

try (Recording recording = new Recording(c)) {
Map<Long, EventType> eventTypes = new HashMap<>();
Expand Down
157 changes: 157 additions & 0 deletions test/jdk/jdk/jfr/event/security/TestSecurityProviderServiceEvent.java
@@ -0,0 +1,157 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

package jdk.jfr.event.security;

import java.security.*;
import java.security.cert.CertPathBuilder;
import java.util.Collections;
import java.util.List;
import java.util.function.*;

import jdk.jfr.Recording;
import jdk.jfr.consumer.RecordedEvent;
import jdk.test.lib.Asserts;
import jdk.test.lib.jfr.Events;
import jdk.test.lib.jfr.EventNames;

import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;

/*
* @test
* @bug 8254711
* @summary Add JFR events for security crypto algorithms
* @key jfr
* @requires vm.hasJFR
* @library /test/lib
* @modules jdk.jfr/jdk.jfr.events
* @run main/othervm jdk.jfr.event.security.TestSecurityProviderServiceEvent
*/
public class TestSecurityProviderServiceEvent {

public static void main(String[] args) throws Exception {
testAlg(cipherFunc, "AES", "SunJCE",
"SunEC", "Cipher", 1, Collections.emptyList());
testAlg(signatureFunc, "SHA256withRSA", "SunRsaSign",
"SunEC", "Signature", 2, List.of("MessageDigest"));
testAlg(messageDigestFunc, "SHA-512", "SUN",
"SunEC", "MessageDigest", 1, Collections.emptyList());
testAlg(keystoreFunc, "PKCS12", "SUN",
"SunEC", "KeyStore", 1, Collections.emptyList());
testAlg(certPathBuilderFunc, "PKIX", "SUN",
"SunEC", "CertPathBuilder", 2, List.of("CertificateFactory"));
}

private static void testAlg(BiFunction<String, String, Provider> bif, String alg,
String workingProv, String brokenProv, String algType,
int expected, List<String> other) throws Exception {
// bootstrap security Provider services
Provider p = bif.apply(alg, workingProv);

try (Recording recording = new Recording()) {
recording.enable(EventNames.SecurityProviderService);
recording.start();
p = bif.apply(alg, workingProv);
bif.apply(alg, brokenProv);
recording.stop();
List<RecordedEvent> events = Events.fromRecording(recording);
Asserts.assertEquals(events.size(), expected, "Incorrect number of events");
assertEvent(events, algType, alg, p.getName(), other);
}
}

private static BiFunction<String, String, Provider> cipherFunc = (s1, p1 ) -> {
Cipher c;
try {
c = Cipher.getInstance(s1, p1);
return c.getProvider();
} catch (NoSuchAlgorithmException | NoSuchPaddingException | NoSuchProviderException e) {
// expected
}
return null;
};

private static BiFunction<String, String, Provider> signatureFunc = (s1, p1 ) -> {
Signature s;
try {
s = Signature.getInstance(s1, p1);
return s.getProvider();
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
// expected
}
return null;
};

private static BiFunction<String, String, Provider> messageDigestFunc = (s1, p1 ) -> {
MessageDigest md;
try {
md = MessageDigest.getInstance(s1, p1);
return md.getProvider();
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
// expected
}
return null;
};

private static BiFunction<String, String, Provider> keystoreFunc = (s1, p1 ) -> {
KeyStore ks;
try {
ks = KeyStore.getInstance(s1, p1);
return ks.getProvider();
} catch (NoSuchProviderException | KeyStoreException e) {
// expected
}
return null;
};

private static BiFunction<String, String, Provider> certPathBuilderFunc = (s1, p1 ) -> {
CertPathBuilder cps;
try {
cps = CertPathBuilder.getInstance(s1, p1);
return cps.getProvider();
} catch (NoSuchProviderException | NoSuchAlgorithmException e) {
// expected
}
return null;
};

private static void assertEvent(List<RecordedEvent> events, String type,
String alg, String workingProv, List<String> other) {
boolean secondaryEventOK = other.isEmpty() ? true : false;
for (RecordedEvent e : events) {
if (other.contains(e.getValue("type"))) {
// secondary operation in service stack while constructing this request
secondaryEventOK = true;
continue;
}
Events.assertField(e, "provider").equal(workingProv);
Events.assertField(e, "type").equal(type);
Events.assertField(e, "algorithm").equal(alg);
}
if (!secondaryEventOK) {
throw new RuntimeException("Secondary events missing");
}

}
}
1 change: 1 addition & 0 deletions test/lib/jdk/test/lib/jfr/EventNames.java
Expand Up @@ -201,6 +201,7 @@ public class EventNames {
public static final String X509Validation = PREFIX + "X509Validation";
public static final String InitialSecurityProperty = PREFIX + "InitialSecurityProperty";
public static final String SecurityProperty = PREFIX + "SecurityPropertyModification";
public final static String SecurityProviderService = PREFIX + "SecurityProviderService";
public static final String DirectBufferStatistics = PREFIX + "DirectBufferStatistics";
public static final String Deserialization = PREFIX + "Deserialization";

Expand Down

1 comment on commit 394a756

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.