stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8159488: Deprivilege java.xml.crypto

Browse Source 
Update java.policy with the necessary permissions and minor code refactoring

Reviewed-by: mullan
This commit is contained in:
Valerie Peng 2016-07-27 01:24:09 +00:00
parent 0d7e21080e
commit 9a82da0c94
5 changed files with 262 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
jdk/src/java.base/share/conf/security/java.policy
View File

@ -122,6 +122,14 @@ grant codeBase "jrt:/java.xml.bind" {
permission java.util.PropertyPermission "*", "read";
};
grant codeBase "jrt:/java.xml.crypto" {
permission java.util.PropertyPermission "*", "read";
permission java.security.SecurityPermission "putProviderProperty.XMLDSig";
permission java.security.SecurityPermission "clearProviderProperties.XMLDSig";
permission java.security.SecurityPermission "removeProviderProperty.XMLDSig";
permission java.security.SecurityPermission "com.sun.org.apache.xml.internal.security.register";
};
grant codeBase "jrt:/java.xml.ws" {
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";

86
jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/TransformService.java
View File

@ -39,8 +39,6 @@ import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
/**
* A Service Provider Interface for transform and canonicalization algorithms.
@ -165,18 +163,23 @@ public abstract class TransformService implements Transform {
if (mechanismType.equals("DOM")) {
dom = true;
}
List<Service> services = GetInstance.getServices("TransformService", algorithm);
for (Iterator<Service> t = services.iterator(); t.hasNext(); ) {
Service s = t.next();
String value = s.getAttribute("MechanismType");
if ((value == null && dom) ||
(value != null && value.equals(mechanismType))) {
Instance instance = GetInstance.getInstance(s, null);
TransformService ts = (TransformService) instance.impl;
ts.algorithm = algorithm;
ts.mechanism = mechanismType;
ts.provider = instance.provider;
return ts;
Provider[] provs = Security.getProviders();
for (Provider p : provs) {
Service s = p.getService("TransformService", algorithm);
if (s != null) {
String value = s.getAttribute("MechanismType");
if ((value == null && dom) ||
(value != null && value.equals(mechanismType))) {
Object obj = s.newInstance(null);
if (obj instanceof TransformService) {
TransformService ts = (TransformService) obj;
ts.algorithm = algorithm;
ts.mechanism = mechanismType;
ts.provider = p;
return ts;
}
}
}
}
throw new NoSuchAlgorithmException
@ -215,21 +218,24 @@ public abstract class TransformService implements Transform {
if (mechanismType.equals("DOM")) {
dom = true;
}
Service s = GetInstance.getService
("TransformService", algorithm, provider);
String value = s.getAttribute("MechanismType");
if ((value == null && dom) ||
(value != null && value.equals(mechanismType))) {
Instance instance = GetInstance.getInstance(s, null);
TransformService ts = (TransformService) instance.impl;
ts.algorithm = algorithm;
ts.mechanism = mechanismType;
ts.provider = instance.provider;
return ts;
Service s = provider.getService("TransformService", algorithm);
if (s != null) {
String value = s.getAttribute("MechanismType");
if ((value == null && dom) ||
(value != null && value.equals(mechanismType))) {
Object obj = s.newInstance(null);
if (obj instanceof TransformService) {
TransformService ts = (TransformService) obj;
ts.algorithm = algorithm;
ts.mechanism = mechanismType;
ts.provider = provider;
return ts;
}
}
}
throw new NoSuchAlgorithmException
(algorithm + " algorithm and " + mechanismType
+ " mechanism not available");
+ " mechanism not available from " + provider.getName());
}
/**
@ -268,21 +274,25 @@ public abstract class TransformService implements Transform {
if (mechanismType.equals("DOM")) {
dom = true;
}
Service s = GetInstance.getService
("TransformService", algorithm, provider);
String value = s.getAttribute("MechanismType");
if ((value == null && dom) ||
(value != null && value.equals(mechanismType))) {
Instance instance = GetInstance.getInstance(s, null);
TransformService ts = (TransformService) instance.impl;
ts.algorithm = algorithm;
ts.mechanism = mechanismType;
ts.provider = instance.provider;
return ts;
Provider p = Security.getProvider(provider);
Service s = p.getService("TransformService", algorithm);
if (s != null) {
String value = s.getAttribute("MechanismType");
if ((value == null && dom) ||
(value != null && value.equals(mechanismType))) {
Object obj = s.newInstance(null);
if (obj instanceof TransformService) {
TransformService ts = (TransformService) obj;
ts.algorithm = algorithm;
ts.mechanism = mechanismType;
ts.provider = p;
return ts;
}
}
}
throw new NoSuchAlgorithmException
(algorithm + " algorithm and " + mechanismType
+ " mechanism not available");
+ " mechanism not available from " + provider);
}
private static class MechanismMapEntry implements Map.Entry<String,String> {

