From 1b1355c222099d0d73fc5cb66b78dfa6215b22da Mon Sep 17 00:00:00 2001 From: Chris Hegarty Date: Wed, 25 Jul 2018 10:08:39 +0100 Subject: [PATCH] 8207846: Generalize the jdk.net.includeInExceptions security property Reviewed-by: alanb, michaelm, rriggs, mullan --- .../sun/net/util/SocketExceptions.java | 2 +- .../share/conf/security/java.security | 28 ++++++---- test/jdk/java/net/Socket/ExceptionText.java | 56 +++++++++++++------ 3 files changed, 59 insertions(+), 27 deletions(-) diff --git a/src/java.base/share/classes/sun/net/util/SocketExceptions.java b/src/java.base/share/classes/sun/net/util/SocketExceptions.java index bce0ab68d33..6812c4ce8e2 100644 --- a/src/java.base/share/classes/sun/net/util/SocketExceptions.java +++ b/src/java.base/share/classes/sun/net/util/SocketExceptions.java @@ -44,7 +44,7 @@ public final class SocketExceptions { * The property value is a comma separated list of * case insignificant category names. */ - private static final String enhancedTextPropname = "jdk.net.includeInExceptions"; + private static final String enhancedTextPropname = "jdk.includeInExceptions"; private static final boolean enhancedExceptionText = initTextProp(); diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security index 1e4f9d99b33..3ed513c784c 100644 --- a/src/java.base/share/conf/security/java.security +++ b/src/java.base/share/conf/security/java.security @@ -1061,14 +1061,22 @@ jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep java.base/java.security.KeyRep$Type;java.base/javax.crypto.spec.SecretKeySpec;!* # -# Enhanced exception message text +# Enhanced exception message information # -# By default, socket exception messages do not include potentially sensitive -# information such as hostnames or port numbers. This property may be set to one -# or more values, separated by commas, and with no white-space. Each value -# represents a category of enhanced information. Currently, the only category defined -# is "hostInfo" which enables more detailed information in the IOExceptions -# thrown by java.net.Socket and also the socket types in the java.nio.channels package. -# The setting in this file can be overridden by a system property of the same name -# and with the same syntax and possible values. -#jdk.net.includeInExceptions=hostInfo +# By default, exception messages should not include potentially sensitive +# information such as file names, host names, or port numbers. This property +# accepts one or more comma separated values, each of which represents a +# category of enhanced exception message information to enable. Values are +# case-insensitive. Leading and trailing whitespaces, surrounding each value, +# are ignored. Unknown values are ignored. +# +# The categories are: +# +# hostInfo - IOExceptions thrown by java.net.Socket and the socket types in the +# java.nio.channels package will contain enhanced exception +# message information +# +# The property setting in this file can be overridden by a system property of +# the same name, with the same syntax and possible values. +# +#jdk.includeInExceptions=hostInfo diff --git a/test/jdk/java/net/Socket/ExceptionText.java b/test/jdk/java/net/Socket/ExceptionText.java index 8be962a4dc1..a6adbef6dfb 100644 --- a/test/jdk/java/net/Socket/ExceptionText.java +++ b/test/jdk/java/net/Socket/ExceptionText.java @@ -25,18 +25,43 @@ * @test * @library /test/lib * @build jdk.test.lib.Utils - * @bug 8204233 + * @bug 8204233 8207846 * @summary Add configurable option for enhanced socket IOException messages - * @run main/othervm ExceptionText - * @run main/othervm -Djdk.net.includeInExceptions= ExceptionText - * @run main/othervm -Djdk.net.includeInExceptions=hostInfo ExceptionText - * @run main/othervm -Djdk.net.includeInExceptions=somethingElse ExceptionText + * @run main/othervm + * ExceptionText + * WITHOUT_Enhanced_Text + * @run main/othervm + * -Djdk.includeInExceptions= + * ExceptionText + * WITHOUT_Enhanced_Text + * @run main/othervm + * -Djdk.includeInExceptions=somethingElse + * ExceptionText + * WITHOUT_Enhanced_Text + * @run main/othervm + * -Djdk.includeInExceptions=blah,blah,blah, + * ExceptionText + * WITHOUT_Enhanced_Text + * @run main/othervm + * -Djdk.includeInExceptions=hostInfo + * ExceptionText + * expectEnhancedText + * @run main/othervm + * -Djdk.includeInExceptions=foo,hostinfo,bar + * ExceptionText + * expectEnhancedText + * @run main/othervm + * -Djdk.includeInExceptions=",HOSTINFO," + * ExceptionText + * expectEnhancedText */ -import java.net.*; import java.io.IOException; +import java.net.InetSocketAddress; +import java.net.Socket; +import java.nio.channels.AsynchronousSocketChannel; import java.nio.channels.ClosedChannelException; -import java.nio.channels.*; +import java.nio.channels.SocketChannel; import java.util.concurrent.ExecutionException; import jdk.test.lib.Utils; @@ -44,16 +69,15 @@ public class ExceptionText { enum TestTarget {SOCKET, CHANNEL, ASYNC_CHANNEL}; - static boolean propEnabled() { - String val = System.getProperty("jdk.net.includeInExceptions"); - if ("hostinfo".equalsIgnoreCase(val)) - return true; - return false; - } - public static void main(String args[]) throws Exception { - boolean prop = propEnabled(); - test(prop); + String passOrFail = args[0]; + boolean expectEnhancedText; + if (passOrFail.equals("expectEnhancedText")) { + expectEnhancedText = true; + } else { + expectEnhancedText = false; + } + test(expectEnhancedText); } static final InetSocketAddress dest = Utils.refusingEndpoint();