8161527: NPE is thrown if exempt application is bundled with specific cryptoPerms
Reviewed-by: xuelei
This commit is contained in:
parent
da7a66e347
commit
8c0b4c0358
jdk
src/java.base/share/classes/javax/crypto
test
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -37,9 +37,7 @@ import java.io.InputStreamReader;
|
||||
import java.io.BufferedReader;
|
||||
import java.io.ObjectStreamField;
|
||||
import java.io.ObjectInputStream;
|
||||
import java.io.ObjectInputStream.GetField;
|
||||
import java.io.ObjectOutputStream;
|
||||
import java.io.ObjectOutputStream.PutField;
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
@ -132,15 +130,18 @@ implements Serializable {
|
||||
*
|
||||
* @see isReadOnly
|
||||
*/
|
||||
@Override
|
||||
public void add(Permission permission) {
|
||||
|
||||
if (isReadOnly())
|
||||
if (isReadOnly()) {
|
||||
throw new SecurityException("Attempt to add a Permission " +
|
||||
"to a readonly CryptoPermissions " +
|
||||
"object");
|
||||
}
|
||||
|
||||
if (!(permission instanceof CryptoPermission))
|
||||
if (!(permission instanceof CryptoPermission)) {
|
||||
return;
|
||||
}
|
||||
|
||||
CryptoPermission cryptoPerm = (CryptoPermission)permission;
|
||||
PermissionCollection pc =
|
||||
@ -161,6 +162,7 @@ implements Serializable {
|
||||
* in the PermissionCollection it belongs to, false if not.
|
||||
*
|
||||
*/
|
||||
@Override
|
||||
public boolean implies(Permission permission) {
|
||||
if (!(permission instanceof CryptoPermission)) {
|
||||
return false;
|
||||
@ -170,7 +172,13 @@ implements Serializable {
|
||||
|
||||
PermissionCollection pc =
|
||||
getPermissionCollection(cryptoPerm.getAlgorithm());
|
||||
return pc.implies(cryptoPerm);
|
||||
|
||||
if (pc != null) {
|
||||
return pc.implies(cryptoPerm);
|
||||
} else {
|
||||
// none found
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -179,6 +187,7 @@ implements Serializable {
|
||||
*
|
||||
* @return an enumeration of all the Permissions.
|
||||
*/
|
||||
@Override
|
||||
public Enumeration<Permission> elements() {
|
||||
// go through each Permissions in the hash table
|
||||
// and call their elements() function.
|
||||
@ -453,7 +462,7 @@ implements Serializable {
|
||||
final class PermissionsEnumerator implements Enumeration<Permission> {
|
||||
|
||||
// all the perms
|
||||
private Enumeration<PermissionCollection> perms;
|
||||
private final Enumeration<PermissionCollection> perms;
|
||||
// the current set
|
||||
private Enumeration<Permission> permset;
|
||||
|
||||
@ -462,17 +471,20 @@ final class PermissionsEnumerator implements Enumeration<Permission> {
|
||||
permset = getNextEnumWithMore();
|
||||
}
|
||||
|
||||
@Override
|
||||
public synchronized boolean hasMoreElements() {
|
||||
// if we enter with permissionimpl null, we know
|
||||
// there are no more left.
|
||||
|
||||
if (permset == null)
|
||||
if (permset == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// try to see if there are any left in the current one
|
||||
|
||||
if (permset.hasMoreElements())
|
||||
if (permset.hasMoreElements()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// get the next one that has something in it...
|
||||
permset = getNextEnumWithMore();
|
||||
@ -481,6 +493,7 @@ final class PermissionsEnumerator implements Enumeration<Permission> {
|
||||
return (permset != null);
|
||||
}
|
||||
|
||||
@Override
|
||||
public synchronized Permission nextElement() {
|
||||
// hasMoreElements will update permset to the next permset
|
||||
// with something in it...
|
||||
@ -496,8 +509,9 @@ final class PermissionsEnumerator implements Enumeration<Permission> {
|
||||
while (perms.hasMoreElements()) {
|
||||
PermissionCollection pc = perms.nextElement();
|
||||
Enumeration<Permission> next = pc.elements();
|
||||
if (next.hasMoreElements())
|
||||
if (next.hasMoreElements()) {
|
||||
return next;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
@ -23,8 +23,8 @@ exclusiveAccess.dirs=java/rmi/Naming java/util/prefs sun/management/jmxremote su
|
||||
# Group definitions
|
||||
groups=TEST.groups [closed/TEST.groups]
|
||||
|
||||
# Allow querying of sun.arch.data.model in @requires clauses
|
||||
requires.properties=sun.arch.data.model
|
||||
# Allow querying of various System properties in @requires clauses
|
||||
requires.properties=sun.arch.data.model java.runtime.name
|
||||
|
||||
# Tests using jtreg 4.2 b02 features
|
||||
requiredVersion=4.2 b02
|
||||
|
2
jdk/test/javax/crypto/CryptoPermissions/README.txt
Normal file
2
jdk/test/javax/crypto/CryptoPermissions/README.txt
Normal file
@ -0,0 +1,2 @@
|
||||
If TestExemption.java/cryptoPerms files ever change, please rebuild the
|
||||
corresponding signed jar file in the closed repo.
