8344992: Remove Security Manager dependencies from java.security.cert API and implementations
Reviewed-by: rriggs, hchao
This commit is contained in:
parent
65c98e577f
commit
c5de307284
src/java.base/share/classes
java/security/cert
sun/security
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -25,11 +25,9 @@
|
|||||||
|
|
||||||
package java.security.cert;
|
package java.security.cert;
|
||||||
|
|
||||||
import java.security.AccessController;
|
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.NoSuchProviderException;
|
import java.security.NoSuchProviderException;
|
||||||
import java.security.PrivilegedAction;
|
|
||||||
import java.security.Provider;
|
import java.security.Provider;
|
||||||
import java.security.Security;
|
import java.security.Security;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
@ -317,10 +315,7 @@ public class CertPathBuilder {
|
|||||||
* {@literal "PKIX"} if no such property exists.
|
* {@literal "PKIX"} if no such property exists.
|
||||||
*/
|
*/
|
||||||
public static final String getDefaultType() {
|
public static final String getDefaultType() {
|
||||||
@SuppressWarnings("removal")
|
String cpbtype = Security.getProperty(CPB_TYPE);
|
||||||
String cpbtype =
|
|
||||||
AccessController.doPrivileged((PrivilegedAction<String>) () ->
|
|
||||||
Security.getProperty(CPB_TYPE));
|
|
||||||
return (cpbtype == null) ? "PKIX" : cpbtype;
|
return (cpbtype == null) ? "PKIX" : cpbtype;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -25,11 +25,9 @@
|
|||||||
|
|
||||||
package java.security.cert;
|
package java.security.cert;
|
||||||
|
|
||||||
import java.security.AccessController;
|
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.NoSuchProviderException;
|
import java.security.NoSuchProviderException;
|
||||||
import java.security.PrivilegedAction;
|
|
||||||
import java.security.Provider;
|
import java.security.Provider;
|
||||||
import java.security.Security;
|
import java.security.Security;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
@ -329,10 +327,7 @@ public class CertPathValidator {
|
|||||||
* {@literal "PKIX"} if no such property exists.
|
* {@literal "PKIX"} if no such property exists.
|
||||||
*/
|
*/
|
||||||
public static final String getDefaultType() {
|
public static final String getDefaultType() {
|
||||||
@SuppressWarnings("removal")
|
String cpvtype = Security.getProperty(CPV_TYPE);
|
||||||
String cpvtype =
|
|
||||||
AccessController.doPrivileged((PrivilegedAction<String>) () ->
|
|
||||||
Security.getProperty(CPV_TYPE));
|
|
||||||
return (cpvtype == null) ? "PKIX" : cpvtype;
|
return (cpvtype == null) ? "PKIX" : cpvtype;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -25,11 +25,9 @@
|
|||||||
|
|
||||||
package java.security.cert;
|
package java.security.cert;
|
||||||
|
|
||||||
import java.security.AccessController;
|
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.NoSuchProviderException;
|
import java.security.NoSuchProviderException;
|
||||||
import java.security.PrivilegedAction;
|
|
||||||
import java.security.Provider;
|
import java.security.Provider;
|
||||||
import java.security.Security;
|
import java.security.Security;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
@ -426,11 +424,8 @@ public class CertStore {
|
|||||||
* {@code certstore.type} security property, or the string
|
* {@code certstore.type} security property, or the string
|
||||||
* {@literal "LDAP"} if no such property exists.
|
* {@literal "LDAP"} if no such property exists.
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("removal")
|
|
||||||
public static final String getDefaultType() {
|
public static final String getDefaultType() {
|
||||||
String cstype;
|
String cstype = Security.getProperty(CERTSTORE_TYPE);
|
||||||
cstype = AccessController.doPrivileged((PrivilegedAction<String>) () ->
|
|
||||||
Security.getProperty(CERTSTORE_TYPE));
|
|
||||||
if (cstype == null) {
|
if (cstype == null) {
|
||||||
cstype = "LDAP";
|
cstype = "LDAP";
|
||||||
}
|
}
|
||||||
|
@ -30,7 +30,6 @@ import java.security.GeneralSecurityException;
|
|||||||
import java.security.cert.*;
|
import java.security.cert.*;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
|
|
||||||
import sun.security.action.GetBooleanAction;
|
|
||||||
import sun.security.provider.certpath.PKIX.BuilderParams;
|
import sun.security.provider.certpath.PKIX.BuilderParams;
|
||||||
import sun.security.util.Debug;
|
import sun.security.util.Debug;
|
||||||
|
|
||||||
@ -55,8 +54,8 @@ abstract class Builder {
|
|||||||
* Authority Information Access extension shall be enabled. Currently
|
* Authority Information Access extension shall be enabled. Currently
|
||||||
* disabled by default for compatibility reasons.
