stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8291974: PrivateCredentialPermission should not use local variable to enable debugging

Browse Source 
Reviewed-by: mullan
This commit is contained in:
Mark Powers 2022-10-31 19:55:47 +00:00 committed by Sean Mullan
parent 590de37bd7
commit 8480f87044
2 changed files with 79 additions and 22 deletions
src/java.base/share/classes/javax/security/auth
PrivateCredentialPermission.java
test/jdk/javax/security/auth/PrivateCredentialPermission
Serial2.java

22
src/java.base/share/classes/javax/security/auth/PrivateCredentialPermission.java

@ -124,11 +124,6 @@ public final class PrivateCredentialPermission extends Permission {
private Set<Principal> principals; // ignored - kept around for compatibility
private transient CredOwner[] credOwners;
/**
* @serial
*/
private final boolean testing = false;
/**
* Create a new {@code PrivateCredentialPermission}
* with the specified {@code credentialClass} and Principals.
@ -317,13 +312,8 @@ public final class PrivateCredentialPermission extends Permission {
String principalClass;
String principalName;
if (testing)
System.out.println("whole name = " + name);
// get the Credential Class
credentialClass = tokenizer.nextToken();
if (testing)
System.out.println("Credential Class = " + credentialClass);
if (!tokenizer.hasMoreTokens()) {
MessageFormat form = new MessageFormat(ResourcesMgr.getString
@ -341,8 +331,6 @@ public final class PrivateCredentialPermission extends Permission {
// get the Principal Class
principalClass = tokenizer.nextToken();
if (testing)
System.out.println(" Principal Class = " + principalClass);
if (!tokenizer.hasMoreTokens()) {
MessageFormat form = new MessageFormat(ResourcesMgr.getString
@ -391,9 +379,6 @@ public final class PrivateCredentialPermission extends Permission {
}
}
if (testing)
System.out.println("\tprincipalName = '" + principalName + "'");
principalName = principalName.substring
(1, principalName.length() - 1);
@ -403,9 +388,6 @@ public final class PrivateCredentialPermission extends Permission {
("PrivateCredentialPermission.Principal.Class.can.not.be.a.wildcard.value.if.Principal.Name.is.not.a.wildcard.value"));
}
if (testing)
System.out.println("\tprincipalName = '" + principalName + "'");
pList.add(new CredOwner(principalClass, principalName));
}
@ -419,10 +401,6 @@ public final class PrivateCredentialPermission extends Permission {
if (thisC == null || thatC == null)
return false;
if (testing)
System.out.println("credential class comparison: " +
thisC + "/" + thatC);
if (thisC.equals("*"))
return true;

79
test/jdk/javax/security/auth/PrivateCredentialPermission/Serial2.java Normal file

@ -0,0 +1,79 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8291974
* @summary PrivateCredentialPermission should not use local variable to enable debugging
* implementation-dependent class
*/
import javax.security.auth.*;
import java.io.*;
import java.util.*;
public class Serial2 {
/*
* Base64 encoding of Serialized PrivateCredentialPermission object
* before bug fix for JDK-8291974.
*/
static String before = """
rO0ABXNyAC9qYXZheC5zZWN1cml0eS5hdXRoLlByaXZhdGVDcmVkZW50aWFsUGVybW\
lzc2lvbklV3Hd7UH9MAgADWgAHdGVzdGluZ0wAD2NyZWRlbnRpYWxDbGFzc3QAEkxq\
YXZhL2xhbmcvU3RyaW5nO0wACnByaW5jaXBhbHN0AA9MamF2YS91dGlsL1NldDt4cg\
AYamF2YS5zZWN1cml0eS5QZXJtaXNzaW9uscbhPyhXUX4CAAFMAARuYW1lcQB+AAF4\
cHQAGWNyZWQxIHBjMSAicG4xIiBwYzIgInBuMiIAdAAFY3JlZDFw\
""";
public static void main(String[] args) {
byte[] decoded = Base64.getDecoder().decode(before);
try (
// Decode Base64 string and turn it into an input stream.
InputStream is = new ByteArrayInputStream(decoded);
ObjectInputStream ois = new ObjectInputStream(is)
) {
// Deserialize input stream and create a new object.
PrivateCredentialPermission pcp2 =
(PrivateCredentialPermission)ois.readObject();
PrivateCredentialPermission pcp =
new PrivateCredentialPermission
("cred1 pc1 \"pn1\" pc2 \"pn2\"", "read");
/*
* Compare deserialized object with current object.
* This should always succeed. What is important is
* that we get here without a deserialization exception.
*/
if (!pcp.equals(pcp2) || !pcp2.equals(pcp)) {
throw new SecurityException("Serial2 test failed: " +
"EQUALS TEST FAILED");
}
System.out.println("Serial2 test succeeded");
} catch (Exception e) {
throw new SecurityException("Serial test failed", e);
}
}
}