8312434: SPECjvm2008/xml.transform with CDS fails with "can't seal package nu.xom"
Reviewed-by: iklam, matsaave
This commit is contained in:
parent
7c169a426f
commit
9f4a9fe488
@ -354,7 +354,7 @@ void SharedClassPathEntry::copy_from(SharedClassPathEntry* ent, ClassLoaderData*
|
|||||||
_from_class_path_attr = ent->_from_class_path_attr;
|
_from_class_path_attr = ent->_from_class_path_attr;
|
||||||
set_name(ent->name(), CHECK);
|
set_name(ent->name(), CHECK);
|
||||||
|
|
||||||
if (ent->is_jar() && !ent->is_signed() && ent->manifest() != nullptr) {
|
if (ent->is_jar() && ent->manifest() != nullptr) {
|
||||||
Array<u1>* buf = MetadataFactory::new_array<u1>(loader_data,
|
Array<u1>* buf = MetadataFactory::new_array<u1>(loader_data,
|
||||||
ent->manifest_size(),
|
ent->manifest_size(),
|
||||||
CHECK);
|
CHECK);
|
||||||
@ -608,29 +608,6 @@ class ManifestStream: public ResourceObj {
|
|||||||
buf[len] = 0;
|
buf[len] = 0;
|
||||||
return buf;
|
return buf;
|
||||||
}
|
}
|
||||||
|
|
||||||
// The return value indicates if the JAR is signed or not
|
|
||||||
bool check_is_signed() {
|
|
||||||
u1* attr = _current;
|
|
||||||
bool isSigned = false;
|
|
||||||
while (_current < _buffer_end) {
|
|
||||||
if (*_current == '\n') {
|
|
||||||
*_current = '\0';
|
|
||||||
u1* value = (u1*)strchr((char*)attr, ':');
|
|
||||||
if (value != nullptr) {
|
|
||||||
assert(*(value+1) == ' ', "Unrecognized format" );
|
|
||||||
if (strstr((char*)attr, "-Digest") != nullptr) {
|
|
||||||
isSigned = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
*_current = '\n'; // restore
|
|
||||||
attr = _current + 1;
|
|
||||||
}
|
|
||||||
_current ++;
|
|
||||||
}
|
|
||||||
return isSigned;
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
|
|
||||||
void FileMapInfo::update_jar_manifest(ClassPathEntry *cpe, SharedClassPathEntry* ent, TRAPS) {
|
void FileMapInfo::update_jar_manifest(ClassPathEntry *cpe, SharedClassPathEntry* ent, TRAPS) {
|
||||||
@ -643,9 +620,6 @@ void FileMapInfo::update_jar_manifest(ClassPathEntry *cpe, SharedClassPathEntry*
|
|||||||
if (manifest != nullptr) {
|
if (manifest != nullptr) {
|
||||||
ManifestStream* stream = new ManifestStream((u1*)manifest,
|
ManifestStream* stream = new ManifestStream((u1*)manifest,
|
||||||
manifest_size);
|
manifest_size);
|
||||||
if (stream->check_is_signed()) {
|
|
||||||
ent->set_is_signed();
|
|
||||||
} else {
|
|
||||||
// Copy the manifest into the shared archive
|
// Copy the manifest into the shared archive
|
||||||
manifest = ClassLoaderExt::read_raw_manifest(THREAD, cpe, &manifest_size);
|
manifest = ClassLoaderExt::read_raw_manifest(THREAD, cpe, &manifest_size);
|
||||||
Array<u1>* buf = MetadataFactory::new_array<u1>(loader_data,
|
Array<u1>* buf = MetadataFactory::new_array<u1>(loader_data,
|
||||||
@ -655,7 +629,6 @@ void FileMapInfo::update_jar_manifest(ClassPathEntry *cpe, SharedClassPathEntry*
|
|||||||
memcpy(p, manifest, manifest_size);
|
memcpy(p, manifest, manifest_size);
|
||||||
ent->set_manifest(buf);
|
ent->set_manifest(buf);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
char* FileMapInfo::skip_first_path_entry(const char* path) {
|
char* FileMapInfo::skip_first_path_entry(const char* path) {
|
||||||
|
@ -53,7 +53,6 @@ class SharedClassPathEntry : public MetaspaceObj {
|
|||||||
enum {
|
enum {
|
||||||
modules_image_entry,
|
modules_image_entry,
|
||||||
jar_entry,
|
jar_entry,
|
||||||
signed_jar_entry,
|
|
||||||
dir_entry,
|
dir_entry,
|
||||||
non_existent_entry,
|
non_existent_entry,
|
||||||
unknown_entry
|
unknown_entry
|
||||||
@ -90,10 +89,6 @@ public:
|
|||||||
