# HG changeset patch # User abakhtin # Date 1621260469 -10800 # Node ID 497370175665d30af154e28239ee84b131d03677 # Parent 1fa2e83e4e7fe25da8bc9f63ad978f7003c76010 8242565: Policy initialization issues when the denyAfter constraint is enabled Reviewed-by: andrew, sgehwolf diff -r 1fa2e83e4e7f -r 497370175665 src/share/classes/sun/security/jca/Providers.java --- a/src/share/classes/sun/security/jca/Providers.java Sat Feb 15 10:23:07 2014 +0800 +++ b/src/share/classes/sun/security/jca/Providers.java Mon May 17 17:07:49 2021 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -86,6 +86,7 @@ // Note: SunEC *is* in a signed JAR file, but it's not signed // by EC itself. So it's still safe to be listed here. "sun.security.ec.SunEC", + "com.sun.crypto.provider.SunJCE", BACKUP_PROVIDER_CLASSNAME, }; diff -r 1fa2e83e4e7f -r 497370175665 src/share/classes/sun/security/tools/KeyStoreUtil.java --- a/src/share/classes/sun/security/tools/KeyStoreUtil.java Sat Feb 15 10:23:07 2014 +0800 +++ b/src/share/classes/sun/security/tools/KeyStoreUtil.java Mon May 17 17:07:49 2021 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,6 +39,7 @@ import java.text.Collator; import java.util.Locale; +import java.util.ResourceBundle; /** *

This class provides several utilities to KeyStore. @@ -53,12 +54,6 @@ private static final String JKS = "jks"; - private static final Collator collator = Collator.getInstance(); - static { - // this is for case insensitive string comparisons - collator.setStrength(Collator.PRIMARY); - }; - /** * Returns true if the certificate is self-signed, false otherwise. */ @@ -123,7 +118,8 @@ } public static char[] getPassWithModifier(String modifier, String arg, - java.util.ResourceBundle rb) { + ResourceBundle rb, + Collator collator) { if (modifier == null) { return arg.toCharArray(); } else if (collator.compare(modifier, "env") == 0) { diff -r 1fa2e83e4e7f -r 497370175665 src/share/classes/sun/security/tools/jarsigner/Main.java --- a/src/share/classes/sun/security/tools/jarsigner/Main.java Sat Feb 15 10:23:07 2014 +0800 +++ b/src/share/classes/sun/security/tools/jarsigner/Main.java Mon May 17 17:07:49 2021 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -521,7 +521,8 @@ } static char[] getPass(String modifier, String arg) { - char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb); + char[] output = + KeyStoreUtil.getPassWithModifier(modifier, arg, rb, collator); if (output != null) return output; usage(); return null; // Useless, usage() already exit diff -r 1fa2e83e4e7f -r 497370175665 src/share/classes/sun/security/tools/keytool/Main.java --- a/src/share/classes/sun/security/tools/keytool/Main.java Sat Feb 15 10:23:07 2014 +0800 +++ b/src/share/classes/sun/security/tools/keytool/Main.java Mon May 17 17:07:49 2021 +0300 @@ -4526,7 +4526,8 @@ } private char[] getPass(String modifier, String arg) { - char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb); + char[] output = + KeyStoreUtil.getPassWithModifier(modifier, arg, rb, collator); if (output != null) return output; tinyHelp(); return null; // Useless, tinyHelp() already exits. diff -r 1fa2e83e4e7f -r 497370175665 test/java/security/Policy/SignedJar/SignedJarTest.java --- a/test/java/security/Policy/SignedJar/SignedJarTest.java Sat Feb 15 10:23:07 2014 +0800 +++ b/test/java/security/Policy/SignedJar/SignedJarTest.java Mon May 17 17:07:49 2021 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,7 +32,7 @@ /** * @test - * @bug 8048360 + * @bug 8048360 8242565 * @summary test policy entry with signedBy alias * @library /lib/testlibrary * @run main/othervm SignedJarTest @@ -52,6 +52,7 @@ private static final String POLICY2 = "SignedJarTest_2.policy"; private static final String KEYSTORE1 = "both.jks"; private static final String KEYSTORE2 = "first.jks"; + private static final String SECPROPS = TESTSRC + FS + "java.security"; public static void main(String args[]) throws Throwable { //copy PrivilegeTest.class, policy files and keystore password file into current direcotry @@ -147,6 +148,7 @@ "-classpath", classpath, "-Djava.security.manager", "-Djava.security.policy=" + policy, + "-Djava.security.properties=" + SECPROPS, "PrivilegeTest", arg1, arg2}; return cmd; diff -r 1fa2e83e4e7f -r 497370175665 test/java/security/Policy/SignedJar/java.security --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/security/Policy/SignedJar/java.security Mon May 17 17:07:49 2021 +0300 @@ -0,0 +1,3 @@ +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024, include jdk.disabled.namedCurves, \ + SHA1 jdkCA & denyAfter 2019-01-01