Mercurial > hg > openjdk > jdk8u > jdk
changeset 14450:497370175665
8242565: Policy initialization issues when the denyAfter constraint is enabled
Reviewed-by: andrew, sgehwolf
| author | abakhtin |
|---|---|
| date | Mon, 17 May 2021 17:07:49 +0300 |
| parents | 1fa2e83e4e7f |
| children | f9073d041c9d |
| files | src/share/classes/sun/security/jca/Providers.java src/share/classes/sun/security/tools/KeyStoreUtil.java src/share/classes/sun/security/tools/jarsigner/Main.java src/share/classes/sun/security/tools/keytool/Main.java test/java/security/Policy/SignedJar/SignedJarTest.java test/java/security/Policy/SignedJar/java.security |
| diffstat | 6 files changed, 18 insertions(+), 14 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/jca/Providers.java Sat Feb 15 10:23:07 2014 +0800 +++ b/src/share/classes/sun/security/jca/Providers.java Mon May 17 17:07:49 2021 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -86,6 +86,7 @@ // Note: SunEC *is* in a signed JAR file, but it's not signed // by EC itself. So it's still safe to be listed here. "sun.security.ec.SunEC", + "com.sun.crypto.provider.SunJCE", BACKUP_PROVIDER_CLASSNAME, };
--- a/src/share/classes/sun/security/tools/KeyStoreUtil.java Sat Feb 15 10:23:07 2014 +0800 +++ b/src/share/classes/sun/security/tools/KeyStoreUtil.java Mon May 17 17:07:49 2021 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,6 +39,7 @@ import java.text.Collator; import java.util.Locale; +import java.util.ResourceBundle; /** * <p> This class provides several utilities to <code>KeyStore</code>. @@ -53,12 +54,6 @@ private static final String JKS = "jks"; - private static final Collator collator = Collator.getInstance(); - static { - // this is for case insensitive string comparisons - collator.setStrength(Collator.PRIMARY); - }; - /** * Returns true if the certificate is self-signed, false otherwise. */ @@ -123,7 +118,8 @@ } public static char[] getPassWithModifier(String modifier, String arg, - java.util.ResourceBundle rb) { + ResourceBundle rb, + Collator collator) { if (modifier == null) { return arg.toCharArray(); } else if (collator.compare(modifier, "env") == 0) {
--- a/src/share/classes/sun/security/tools/jarsigner/Main.java Sat Feb 15 10:23:07 2014 +0800 +++ b/src/share/classes/sun/security/tools/jarsigner/Main.java Mon May 17 17:07:49 2021 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -521,7 +521,8 @@ } static char[] getPass(String modifier, String arg) { - char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb); + char[] output = + KeyStoreUtil.getPassWithModifier(modifier, arg, rb, collator); if (output != null) return output; usage(); return null; // Useless, usage() already exit
--- a/src/share/classes/sun/security/tools/keytool/Main.java Sat Feb 15 10:23:07 2014 +0800 +++ b/src/share/classes/sun/security/tools/keytool/Main.java Mon May 17 17:07:49 2021 +0300 @@ -4526,7 +4526,8 @@ } private char[] getPass(String modifier, String arg) { - char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb); + char[] output = + KeyStoreUtil.getPassWithModifier(modifier, arg, rb, collator); if (output != null) return output; tinyHelp(); return null; // Useless, tinyHelp() already exits.
--- a/test/java/security/Policy/SignedJar/SignedJarTest.java Sat Feb 15 10:23:07 2014 +0800 +++ b/test/java/security/Policy/SignedJar/SignedJarTest.java Mon May 17 17:07:49 2021 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,7 +32,7 @@ /** * @test - * @bug 8048360 + * @bug 8048360 8242565 * @summary test policy entry with signedBy alias * @library /lib/testlibrary * @run main/othervm SignedJarTest @@ -52,6 +52,7 @@ private static final String POLICY2 = "SignedJarTest_2.policy"; private static final String KEYSTORE1 = "both.jks"; private static final String KEYSTORE2 = "first.jks"; + private static final String SECPROPS = TESTSRC + FS + "java.security"; public static void main(String args[]) throws Throwable { //copy PrivilegeTest.class, policy files and keystore password file into current direcotry @@ -147,6 +148,7 @@ "-classpath", classpath, "-Djava.security.manager", "-Djava.security.policy=" + policy, + "-Djava.security.properties=" + SECPROPS, "PrivilegeTest", arg1, arg2}; return cmd;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/security/Policy/SignedJar/java.security Mon May 17 17:07:49 2021 +0300 @@ -0,0 +1,3 @@ +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024, include jdk.disabled.namedCurves, \ + SHA1 jdkCA & denyAfter 2019-01-01