bool is_dir() const { return _type == dir_entry; }
|
bool is_dir() const { return _type == dir_entry; }
|
||||||
bool is_modules_image() const { return _type == modules_image_entry; }
|
bool is_modules_image() const { return _type == modules_image_entry; }
|
||||||
bool is_jar() const { return _type == jar_entry; }
|
bool is_jar() const { return _type == jar_entry; }
|
||||||
bool is_signed() const { return _type == signed_jar_entry; }
|
|
||||||
void set_is_signed() {
|
|
||||||
_type = signed_jar_entry;
|
|
||||||
}
|
|
||||||
bool from_class_path_attr() { return _from_class_path_attr; }
|
bool from_class_path_attr() { return _from_class_path_attr; }
|
||||||
time_t timestamp() const { return _timestamp; }
|
time_t timestamp() const { return _timestamp; }
|
||||||
const char* name() const;
|
const char* name() const;
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -259,21 +259,36 @@ public class JarBuilder {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static final String keyTool = JDKToolFinder.getJDKTool("keytool");
|
||||||
|
static final String jarSigner = JDKToolFinder.getJDKTool("jarsigner");
|
||||||
|
|
||||||
public static void signJar() throws Exception {
|
public static void signJarWithDisabledAlgorithm(String jarName) throws Exception {
|
||||||
String keyTool = JDKToolFinder.getJDKTool("keytool");
|
String keyName = "key_with_disabled_alg";
|
||||||
String jarSigner = JDKToolFinder.getJDKTool("jarsigner");
|
|
||||||
|
|
||||||
executeProcess(keyTool,
|
executeProcess(keyTool,
|
||||||
"-genkey", "-keystore", "./keystore", "-alias", "mykey",
|
"-genkey", "-keystore", "./keystore", "-alias", keyName,
|
||||||
|
"-storepass", "abc123", "-keypass", "abc123", "-keyalg", "dsa",
|
||||||
|
"-sigalg", "SHA1withDSA", "-keysize", "512", "-dname", "CN=jvmtest2")
|
||||||
|
.shouldHaveExitValue(0);
|
||||||
|
|
||||||
|
doSigning(jarName, keyName);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void signJar(String jarName) throws Exception {
|
||||||
|
String keyName = "mykey";
|
||||||
|
executeProcess(keyTool,
|
||||||
|
"-genkey", "-keystore", "./keystore", "-alias", keyName,
|
||||||
"-storepass", "abc123", "-keypass", "abc123", "-keyalg", "dsa",
|
"-storepass", "abc123", "-keypass", "abc123", "-keyalg", "dsa",
|
||||||
"-dname", "CN=jvmtest")
|
"-dname", "CN=jvmtest")
|
||||||
.shouldHaveExitValue(0);
|
.shouldHaveExitValue(0);
|
||||||
|
|
||||||
|
doSigning(jarName, keyName);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void doSigning(String jarName, String keyName) throws Exception {
|
||||||
executeProcess(jarSigner,
|
executeProcess(jarSigner,
|
||||||
"-keystore", "./keystore", "-storepass", "abc123", "-keypass",
|
"-keystore", "./keystore", "-storepass", "abc123", "-keypass",
|
||||||
"abc123", "-signedjar", getJarFilePath("signed_hello"),
|
"abc123", "-signedjar", getJarFilePath("signed_" + jarName),
|
||||||
getJarFilePath("hello"), "mykey")
|
getJarFilePath(jarName), keyName)
|
||||||
.shouldHaveExitValue(0);
|
.shouldHaveExitValue(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
73
test/hotspot/jtreg/runtime/cds/appcds/SealingViolation.java
Normal file
73
test/hotspot/jtreg/runtime/cds/appcds/SealingViolation.java
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
* or visit www.oracle.com if you need additional information or have any
|
||||||
|
* questions.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @test
|
||||||
|
* @bug 8312434
|
||||||
|
* @summary A jar file containing classes in the same package. Sign the jar file with
|
||||||
|
* a disabled algorithm. The jar will be treated as unsigned.
