Mercurial > hg > icedtea7-forest-aarch64 > jdk
changeset 8101:e5d92012ceca
Merge
| author | asaha |
|---|---|
| date | Mon, 07 Jul 2014 09:55:36 -0700 |
| parents | b4ce1799ced9 (current diff) 5b9e9506bd57 (diff) |
| children | bc98cecdab4c |
| files | |
| diffstat | 13 files changed, 199 insertions(+), 37 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java Wed Jul 02 11:38:18 2014 -0700 +++ b/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java Mon Jul 07 09:55:36 2014 -0700 @@ -25,6 +25,8 @@ import java.io.InputStream; import java.security.AccessController; import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.List; @@ -35,6 +37,7 @@ import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper; import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm; import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer; +import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException; import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolver; import com.sun.org.apache.xml.internal.security.transforms.Transform; import com.sun.org.apache.xml.internal.security.utils.ElementProxy; @@ -118,43 +121,50 @@ log.log(java.util.logging.Level.FINE, "Registering default algorithms"); } try { - // - // Bind the default prefixes - // - ElementProxy.registerDefaultPrefixes(); + AccessController.doPrivileged(new PrivilegedExceptionAction<Void>(){ + @Override public Void run() throws XMLSecurityException { + // + // Bind the default prefixes + // + ElementProxy.registerDefaultPrefixes(); - // - // Set the default Transforms - // - Transform.registerDefaultAlgorithms(); + // + // Set the default Transforms + // + Transform.registerDefaultAlgorithms(); - // - // Set the default signature algorithms - // - SignatureAlgorithm.registerDefaultAlgorithms(); + // + // Set the default signature algorithms + // + SignatureAlgorithm.registerDefaultAlgorithms(); + + // + // Set the default JCE algorithms + // + JCEMapper.registerDefaultAlgorithms(); - // - // Set the default JCE algorithms - // - JCEMapper.registerDefaultAlgorithms(); + // + // Set the default c14n algorithms + // + Canonicalizer.registerDefaultAlgorithms(); - // - // Set the default c14n algorithms - // - Canonicalizer.registerDefaultAlgorithms(); + // + // Register the default resolvers + // + ResourceResolver.registerDefaultResolvers(); - // - // Register the default resolvers - // - ResourceResolver.registerDefaultResolvers(); + // + // Register the default key resolvers + // + KeyResolver.registerDefaultResolvers(); - // - // Register the default key resolvers - // - KeyResolver.registerDefaultResolvers(); - } catch (Exception ex) { - log.log(java.util.logging.Level.SEVERE, ex.getMessage(), ex); - ex.printStackTrace(); + return null; + } + }); + } catch (PrivilegedActionException ex) { + XMLSecurityException xse = (XMLSecurityException)ex.getException(); + log.log(java.util.logging.Level.SEVERE, xse.getMessage(), xse); + xse.printStackTrace(); } }
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java Wed Jul 02 11:38:18 2014 -0700 +++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java Mon Jul 07 09:55:36 2014 -0700 @@ -27,6 +27,7 @@ import com.sun.org.apache.xml.internal.security.encryption.XMLCipher; import com.sun.org.apache.xml.internal.security.signature.XMLSignature; +import com.sun.org.apache.xml.internal.security.utils.JavaUtils; import org.w3c.dom.Element; @@ -49,8 +50,11 @@ * * @param id * @param algorithm + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to register the JCE algorithm */ public static void register(String id, Algorithm algorithm) { + JavaUtils.checkRegisterPermission(); algorithmsMap.put(id, algorithm); } @@ -264,8 +268,11 @@ /** * Sets the default Provider for obtaining the security algorithms * @param provider the default providerId. + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to set the JCE provider */ public static void setProviderId(String provider) { + JavaUtils.checkRegisterPermission(); providerName = provider; }
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java Wed Jul 02 11:38:18 2014 -0700 +++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java Mon Jul 07 09:55:36 2014 -0700 @@ -37,6 +37,7 @@ import com.sun.org.apache.xml.internal.security.signature.XMLSignature; import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException; import com.sun.org.apache.xml.internal.security.utils.Constants; +import com.sun.org.apache.xml.internal.security.utils.JavaUtils; import org.w3c.dom.Attr; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -314,18 +315,21 @@ } /** - * Registers implementing class of the Transform algorithm with algorithmURI + * Registers implementing class of the SignatureAlgorithm with algorithmURI * - * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>. + * @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>. * @param implementingClass <code>implementingClass</code> the implementing class of * {@link SignatureAlgorithmSpi} * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered * @throws XMLSignatureException + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to register the signature algorithm */ @SuppressWarnings("unchecked") public static void register(String algorithmURI, String implementingClass) throws AlgorithmAlreadyRegisteredException, ClassNotFoundException, XMLSignatureException { + JavaUtils.checkRegisterPermission(); if (log.isLoggable(java.util.logging.Level.FINE)) { log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass); } @@ -352,15 +356,18 @@ /** * Registers implementing class of the Transform algorithm with algorithmURI * - * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>. + * @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>. * @param implementingClass <code>implementingClass</code> the implementing class of * {@link SignatureAlgorithmSpi} * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered * @throws XMLSignatureException + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to register the signature algorithm */ public static void register(String algorithmURI, Class<? extends SignatureAlgorithmSpi> implementingClass) throws AlgorithmAlreadyRegisteredException, ClassNotFoundException, XMLSignatureException { + JavaUtils.checkRegisterPermission(); if (log.isLoggable(java.util.logging.Level.FINE)) { log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass); }
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java Wed Jul 02 11:38:18 2014 -0700 +++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java Mon Jul 07 09:55:36 2014 -0700 @@ -40,6 +40,7 @@ import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315OmitComments; import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315WithComments; import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException; +import com.sun.org.apache.xml.internal.security.utils.JavaUtils; import org.w3c.dom.Document; import org.w3c.dom.Node; import org.w3c.dom.NodeList; @@ -136,10 +137,13 @@ * @param algorithmURI * @param implementingClass * @throws AlgorithmAlreadyRegisteredException + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to register the canonicalizer */ @SuppressWarnings("unchecked") public static void register(String algorithmURI, String implementingClass) throws AlgorithmAlreadyRegisteredException, ClassNotFoundException { + JavaUtils.checkRegisterPermission(); // check whether URI is already registered Class<? extends CanonicalizerSpi> registeredClass = canonicalizerHash.get(algorithmURI); @@ -160,9 +164,12 @@ * @param algorithmURI * @param implementingClass * @throws AlgorithmAlreadyRegisteredException + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to register the canonicalizer */ - public static void register(String algorithmURI, Class<CanonicalizerSpi> implementingClass) + public static void register(String algorithmURI, Class<? extends CanonicalizerSpi> implementingClass) throws AlgorithmAlreadyRegisteredException, ClassNotFoundException { + JavaUtils.checkRegisterPermission(); // check whether URI is already registered Class<? extends CanonicalizerSpi> registeredClass = canonicalizerHash.get(algorithmURI);
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java Wed Jul 02 11:38:18 2014 -0700 +++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java Mon Jul 07 09:55:36 2014 -0700 @@ -39,6 +39,7 @@ import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.X509SKIResolver; import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.X509SubjectNameResolver; import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver; +import com.sun.org.apache.xml.internal.security.utils.JavaUtils; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -172,9 +173,12 @@ * @throws InstantiationException * @throws IllegalAccessException * @throws ClassNotFoundException + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to register the key resolver */ public static void register(String className, boolean globalResolver) throws ClassNotFoundException, IllegalAccessException, InstantiationException { + JavaUtils.checkRegisterPermission(); KeyResolverSpi keyResolverSpi = (KeyResolverSpi) Class.forName(className).newInstance(); keyResolverSpi.setGlobalResolver(globalResolver); @@ -192,8 +196,11 @@ * * @param className * @param globalResolver Whether the KeyResolverSpi is a global resolver or not + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to register the key resolver */ public static void registerAtStart(String className, boolean globalResolver) { + JavaUtils.checkRegisterPermission(); KeyResolverSpi keyResolverSpi = null; Exception ex = null; try { @@ -225,11 +232,14 @@ * * @param keyResolverSpi a KeyResolverSpi instance to register * @param start whether to register the KeyResolverSpi at the start of the list or not + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to register the key resolver */ public static void register( KeyResolverSpi keyResolverSpi, boolean start ) { + JavaUtils.checkRegisterPermission(); KeyResolver resolver = new KeyResolver(keyResolverSpi); if (start) { resolverVector.add(0, resolver); @@ -251,9 +261,12 @@ * @throws InstantiationException * @throws IllegalAccessException * @throws ClassNotFoundException + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to register the key resolver */ public static void registerClassNames(List<String> classNames) throws ClassNotFoundException, IllegalAccessException, InstantiationException { + JavaUtils.checkRegisterPermission(); List<KeyResolver> keyResolverList = new ArrayList<KeyResolver>(classNames.size()); for (String className : classNames) { KeyResolverSpi keyResolverSpi =