|
* disabled by default for compatibility reasons.
|
||||||
*/
|
*/
|
||||||
static final boolean USE_AIA = GetBooleanAction
|
static final boolean USE_AIA =
|
||||||
.privilegedGetProperty("com.sun.security.enableAIAcaIssuers");
|
Boolean.getBoolean("com.sun.security.enableAIAcaIssuers");
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Initialize the builder with the input parameters.
|
* Initialize the builder with the input parameters.
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -45,7 +45,6 @@ import java.util.Set;
|
|||||||
import javax.security.auth.x500.X500Principal;
|
import javax.security.auth.x500.X500Principal;
|
||||||
|
|
||||||
import sun.security.util.HexDumpEncoder;
|
import sun.security.util.HexDumpEncoder;
|
||||||
import sun.security.action.GetIntegerAction;
|
|
||||||
import sun.security.x509.*;
|
import sun.security.x509.*;
|
||||||
import sun.security.util.*;
|
import sun.security.util.*;
|
||||||
|
|
||||||
@ -161,9 +160,7 @@ public final class OCSPResponse {
|
|||||||
* value is negative, set the skew to the default.
|
* value is negative, set the skew to the default.
|
||||||
*/
|
*/
|
||||||
private static int initializeClockSkew() {
|
private static int initializeClockSkew() {
|
||||||
@SuppressWarnings("removal")
|
Integer tmp = Integer.getInteger("com.sun.security.ocsp.clockSkew");
|
||||||
Integer tmp = java.security.AccessController.doPrivileged(
|
|
||||||
new GetIntegerAction("com.sun.security.ocsp.clockSkew"));
|
|
||||||
if (tmp == null || tmp < 0) {
|
if (tmp == null || tmp < 0) {
|
||||||
return DEFAULT_MAX_CLOCK_SKEW;
|
return DEFAULT_MAX_CLOCK_SKEW;
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2012, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -29,10 +29,8 @@ import java.io.IOException;
|
|||||||
import java.math.BigInteger;
|
import java.math.BigInteger;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.net.URISyntaxException;
|
import java.net.URISyntaxException;
|
||||||
import java.security.AccessController;
|
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.PrivilegedAction;
|
|
||||||
import java.security.PublicKey;
|
import java.security.PublicKey;
|
||||||
import java.security.Security;
|
import java.security.Security;
|
||||||
import java.security.cert.CertPathValidatorException.BasicReason;
|
import java.security.cert.CertPathValidatorException.BasicReason;
|
||||||
@ -181,34 +179,21 @@ class RevocationChecker extends PKIXRevocationChecker {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@SuppressWarnings("removal")
|
|
||||||
private static RevocationProperties getRevocationProperties() {
|
private static RevocationProperties getRevocationProperties() {
|
||||||
return AccessController.doPrivileged(
|
RevocationProperties rp = new RevocationProperties();
|
||||||
new PrivilegedAction<RevocationProperties>() {
|
String onlyEE = Security.getProperty(
|
||||||
public RevocationProperties run() {
|
"com.sun.security.onlyCheckRevocationOfEECert");
|
||||||
RevocationProperties rp = new RevocationProperties();
|
rp.onlyEE = onlyEE != null && onlyEE.equalsIgnoreCase("true");
|
||||||
String onlyEE = Security.getProperty(
|
String ocspEnabled = Security.getProperty("ocsp.enable");
|
||||||
"com.sun.security.onlyCheckRevocationOfEECert");
|
rp.ocspEnabled = ocspEnabled != null