|
||||||
|
* Dump only one class into the CDS archive. During runtime, load the class
|
||||||
|
* stored in the archive and then load another class not from the archive
|
||||||
|
* but from the same pacakge. Loading of the second class should not result
|
||||||
|
* in sealing violation.
|
||||||
|
*
|
||||||
|
* @requires vm.cds
|
||||||
|
* @library /test/lib
|
||||||
|
* @compile test-classes/GenericTestApp.java test-classes/pkg/ClassInPackage.java test-classes/C2.java
|
||||||
|
* @run driver jdk.test.lib.helpers.ClassFileInstaller -jar WhiteBox.jar jdk.test.whitebox.WhiteBox
|
||||||
|
* @run driver SealingViolation
|
||||||
|
*/
|
||||||
|
|
||||||
|
import jdk.test.lib.helpers.ClassFileInstaller;
|
||||||
|
import jdk.test.lib.process.OutputAnalyzer;
|
||||||
|
|
||||||
|
public class SealingViolation {
|
||||||
|
public static void main(String[] args) throws Exception {
|
||||||
|
String[] classList = {"pkg/ClassInPackage"};
|
||||||
|
String appJar = ClassFileInstaller.writeJar("pkg-classes-sealed.jar",
|
||||||
|
ClassFileInstaller.Manifest.fromSourceFile("test-classes/pkg/package_seal.mf"),
|
||||||
|
"GenericTestApp", "pkg/ClassInPackage", "pkg/C2");
|
||||||
|
|
||||||
|
JarBuilder.signJarWithDisabledAlgorithm("pkg-classes-sealed");
|
||||||
|
String signedJar = TestCommon.getTestJar("pkg-classes-sealed.jar");
|
||||||
|
|
||||||
|
// GenericTestApp requires WhiteBox
|
||||||
|
String wbJar = ClassFileInstaller.getJarPath("WhiteBox.jar");
|
||||||
|
String bootclasspath = "-Xbootclasspath/a:" + wbJar;
|
||||||
|
|
||||||
|
OutputAnalyzer output = TestCommon.dump(signedJar, classList, bootclasspath,
|
||||||
|
"-Xlog:cds+class=debug");
|
||||||
|
output.shouldMatch("cds.class.*klasses.*app pkg.ClassInPackage")
|
||||||
|
.shouldHaveExitValue(0);
|
||||||
|
|
||||||
|
output = TestCommon.exec(signedJar, "-Xlog:cds=debug,class+load",
|
||||||
|
bootclasspath,
|
||||||
|
"-XX:+UnlockDiagnosticVMOptions",
|
||||||
|
"-XX:+WhiteBoxAPI",
|
||||||
|
"GenericTestApp",
|
||||||
|
"assertShared:pkg.ClassInPackage",
|
||||||
|
"assertNotShared:pkg.C2");
|
||||||
|
output.shouldHaveExitValue(0);
|
||||||
|
}
|
||||||
|
}
|
@ -38,7 +38,7 @@ import java.io.File;
|
|||||||
public class SignedJar {
|
public class SignedJar {
|
||||||
public static void main(String[] args) throws Exception {
|
public static void main(String[] args) throws Exception {
|
||||||
String unsignedJar = JarBuilder.getOrCreateHelloJar();
|
String unsignedJar = JarBuilder.getOrCreateHelloJar();
|
||||||
JarBuilder.signJar();
|
JarBuilder.signJar("hello");
|
||||||
|
|
||||||
// Test class exists in signed JAR
|
// Test class exists in signed JAR
|
||||||
String signedJar = TestCommon.getTestJar("signed_hello.jar");
|
String signedJar = TestCommon.getTestJar("signed_hello.jar");
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
Manifest-Version: 1.0
|
||||||
|
Created-By: 1.9.0-internal (Oracle Corporation)
|
||||||
|
|
||||||
|
Name: pkg/
|
||||||
|
Sealed: true
|
||||||
|
|
Loading…
Reference in New Issue
Block a user