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java Wed Jul 02 11:38:18 2014 -0700 +++ b/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java Mon Jul 07 09:55:36 2014 -0700 @@ -46,6 +46,7 @@ import com.sun.org.apache.xml.internal.security.transforms.implementations.TransformXSLT; import com.sun.org.apache.xml.internal.security.utils.Constants; import com.sun.org.apache.xml.internal.security.utils.HelperNodeList; +import com.sun.org.apache.xml.internal.security.utils.JavaUtils; import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy; import com.sun.org.apache.xml.internal.security.utils.XMLUtils; import org.w3c.dom.Document; @@ -181,11 +182,14 @@ * class of {@link TransformSpi} * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI * is already registered + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to register the transform */ @SuppressWarnings("unchecked") public static void register(String algorithmURI, String implementingClass) throws AlgorithmAlreadyRegisteredException, ClassNotFoundException, InvalidTransformException { + JavaUtils.checkRegisterPermission(); // are we already registered? Class<? extends TransformSpi> transformSpi = transformSpiHash.get(algorithmURI); if (transformSpi != null) { @@ -206,9 +210,12 @@ * class of {@link TransformSpi} * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI * is already registered + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to register the transform */ public static void register(String algorithmURI, Class<? extends TransformSpi> implementingClass) throws AlgorithmAlreadyRegisteredException { + JavaUtils.checkRegisterPermission(); // are we already registered? Class<? extends TransformSpi> transformSpi = transformSpiHash.get(algorithmURI); if (transformSpi != null) {
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java Wed Jul 02 11:38:18 2014 -0700 +++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java Mon Jul 07 09:55:36 2014 -0700 @@ -468,9 +468,12 @@ * @param namespace * @param prefix * @throws XMLSecurityException + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to set the default prefix */ public static void setDefaultPrefix(String namespace, String prefix) throws XMLSecurityException { + JavaUtils.checkRegisterPermission(); if (prefixMappings.containsValue(prefix)) { String storedPrefix = prefixMappings.get(namespace); if (!storedPrefix.equals(prefix)) {
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java Wed Jul 02 11:38:18 2014 -0700 +++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java Mon Jul 07 09:55:36 2014 -0700 @@ -26,6 +26,7 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; +import java.security.SecurityPermission; /** * A collection of different, general-purpose methods for JAVA-specific things @@ -37,6 +38,10 @@ static java.util.logging.Logger log = java.util.logging.Logger.getLogger(JavaUtils.class.getName()); + private static final SecurityPermission REGISTER_PERMISSION = + new SecurityPermission( + "com.sun.org.apache.xml.internal.security.register"); + private JavaUtils() { // we don't allow instantiation } @@ -128,4 +133,21 @@ refBytes = baos.toByteArray(); return refBytes; } + + /** + * Throws a {@code SecurityException} if a security manager is installed + * and the caller is not allowed to register an implementation of an + * algorithm, transform, or other security sensitive XML Signature function. + * + * @throws SecurityException if a security manager is installed and the + * caller has not been granted the + * {@literal "com.sun.org.apache.xml.internal.security.register"} + * {@code SecurityPermission} + */ + public static void checkRegisterPermission() { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(REGISTER_PERMISSION); + } + } }
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java Wed Jul 02 11:38:18 2014 -0700 +++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java Mon Jul 07 09:55:36 2014 -0700 @@ -79,16 +79,22 @@ /** * Set the prefix for the digital signature namespace * @param prefix the new prefix for the digital signature namespace + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to set the prefix */ public static void setDsPrefix(String prefix) { + JavaUtils.checkRegisterPermission(); dsPrefix = prefix; } /** * Set the prefix for the encryption namespace * @param prefix the new prefix for the encryption namespace + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to set the prefix */ public static void setXencPrefix(String prefix) { + JavaUtils.checkRegisterPermission(); xencPrefix = prefix; }