|
||||||
rp.onlyEE = onlyEE != null
|
&& ocspEnabled.equalsIgnoreCase("true");
|
||||||
&& onlyEE.equalsIgnoreCase("true");
|
rp.ocspUrl = Security.getProperty("ocsp.responderURL");
|
||||||
String ocspEnabled = Security.getProperty("ocsp.enable");
|
rp.ocspSubject = Security.getProperty("ocsp.responderCertSubjectName");
|
||||||
rp.ocspEnabled = ocspEnabled != null
|
rp.ocspIssuer = Security.getProperty("ocsp.responderCertIssuerName");
|
||||||
&& ocspEnabled.equalsIgnoreCase("true");
|
rp.ocspSerial = Security.getProperty("ocsp.responderCertSerialNumber");
|
||||||
rp.ocspUrl = Security.getProperty("ocsp.responderURL");
|
rp.crlDPEnabled = Boolean.getBoolean("com.sun.security.enableCRLDP");
|
||||||
rp.ocspSubject
|
rp.ocspNonce = Boolean.getBoolean("jdk.security.certpath.ocspNonce");
|
||||||
= Security.getProperty("ocsp.responderCertSubjectName");
|
return rp;
|
||||||
rp.ocspIssuer
|
|
||||||
= Security.getProperty("ocsp.responderCertIssuerName");
|
|
||||||
rp.ocspSerial
|
|
||||||
= Security.getProperty("ocsp.responderCertSerialNumber");
|
|
||||||
rp.crlDPEnabled
|
|
||||||
= Boolean.getBoolean("com.sun.security.enableCRLDP");
|
|
||||||
rp.ocspNonce
|
|
||||||
= Boolean.getBoolean("jdk.security.certpath.ocspNonce");
|
|
||||||
return rp;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private static X509Certificate getResponderCert(RevocationProperties rp,
|
private static X509Certificate getResponderCert(RevocationProperties rp,
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -27,9 +27,7 @@ package sun.security.util;
|
|||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
import java.security.AccessController;
|
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import java.security.PrivilegedAction;
|
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Enumeration;
|
import java.util.Enumeration;
|
||||||
@ -51,45 +49,37 @@ public class AnchorCertificates {
|
|||||||
private static Set<X500Principal> certIssuers = Collections.emptySet();
|
private static Set<X500Principal> certIssuers = Collections.emptySet();
|
||||||
|
|
||||||
static {
|
static {
|
||||||
@SuppressWarnings("removal")
|
File f = new File(FilePaths.cacerts());
|
||||||
var dummy = AccessController.doPrivileged(new PrivilegedAction<>() {
|
try {
|
||||||
@Override
|
KeyStore cacerts = KeyStore.getInstance("JKS");
|
||||||
public Void run() {
|
try (FileInputStream fis = new FileInputStream(f)) {
|
||||||
File f = new File(FilePaths.cacerts());
|
cacerts.load(fis, null);
|
||||||
try {
|
certs = new HashSet<>();
|
||||||
KeyStore cacerts;
|
certIssuers = new HashSet<>();
|
||||||
cacerts = KeyStore.getInstance("JKS");
|
Enumeration<String> list = cacerts.aliases();
|
||||||
try (FileInputStream fis = new FileInputStream(f)) {
|
while (list.hasMoreElements()) {
|
||||||
cacerts.load(fis, null);
|
String alias = list.nextElement();
|
||||||
certs = new HashSet<>();
|
// Check if this cert is labeled a trust anchor.
|
||||||
certIssuers = new HashSet<>();
|
if (alias.contains(" [jdk")) {
|
||||||
Enumeration<String> list = cacerts.aliases();
|
X509Certificate cert = (X509Certificate) cacerts
|
||||||
while (list.hasMoreElements()) {
|
.getCertificate(alias);
|
||||||
String alias = list.nextElement();
|
String fp =
|
||||||
// Check if this cert is labeled a trust anchor.
