8161527: NPE is thrown if exempt application is bundled with specific cryptoPerms

Reviewed-by: xuelei
This commit is contained in:
Bradford Wetmore 2016-07-28 12:09:07 -07:00
parent da7a66e347
commit 8c0b4c0358
6 changed files with 172 additions and 12 deletions
jdk
src/java.base/share/classes/javax/crypto
test

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -37,9 +37,7 @@ import java.io.InputStreamReader;
import java.io.BufferedReader;
import java.io.ObjectStreamField;
import java.io.ObjectInputStream;
import java.io.ObjectInputStream.GetField;
import java.io.ObjectOutputStream;
import java.io.ObjectOutputStream.PutField;
import java.io.IOException;
/**
@ -132,15 +130,18 @@ implements Serializable {
*
* @see isReadOnly
*/
@Override
public void add(Permission permission) {
if (isReadOnly())
if (isReadOnly()) {
throw new SecurityException("Attempt to add a Permission " +
"to a readonly CryptoPermissions " +
"object");
}
if (!(permission instanceof CryptoPermission))
if (!(permission instanceof CryptoPermission)) {
return;
}
CryptoPermission cryptoPerm = (CryptoPermission)permission;
PermissionCollection pc =
@ -161,6 +162,7 @@ implements Serializable {
* in the PermissionCollection it belongs to, false if not.
*
*/
@Override
public boolean implies(Permission permission) {
if (!(permission instanceof CryptoPermission)) {
return false;
@ -170,7 +172,13 @@ implements Serializable {
PermissionCollection pc =
getPermissionCollection(cryptoPerm.getAlgorithm());
return pc.implies(cryptoPerm);
if (pc != null) {
return pc.implies(cryptoPerm);
} else {
// none found
return false;
}
}
/**
@ -179,6 +187,7 @@ implements Serializable {
*
* @return an enumeration of all the Permissions.
*/
@Override
public Enumeration<Permission> elements() {
// go through each Permissions in the hash table
// and call their elements() function.
@ -453,7 +462,7 @@ implements Serializable {
final class PermissionsEnumerator implements Enumeration<Permission> {
// all the perms
private Enumeration<PermissionCollection> perms;
private final Enumeration<PermissionCollection> perms;
// the current set
private Enumeration<Permission> permset;
@ -462,17 +471,20 @@ final class PermissionsEnumerator implements Enumeration<Permission> {
permset = getNextEnumWithMore();
}
@Override
public synchronized boolean hasMoreElements() {
// if we enter with permissionimpl null, we know
// there are no more left.
if (permset == null)
if (permset == null) {
return false;
}
// try to see if there are any left in the current one
if (permset.hasMoreElements())
if (permset.hasMoreElements()) {
return true;
}
// get the next one that has something in it...
permset = getNextEnumWithMore();
@ -481,6 +493,7 @@ final class PermissionsEnumerator implements Enumeration<Permission> {
return (permset != null);
}
@Override
public synchronized Permission nextElement() {
// hasMoreElements will update permset to the next permset
// with something in it...
@ -496,8 +509,9 @@ final class PermissionsEnumerator implements Enumeration<Permission> {
while (perms.hasMoreElements()) {
PermissionCollection pc = perms.nextElement();
Enumeration<Permission> next = pc.elements();
if (next.hasMoreElements())
if (next.hasMoreElements()) {
return next;
}
}
return null;
}

@ -23,8 +23,8 @@ exclusiveAccess.dirs=java/rmi/Naming java/util/prefs sun/management/jmxremote su
# Group definitions
groups=TEST.groups [closed/TEST.groups]
# Allow querying of sun.arch.data.model in @requires clauses
requires.properties=sun.arch.data.model
# Allow querying of various System properties in @requires clauses
requires.properties=sun.arch.data.model java.runtime.name
# Tests using jtreg 4.2 b02 features
requiredVersion=4.2 b02

@ -0,0 +1,2 @@
If TestExemption.java/cryptoPerms files ever change, please rebuild the
corresponding signed jar file in the closed repo.

@ -0,0 +1,60 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import javax.crypto.*;
import java.security.*;
public class TestExemption {
public static void main(String[] args) throws Exception {
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(128);
SecretKey key128 = kg.generateKey();
kg.init(192);
SecretKey key192 = kg.generateKey();
kg.init(256);
SecretKey key256 = kg.generateKey();
Cipher c = Cipher.getInstance("AES/CBC/NoPadding");
System.out.println("Testing 128-bit");
c.init(Cipher.ENCRYPT_MODE, key128);
System.out.println("Testing 192-bit");
c.init(Cipher.ENCRYPT_MODE, key192);
try {
System.out.println("Testing 256-bit");
c.init(Cipher.ENCRYPT_MODE, key256);
} catch (InvalidKeyException e) {
System.out.println("Caught the right exception");
}
System.out.println("DONE!");
}
}

@ -0,0 +1,79 @@
#
# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#
# @test
# @bug 8161527
# @summary NPE is thrown if exempt application is bundled with specific
# cryptoPerms
# @requires java.runtime.name ~= "OpenJDK.*"
# set a few environment variables so that the shell-script can run stand-alone
# in the source directory
# set platform-dependent variables
OS=`uname -s`
case "$OS" in
SunOS | Linux | Darwin | AIX | CYGWIN* )
FS="/"
;;
Windows_* )
FS="\\"
;;
* )
echo "Unrecognized system!"
exit 1;
;;
esac
if [ "${TESTSRC}" = "" ] ; then
TESTSRC="."
fi
if [ "${TESTCLASSES}" = "" ] ; then
TESTCLASSES="."
fi
if [ "${TESTJAVA}" = "" ] ; then
JAVAC_CMD=`which javac`
TESTJAVA=`dirname $JAVAC_CMD`${FS}..
COMPILEJAVA="${TESTJAVA}"
fi
# Build
${COMPILEJAVA}${FS}bin${FS}javac \
-d . \
${TESTSRC}${FS}TestExemption.java \
|| exit 10
# Package
${COMPILEJAVA}${FS}bin${FS}jar \
-cvf TestExemption.jar \
TestExemption.class \
-C ${TESTSRC} cryptoPerms \
|| exit 10
# Test
${TESTJAVA}${FS}bin${FS}java \
-classpath TestExemption.jar TestExemption
status=$?
exit $status

@ -0,0 +1,5 @@
grant {
// The stock JDK allows for 128 bit AES.
// Grant up to 192 bits, but no further.
permission javax.crypto.CryptoPermission "AES", 192;
};