87
jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/XMLSignatureFactory.java
View File

@ -43,11 +43,10 @@ import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Provider.Service;
import java.security.Security;
import java.util.List;
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
/**
* A factory for creating {@link XMLSignature} objects from scratch or
@ -198,17 +197,26 @@ public abstract class XMLSignatureFactory {
if (mechanismType == null) {
throw new NullPointerException("mechanismType cannot be null");
}
Instance instance;
try {
instance = GetInstance.getInstance
("XMLSignatureFactory", null, mechanismType);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchMechanismException(nsae);
Provider[] provs = Security.getProviders();
for (Provider p : provs) {
Service s = p.getService("XMLSignatureFactory", mechanismType);
if (s != null) {
Object obj = null;
try {
obj = s.newInstance(null);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchMechanismException(nsae);
}
if (obj instanceof XMLSignatureFactory) {
XMLSignatureFactory factory = (XMLSignatureFactory) obj;
factory.mechanismType = mechanismType;
factory.provider = p;
return factory;
}
}
}
XMLSignatureFactory factory = (XMLSignatureFactory) instance.impl;
factory.mechanismType = mechanismType;
factory.provider = instance.provider;
return factory;
throw new NoSuchMechanismException
("Mechanism " + mechanismType + " not available");
}
/**
@ -240,17 +248,25 @@ public abstract class XMLSignatureFactory {
throw new NullPointerException("provider cannot be null");
}
Instance instance;
try {
instance = GetInstance.getInstance
("XMLSignatureFactory", null, mechanismType, provider);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchMechanismException(nsae);
Service s = provider.getService("XMLSignatureFactory", mechanismType);
if (s != null) {
Object obj = null;
try {
obj = s.newInstance(null);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchMechanismException(nsae);
}
if (obj instanceof XMLSignatureFactory) {
XMLSignatureFactory factory = (XMLSignatureFactory) obj;
factory.mechanismType = mechanismType;
factory.provider = provider;
return factory;
}
}
XMLSignatureFactory factory = (XMLSignatureFactory) instance.impl;
factory.mechanismType = mechanismType;
factory.provider = instance.provider;
return factory;
throw new NoSuchMechanismException
("Mechanism " + mechanismType + " not available from " +
provider.getName());
}
/**
@ -288,17 +304,24 @@ public abstract class XMLSignatureFactory {
throw new NoSuchProviderException();
}
Instance instance;
try {
instance = GetInstance.getInstance
("XMLSignatureFactory", null, mechanismType, provider);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchMechanismException(nsae);
Provider p = Security.getProvider(provider);
Service s = p.getService("XMLSignatureFactory", mechanismType);
if (s != null) {
Object obj = null;
try {
obj = s.newInstance(null);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchMechanismException(nsae);
}
if (obj instanceof XMLSignatureFactory) {
XMLSignatureFactory factory = (XMLSignatureFactory) obj;
factory.mechanismType = mechanismType;
factory.provider = p;
return factory;
}
}
XMLSignatureFactory factory = (XMLSignatureFactory) instance.impl;
factory.mechanismType = mechanismType;
factory.provider = instance.provider;
return factory;
throw new NoSuchMechanismException
("Mechanism " + mechanismType + " not available from " + provider);
}
/**

87
jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/KeyInfoFactory.java
View File

