8155246: Throw error if default java.security file is missing

Backport-of: 9d7c13eb14c525485e7739fcfacd044aa3bbc12d
openjdk · Dec 27, 2022 · 6262937 · 6262937 · openjdk-notifier · Dec 27, 2022
1 parent e770114
commit 6262937
Show file tree

Hide file tree

Showing 4 changed files with 108 additions and 18 deletions.
diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
@@ -47,6 +47,9 @@
  * implementation-specific location, which is typically the properties file
  * {@code conf/security/java.security} in the Java installation directory.
  *
+ * @implNote If the properties file fails to load, the JDK implementation will
+ * throw an unspecified error when initializing the {@code Security} class.
+ *
  * @author Benjamin Renaud
  * @since 1.1
  */
@@ -186,28 +189,11 @@ private static void initialize() {
         }
 
         if (!loadedProps) {
-            initializeStatic();
-            if (sdebug != null) {
-                sdebug.println("unable to load security properties " +
-                        "-- using defaults");
-            }
+            throw new InternalError("java.security file missing");
         }
 
     }
 
-    /*
-     * Initialize to default values, if <java.home>/lib/java.security
-     * is not found.
-     */
-    private static void initializeStatic() {
-        props.put("security.provider.1", "sun.security.provider.Sun");
-        props.put("security.provider.2", "sun.security.rsa.SunRsaSign");
-        props.put("security.provider.3", "sun.security.ssl.SunJSSE");
-        props.put("security.provider.4", "com.sun.crypto.provider.SunJCE");
-        props.put("security.provider.5", "sun.security.jgss.SunProvider");
-        props.put("security.provider.6", "com.sun.security.sasl.Provider");
-    }
-
     /**
      * Don't let anyone instantiate this.
      */

diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
@@ -22,6 +22,9 @@
 # the command line, set the key security.overridePropertiesFile
 # to false in the master security properties file. It is set to true
 # by default.
+#
+# If this properties file fails to load, the JDK implementation will throw
+# an unspecified error when initializing the java.security.Security class.
 
 # In this file, various security properties are set for use by
 # java.security classes. This is where users can statically register

diff --git a/test/jdk/java/security/Security/ConfigFileTest.java b/test/jdk/java/security/Security/ConfigFileTest.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.process.ProcessTools;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.file.*;
+
+import java.security.Security;
+import java.util.Arrays;
+import java.util.Optional;
+
+/*
+ * @test
+ * @summary Throw error if default java.security file is missing
+ * @bug 8155246
+ * @library /test/lib
+ * @run main ConfigFileTest
+ */
+public class ConfigFileTest {
+
+    public static void main(String[] args) throws Exception {
+        Path copyJdkDir = Path.of("./jdk-8155246-tmpdir");
+        Path copiedJava = Optional.of(
+                        Path.of(copyJdkDir.toString(), "bin", "java"))
+                .orElseThrow(() -> new RuntimeException("Unable to locate new JDK")
+                );
+
+        if (args.length == 1) {
+            // set up is complete. Run code to exercise loading of java.security
+            System.out.println(Arrays.toString(Security.getProviders()));
+        } else {
+            Files.createDirectory(copyJdkDir);
+            Path jdkTestDir = Path.of(Optional.of(System.getProperty("test.jdk"))
+                            .orElseThrow(() -> new RuntimeException("Couldn't load JDK Test Dir"))
+            );
+
+            copyJDKMinusJavaSecurity(jdkTestDir, copyJdkDir);
+            String extraPropsFile = Path.of(System.getProperty("test.src"), "override.props").toString();
+
+            // exercise some debug flags while we're here
+            // launch JDK without java.security file being present or specified
+            exerciseSecurity(copiedJava.toString(), "-cp", System.getProperty("test.classes"),
+                    "-Djava.security.debug=all", "-Djavax.net.debug=all", "ConfigFileTest", "runner");
+
+            // test the override functionality also. Should not be allowed since
+            // "security.overridePropertiesFile=true" Security property is missing.
+            exerciseSecurity(copiedJava.toString(), "-cp", System.getProperty("test.classes"),
+                    "-Djava.security.debug=all", "-Djavax.net.debug=all",
+                    "-Djava.security.properties==file://" + extraPropsFile, "ConfigFileTest", "runner");
+        }
+    }
+
+    private static void exerciseSecurity(String... args) throws Exception {
+        ProcessBuilder process = new ProcessBuilder(args);
+        OutputAnalyzer oa = ProcessTools.executeProcess(process);
+        oa.shouldHaveExitValue(1).shouldContain("java.security file missing");
+    }
+
+    private static void copyJDKMinusJavaSecurity(Path src, Path dst) throws Exception {
+        Files.walk(src)
+            .skip(1)
+            .filter(p -> !p.toString().endsWith("java.security"))
+            .forEach(file -> {
+                try {
+                    Files.copy(file, dst.resolve(src.relativize(file)), StandardCopyOption.COPY_ATTRIBUTES);
+                } catch (IOException ioe) {
+                    throw new UncheckedIOException(ioe);
+                }
+            });
+    }
+}
diff --git a/test/jdk/java/security/Security/override.props b/test/jdk/java/security/Security/override.props
@@ -0,0 +1,7 @@
+security.provider.1=sun.security.provider.Sun
+security.provider.2=sun.security.rsa.SunRsaSign
+security.provider.3=sun.security.ssl.SunJSSE
+security.provider.4=com.sun.crypto.provider.SunJCE
+security.provider.5=sun.security.jgss.SunProvider
+security.provider.6=com.sun.security.sasl.Provider
+