# HG changeset patch # User abakhtin # Date 1621260469 -10800 # Node ID 497370175665d30af154e28239ee84b131d03677 # Parent 1fa2e83e4e7fe25da8bc9f63ad978f7003c76010 8242565: Policy initialization issues when the denyAfter constraint is enabled Reviewed-by: andrew, sgehwolf diff -r 1fa2e83e4e7f -r 497370175665 src/share/classes/sun/security/jca/Providers.java --- a/src/share/classes/sun/security/jca/Providers.java Sat Feb 15 10:23:07 2014 +0800 +++ b/src/share/classes/sun/security/jca/Providers.java Mon May 17 17:07:49 2021 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -86,6 +86,7 @@ // Note: SunEC *is* in a signed JAR file, but it's not signed // by EC itself. So it's still safe to be listed here. "sun.security.ec.SunEC", + "com.sun.crypto.provider.SunJCE", BACKUP_PROVIDER_CLASSNAME, }; diff -r 1fa2e83e4e7f -r 497370175665 src/share/classes/sun/security/tools/KeyStoreUtil.java --- a/src/share/classes/sun/security/tools/KeyStoreUtil.java Sat Feb 15 10:23:07 2014 +0800 +++ b/src/share/classes/sun/security/tools/KeyStoreUtil.java Mon May 17 17:07:49 2021 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,6 +39,7 @@ import java.text.Collator; import java.util.Locale; +import java.util.ResourceBundle; /** *
This class provides several utilities to KeyStore
.
@@ -53,12 +54,6 @@
private static final String JKS = "jks";
- private static final Collator collator = Collator.getInstance();
- static {
- // this is for case insensitive string comparisons
- collator.setStrength(Collator.PRIMARY);
- };
-
/**
* Returns true if the certificate is self-signed, false otherwise.
*/
@@ -123,7 +118,8 @@
}
public static char[] getPassWithModifier(String modifier, String arg,
- java.util.ResourceBundle rb) {
+ ResourceBundle rb,
+ Collator collator) {
if (modifier == null) {
return arg.toCharArray();
} else if (collator.compare(modifier, "env") == 0) {
diff -r 1fa2e83e4e7f -r 497370175665 src/share/classes/sun/security/tools/jarsigner/Main.java
--- a/src/share/classes/sun/security/tools/jarsigner/Main.java Sat Feb 15 10:23:07 2014 +0800
+++ b/src/share/classes/sun/security/tools/jarsigner/Main.java Mon May 17 17:07:49 2021 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -521,7 +521,8 @@
}
static char[] getPass(String modifier, String arg) {
- char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb);
+ char[] output =
+ KeyStoreUtil.getPassWithModifier(modifier, arg, rb, collator);
if (output != null) return output;
usage();
return null; // Useless, usage() already exit
diff -r 1fa2e83e4e7f -r 497370175665 src/share/classes/sun/security/tools/keytool/Main.java
--- a/src/share/classes/sun/security/tools/keytool/Main.java Sat Feb 15 10:23:07 2014 +0800
+++ b/src/share/classes/sun/security/tools/keytool/Main.java Mon May 17 17:07:49 2021 +0300
@@ -4526,7 +4526,8 @@
}
private char[] getPass(String modifier, String arg) {
- char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb);
+ char[] output =
+ KeyStoreUtil.getPassWithModifier(modifier, arg, rb, collator);
if (output != null) return output;
tinyHelp();
return null; // Useless, tinyHelp() already exits.
diff -r 1fa2e83e4e7f -r 497370175665 test/java/security/Policy/SignedJar/SignedJarTest.java
--- a/test/java/security/Policy/SignedJar/SignedJarTest.java Sat Feb 15 10:23:07 2014 +0800
+++ b/test/java/security/Policy/SignedJar/SignedJarTest.java Mon May 17 17:07:49 2021 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -32,7 +32,7 @@
/**
* @test
- * @bug 8048360
+ * @bug 8048360 8242565
* @summary test policy entry with signedBy alias
* @library /lib/testlibrary
* @run main/othervm SignedJarTest
@@ -52,6 +52,7 @@
private static final String POLICY2 = "SignedJarTest_2.policy";
private static final String KEYSTORE1 = "both.jks";
private static final String KEYSTORE2 = "first.jks";
+ private static final String SECPROPS = TESTSRC + FS + "java.security";
public static void main(String args[]) throws Throwable {
//copy PrivilegeTest.class, policy files and keystore password file into current direcotry
@@ -147,6 +148,7 @@
"-classpath", classpath,
"-Djava.security.manager",
"-Djava.security.policy=" + policy,
+ "-Djava.security.properties=" + SECPROPS,
"PrivilegeTest",
arg1, arg2};
return cmd;
diff -r 1fa2e83e4e7f -r 497370175665 test/java/security/Policy/SignedJar/java.security
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/security/Policy/SignedJar/java.security Mon May 17 17:07:49 2021 +0300
@@ -0,0 +1,3 @@
+jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
+ DSA keySize < 1024, include jdk.disabled.namedCurves, \
+ SHA1 jdkCA & denyAfter 2019-01-01