@ -32,6 +32,7 @@ import java.security.KeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Provider.Service;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509CRL;
@ -43,8 +44,6 @@ import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.*;
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
/**
* A factory for creating {@link KeyInfo} objects from scratch or for
@ -153,17 +152,26 @@ public abstract class KeyInfoFactory {
if (mechanismType == null) {
throw new NullPointerException("mechanismType cannot be null");
}
Instance instance;
try {
instance = GetInstance.getInstance
("KeyInfoFactory", null, mechanismType);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchMechanismException(nsae);
Provider[] provs = Security.getProviders();
for (Provider p : provs) {
Service s = p.getService("KeyInfoFactory", mechanismType);
if (s != null) {
Object obj = null;
try {
obj = s.newInstance(null);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchMechanismException(nsae);
}
if (obj instanceof KeyInfoFactory) {
KeyInfoFactory factory = (KeyInfoFactory) obj;
factory.mechanismType = mechanismType;
factory.provider = p;
return factory;
}
}
}
KeyInfoFactory factory = (KeyInfoFactory) instance.impl;
factory.mechanismType = mechanismType;
factory.provider = instance.provider;
return factory;
throw new NoSuchMechanismException
("Mechanism " + mechanismType + " not available");
}
/**
@ -195,17 +203,24 @@ public abstract class KeyInfoFactory {
throw new NullPointerException("provider cannot be null");
}
Instance instance;
try {
instance = GetInstance.getInstance
("KeyInfoFactory", null, mechanismType, provider);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchMechanismException(nsae);
Service s = provider.getService("KeyInfoFactory", mechanismType);
if (s != null) {
Object obj = null;
try {
obj = s.newInstance(null);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchMechanismException(nsae);
}
if (obj instanceof KeyInfoFactory) {
KeyInfoFactory factory = (KeyInfoFactory) obj;
factory.mechanismType = mechanismType;
factory.provider = provider;
return factory;
}
}
KeyInfoFactory factory = (KeyInfoFactory) instance.impl;
factory.mechanismType = mechanismType;
factory.provider = instance.provider;
return factory;
throw new NoSuchMechanismException
("Mechanism " + mechanismType + " not available from " + provider.getName());
}
/**
@ -242,18 +257,24 @@ public abstract class KeyInfoFactory {
} else if (provider.length() == 0) {
throw new NoSuchProviderException();
}
Instance instance;
try {
instance = GetInstance.getInstance
("KeyInfoFactory", null, mechanismType, provider);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchMechanismException(nsae);
Provider p = Security.getProvider(provider);
Service s = p.getService("KeyInfoFactory", mechanismType);
if (s != null) {
Object obj = null;
try {
obj = s.newInstance(null);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchMechanismException(nsae);
}
if (obj instanceof KeyInfoFactory) {
KeyInfoFactory factory = (KeyInfoFactory) obj;
factory.mechanismType = mechanismType;
factory.provider = p;
return factory;
}
}
KeyInfoFactory factory = (KeyInfoFactory) instance.impl;
factory.mechanismType = mechanismType;
factory.provider = instance.provider;
return factory;
throw new NoSuchMechanismException
("Mechanism " + mechanismType + " not available from " + provider);
}
/**

97
jdk/test/javax/xml/crypto/dsig/GetInstanceTests.java Normal file
View File

@ -0,0 +1,97 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* @test
* @bug 8159488
* @summary Basic tests for the various getInstance() methods of
* XMLSignatureFactory, TransformService, and KeyInfoFactory classes
* @run main GetInstanceTests
*/
import java.security.*;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
public class GetInstanceTests {
public static void main(String[] argv) throws Exception {
TestTransformService(CanonicalizationMethod.INCLUSIVE, "DOM");
TestTransformService(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, "DOM");
TestTransformService(Transform.BASE64, "DOM");
TestTransformService(Transform.XPATH2, "DOM");
TestXMLSignatureFactory();
TestKeyInfoFactory();
}
private static void TestTransformService(String algo,
String mechType) throws Exception {
TransformService ts = TransformService.getInstance(algo, mechType);
Provider p = ts.getProvider();
try {
ts = TransformService.getInstance(algo, mechType, p);
ts = TransformService.getInstance(algo, mechType, p.getName());
} catch (Exception ex) {
throw new RuntimeException("Error: Unexpected exception", ex);
}
}
private static void TestXMLSignatureFactory() throws Exception {
XMLSignatureFactory fac = XMLSignatureFactory.getInstance();
Provider p = fac.getProvider();
String mechType = fac.getMechanismType();
Provider p2;
try {
fac = XMLSignatureFactory.getInstance(mechType);
p2 = fac.getProvider();
fac = XMLSignatureFactory.getInstance(mechType, p);
fac = XMLSignatureFactory.getInstance(mechType, p.getName());
} catch (Exception ex) {
throw new RuntimeException("Error: Unexpected exception", ex);
}
if (p2.getName() != p.getName()) {
throw new RuntimeException("Error: Provider equality check failed");
}
if (p2.getName() != p.getName()) {
throw new RuntimeException("Error: Provider equality check failed");
}
}
private static void TestKeyInfoFactory() throws Exception {
KeyInfoFactory fac = KeyInfoFactory.getInstance();
Provider p = fac.getProvider();
String mechType = fac.getMechanismType();
Provider p2;
try {
fac = KeyInfoFactory.getInstance(mechType);
p2 = fac.getProvider();
fac = KeyInfoFactory.getInstance(mechType, p);
fac = KeyInfoFactory.getInstance(mechType, p.getName());
} catch (Exception ex) {
throw new RuntimeException("Error: Unexpected exception", ex);
}
if (p2.getName() != p.getName()) {
throw new RuntimeException("Error: Provider equality check failed");
}
}
}