|
X509CertImpl.getFingerprint(HASH, cert, debug);
|
||||||
if (alias.contains(" [jdk")) {
|
// only add trust anchor if fingerprint can
|
||||||
X509Certificate cert = (X509Certificate) cacerts
|
// be calculated
|
||||||
.getCertificate(alias);
|
if (fp != null) {
|
||||||
String fp =
|
certs.add(fp);
|
||||||
X509CertImpl.getFingerprint(HASH, cert, debug);
|
certIssuers.add(cert.getSubjectX500Principal());
|
||||||
// only add trust anchor if fingerprint can
|
|
||||||
// be calculated
|
|
||||||
if (fp != null) {
|
|
||||||
certs.add(fp);
|
|
||||||
certIssuers.add(cert.getSubjectX500Principal());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
|
||||||
if (debug != null) {
|
|
||||||
debug.println("Error parsing cacerts");
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return null;
|
|
||||||
}
|
}
|
||||||
});
|
} catch (Exception e) {
|
||||||
|
if (debug != null) {
|
||||||
|
debug.println("Error parsing cacerts");
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* Copyright (c) 2018 SAP SE. All rights reserved.
|
* Copyright (c) 2018 SAP SE. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
@ -51,7 +51,7 @@ public class SecurityProperties {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static String getOverridableProperty(String propName) {
|
public static String getOverridableProperty(String propName) {
|
||||||
String val = System.getProperty(propName);
|
String val = System.getProperty(propName);
|
||||||
if (val == null) {
|
if (val == null) {
|
||||||
return Security.getProperty(propName);
|
return Security.getProperty(propName);
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2012, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -25,8 +25,6 @@
|
|||||||
package sun.security.util;
|
package sun.security.util;
|
||||||
|
|
||||||
import java.io.*;
|
import java.io.*;
|
||||||
import java.security.AccessController;
|
|
||||||
import java.security.PrivilegedAction;
|
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
|
|
||||||
@ -50,22 +48,15 @@ public final class UntrustedCertificates {
|
|||||||
private static final String algorithm;
|
private static final String algorithm;
|
||||||
|
|
||||||
static {
|
static {
|
||||||
@SuppressWarnings("removal")
|
File f = new File(StaticProperty.javaHome(),
|
||||||
var dummy = AccessController.doPrivileged(new PrivilegedAction<Void>() {
|
"lib/security/blocked.certs");
|
||||||
@Override
|
try (FileInputStream fin = new FileInputStream(f)) {
|
||||||
public Void run() {
|
props.load(fin);
|
||||||
File f = new File(StaticProperty.javaHome(),
|
} catch (IOException fnfe) {
|
||||||
"lib/security/blocked.certs");
|
if (debug != null) {
|
||||||
try (FileInputStream fin = new FileInputStream(f)) {
|
debug.println("Error parsing blocked.certs");
|
||||||
props.load(fin);
|
|
||||||
} catch (IOException fnfe) {
|
|
||||||
if (debug != null) {
|
|
||||||
debug.println("Error parsing blocked.certs");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
}
|
||||||
});
|
}
|
||||||
algorithm = props.getProperty(ALGORITHM_KEY);
|
algorithm = props.getProperty(ALGORITHM_KEY);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -24,8 +24,6 @@
|
|||||||
*/
|
*/
|
||||||
package sun.security.validator;
|
package sun.security.validator;
|
||||||
|
|
||||||
import java.security.AccessController;
|
|
||||||
import java.security.PrivilegedAction;
|
|
||||||
import java.security.Security;
|
import java.security.Security;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.EnumSet;
|
import java.util.EnumSet;
|
||||||
@ -86,15 +84,8 @@ enum CADistrustPolicy {
|
|||||||
// The policies set in the jdk.security.caDistrustPolicies property.
|
// The policies set in the jdk.security.caDistrustPolicies property.