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java Wed Jul 02 11:38:18 2014 -0700 +++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java Mon Jul 07 09:55:36 2014 -0700 @@ -27,6 +27,7 @@ import java.util.Map; import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput; +import com.sun.org.apache.xml.internal.security.utils.JavaUtils; import com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP; import com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment; import com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverLocalFilesystem; @@ -192,9 +193,12 @@ * the class cannot be registered. * * @param className the name of the ResourceResolverSpi class to be registered + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to register a resource resolver */ @SuppressWarnings("unchecked") public static void register(String className) { + JavaUtils.checkRegisterPermission(); try { Class<ResourceResolverSpi> resourceResolverClass = (Class<ResourceResolverSpi>) Class.forName(className); @@ -209,9 +213,12 @@ * list. This method logs a warning if the class cannot be registered. * * @param className the name of the ResourceResolverSpi class to be registered + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to register a resource resolver */ @SuppressWarnings("unchecked") public static void registerAtStart(String className) { + JavaUtils.checkRegisterPermission(); try { Class<ResourceResolverSpi> resourceResolverClass = (Class<ResourceResolverSpi>) Class.forName(className); @@ -226,8 +233,11 @@ * cannot be registered. * @param className * @param start + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to register a resource resolver */ public static void register(Class<? extends ResourceResolverSpi> className, boolean start) { + JavaUtils.checkRegisterPermission(); try { ResourceResolverSpi resourceResolverSpi = className.newInstance(); register(resourceResolverSpi, start); @@ -243,8 +253,11 @@ * cannot be registered. * @param resourceResolverSpi * @param start + * @throws SecurityException if a security manager is installed and the + * caller does not have permission to register a resource resolver */ public static void register(ResourceResolverSpi resourceResolverSpi, boolean start) { + JavaUtils.checkRegisterPermission(); synchronized(resolverList) { if (start) { resolverList.add(0, new ResourceResolver(resourceResolverSpi));
--- a/src/share/classes/java/util/ResourceBundle.java Wed Jul 02 11:38:18 2014 -0700 +++ b/src/share/classes/java/util/ResourceBundle.java Mon Jul 07 09:55:36 2014 -0700 @@ -2577,7 +2577,10 @@ } catch (ClassNotFoundException e) { } } else if (format.equals("java.properties")) { - final String resourceName = toResourceName(bundleName, "properties"); + final String resourceName = toResourceName0(bundleName, "properties"); + if (resourceName == null) { + return bundle; + } final ClassLoader classLoader = loader; final boolean reloadFlag = reload; InputStream stream = null; @@ -2731,7 +2734,10 @@ } boolean result = false; try { - String resourceName = toResourceName(toBundleName(baseName, locale), format); + String resourceName = toResourceName0(toBundleName(baseName, locale), format); + if (resourceName == null) { + return result; + } URL url = loader.getResource(resourceName); if (url != null) { long lastModified = 0; @@ -2865,6 +2871,15 @@ sb.append(bundleName.replace('.', '/')).append('.').append(suffix); return sb.toString(); } + + private String toResourceName0(String bundleName, String suffix) { + // application protocol check + if (bundleName.contains("://")) { + return null; + } else { + return toResourceName(bundleName, suffix); + } + } } private static class SingleFormatControl extends Control {
--- a/src/share/classes/sun/awt/image/FileImageSource.java Wed Jul 02 11:38:18 2014 -0700 +++ b/src/share/classes/sun/awt/image/FileImageSource.java Mon Jul 07 09:55:36 2014 -0700 @@ -48,6 +48,10 @@ } protected ImageDecoder getDecoder() { + if (imagefile == null) { + return null; + } + InputStream is; try { is = new BufferedInputStream(new FileInputStream(imagefile));
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/awt/image/ImageIconHang.java Mon Jul 07 09:55:36 2014 -0700 @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.awt.*; + +/* + * @test + * @bug 8032788 + * @summary Checks that null filename argument is processed correctly + * + * @run main ImageIconHang + */ +public class ImageIconHang { + public static void main(String[] args) throws Exception { + Image image = Toolkit.getDefaultToolkit().getImage((String) null); + MediaTracker mt = new MediaTracker(new Component() {}); + mt.addImage(image, 1); + mt.waitForID(1, 5000); + + int status = mt.statusID(1, false); + + System.out.println("Status: " + status); + + if (status != MediaTracker.ERRORED) { + throw new RuntimeException("MediaTracker.waitForID() hung."); + } + } +}