|
60
jdk/test/javax/crypto/CryptoPermissions/TestExemption.java
Normal file
60
jdk/test/javax/crypto/CryptoPermissions/TestExemption.java
Normal file
@ -0,0 +1,60 @@
|
||||
/*
|
||||
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Oracle designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Oracle in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
import javax.crypto.*;
|
||||
import java.security.*;
|
||||
|
||||
public class TestExemption {
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
|
||||
KeyGenerator kg = KeyGenerator.getInstance("AES");
|
||||
kg.init(128);
|
||||
SecretKey key128 = kg.generateKey();
|
||||
|
||||
kg.init(192);
|
||||
SecretKey key192 = kg.generateKey();
|
||||
|
||||
kg.init(256);
|
||||
SecretKey key256 = kg.generateKey();
|
||||
|
||||
Cipher c = Cipher.getInstance("AES/CBC/NoPadding");
|
||||
|
||||
System.out.println("Testing 128-bit");
|
||||
c.init(Cipher.ENCRYPT_MODE, key128);
|
||||
|
||||
System.out.println("Testing 192-bit");
|
||||
c.init(Cipher.ENCRYPT_MODE, key192);
|
||||
|
||||
try {
|
||||
System.out.println("Testing 256-bit");
|
||||
c.init(Cipher.ENCRYPT_MODE, key256);
|
||||
} catch (InvalidKeyException e) {
|
||||
System.out.println("Caught the right exception");
|
||||
}
|
||||
|
||||
System.out.println("DONE!");
|
||||
}
|
||||
}
|
79
jdk/test/javax/crypto/CryptoPermissions/TestExemption.sh
Normal file
79
jdk/test/javax/crypto/CryptoPermissions/TestExemption.sh
Normal file
@ -0,0 +1,79 @@
|
||||
#
|
||||
# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
#
|
||||
# This code is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License version 2 only, as
|
||||
# published by the Free Software Foundation.
|
||||
#
|
||||
# This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
# version 2 for more details (a copy is included in the LICENSE file that
|
||||
# accompanied this code).
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License version
|
||||
# 2 along with this work; if not, write to the Free Software Foundation,
|
||||
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
# or visit www.oracle.com if you need additional information or have any
|
||||
# questions.
|
||||
#
|
||||
|
||||
# @test
|
||||
# @bug 8161527
|
||||
# @summary NPE is thrown if exempt application is bundled with specific
|
||||
# cryptoPerms
|
||||
# @requires java.runtime.name ~= "OpenJDK.*"
|
||||
|
||||
# set a few environment variables so that the shell-script can run stand-alone
|
||||
# in the source directory
|
||||
|
||||
# set platform-dependent variables
|
||||
OS=`uname -s`
|
||||
case "$OS" in
|
||||
SunOS | Linux | Darwin | AIX | CYGWIN* )
|
||||
FS="/"
|
||||
;;
|
||||
Windows_* )
|
||||
FS="\\"
|
||||
;;
|
||||
* )
|
||||
echo "Unrecognized system!"
|
||||
exit 1;
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ "${TESTSRC}" = "" ] ; then
|
||||
TESTSRC="."
|
||||
fi
|
||||
if [ "${TESTCLASSES}" = "" ] ; then
|
||||
TESTCLASSES="."
|
||||
fi
|
||||
if [ "${TESTJAVA}" = "" ] ; then
|
||||
JAVAC_CMD=`which javac`
|
||||
TESTJAVA=`dirname $JAVAC_CMD`${FS}..
|
||||
COMPILEJAVA="${TESTJAVA}"
|
||||
fi
|
||||
|
||||
# Build
|
||||
${COMPILEJAVA}${FS}bin${FS}javac \
|
||||
-d . \
|
||||
${TESTSRC}${FS}TestExemption.java \
|
||||
|| exit 10
|
||||
|
||||
# Package
|
||||
${COMPILEJAVA}${FS}bin${FS}jar \
|
||||
-cvf TestExemption.jar \
|
||||
TestExemption.class \
|
||||
-C ${TESTSRC} cryptoPerms \
|
||||
|| exit 10
|
||||
|
||||
# Test
|
||||
${TESTJAVA}${FS}bin${FS}java \
|
||||
-classpath TestExemption.jar TestExemption
|
||||
status=$?
|
||||
|
||||
exit $status
|
||||
|
5
jdk/test/javax/crypto/CryptoPermissions/cryptoPerms
Normal file
5
jdk/test/javax/crypto/CryptoPermissions/cryptoPerms
Normal file
@ -0,0 +1,5 @@
|
||||
grant {
|
||||
// The stock JDK allows for 128 bit AES.
|
||||
// Grant up to 192 bits, but no further.
|
||||
permission javax.crypto.CryptoPermission "AES", 192;
|
||||
};
|
Loading…
x
Reference in New Issue
Block a user