|
||||||
static final EnumSet<CADistrustPolicy> POLICIES = parseProperty();
|
static final EnumSet<CADistrustPolicy> POLICIES = parseProperty();
|
||||||
private static EnumSet<CADistrustPolicy> parseProperty() {
|
private static EnumSet<CADistrustPolicy> parseProperty() {
|
||||||
@SuppressWarnings("removal")
|
String property = Security.getProperty(
|
||||||
String property = AccessController.doPrivileged(
|
"jdk.security.caDistrustPolicies");
|
||||||
new PrivilegedAction<>() {
|
|
||||||
@Override
|
|
||||||
public String run() {
|
|
||||||
return Security.getProperty(
|
|
||||||
"jdk.security.caDistrustPolicies");
|
|
||||||
}
|
|
||||||
});
|
|
||||||
EnumSet<CADistrustPolicy> set = EnumSet.noneOf(CADistrustPolicy.class);
|
EnumSet<CADistrustPolicy> set = EnumSet.noneOf(CADistrustPolicy.class);
|
||||||
// if property is null or empty, the restrictions are not enforced
|
// if property is null or empty, the restrictions are not enforced
|
||||||
if (property == null || property.isEmpty()) {
|
if (property == null || property.isEmpty()) {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -29,7 +29,6 @@ import java.security.*;
|
|||||||
import java.security.cert.*;
|
import java.security.cert.*;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
import javax.security.auth.x500.X500Principal;
|
import javax.security.auth.x500.X500Principal;
|
||||||
import sun.security.action.GetBooleanAction;
|
|
||||||
import sun.security.provider.certpath.AlgorithmChecker;
|
import sun.security.provider.certpath.AlgorithmChecker;
|
||||||
import sun.security.provider.certpath.PKIXExtendedParameters;
|
import sun.security.provider.certpath.PKIXExtendedParameters;
|
||||||
import sun.security.util.SecurityProperties;
|
import sun.security.util.SecurityProperties;
|
||||||
@ -56,8 +55,8 @@ public final class PKIXValidator extends Validator {
|
|||||||
* manager. Typically, this will only work if the PKIX implementation
|
* manager. Typically, this will only work if the PKIX implementation
|
||||||
* supports CRL distribution points as we do not manually set up CertStores.
|
* supports CRL distribution points as we do not manually set up CertStores.
|
||||||
*/
|
*/
|
||||||
private static final boolean checkTLSRevocation = GetBooleanAction
|
private static final boolean checkTLSRevocation =
|
||||||
.privilegedGetProperty("com.sun.net.ssl.checkRevocation");
|
Boolean.getBoolean("com.sun.net.ssl.checkRevocation");
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* System or security property that if set (or set to "true"), allows trust
|
* System or security property that if set (or set to "true"), allows trust
|
||||||
@ -67,7 +66,7 @@ public final class PKIXValidator extends Validator {
|
|||||||
private static final boolean ALLOW_NON_CA_ANCHOR = allowNonCaAnchor();
|
private static final boolean ALLOW_NON_CA_ANCHOR = allowNonCaAnchor();
|
||||||
private static boolean allowNonCaAnchor() {
|
private static boolean allowNonCaAnchor() {
|
||||||
String prop = SecurityProperties
|
String prop = SecurityProperties
|
||||||
.privilegedGetOverridable("jdk.security.allowNonCaAnchor");
|
.getOverridableProperty("jdk.security.allowNonCaAnchor");
|
||||||
return prop != null && (prop.isEmpty() || prop.equalsIgnoreCase("true"));
|
return prop != null && (prop.isEmpty() || prop.equalsIgnoreCase("true"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -33,7 +33,6 @@ import java.util.*;
|
|||||||
|
|
||||||
import static java.nio.charset.StandardCharsets.UTF_8;
|
import static java.nio.charset.StandardCharsets.UTF_8;
|
||||||
|
|
||||||
import sun.security.action.GetBooleanAction;
|
|
||||||
import sun.security.util.*;
|
import sun.security.util.*;
|
||||||
import sun.security.pkcs.PKCS9Attribute;
|
import sun.security.pkcs.PKCS9Attribute;
|
||||||
|
|
||||||
@ -64,8 +63,8 @@ public class AVA implements DerEncoder {
|
|||||||
// See CR 6391482: if enabled this flag preserves the old but incorrect
|
// See CR 6391482: if enabled this flag preserves the old but incorrect
|
||||||
// PrintableString encoding for DomainComponent. It may need to be set to
|
// PrintableString encoding for DomainComponent. It may need to be set to
|
||||||
// avoid breaking preexisting certificates generated with sun.security APIs.
|
// avoid breaking preexisting certificates generated with sun.security APIs.
|
||||||
private static final boolean PRESERVE_OLD_DC_ENCODING = GetBooleanAction
|
private static final boolean PRESERVE_OLD_DC_ENCODING =
|
||||||
.privilegedGetProperty("com.sun.security.preserveOldDCEncoding");
|
Boolean.getBoolean("com.sun.security.preserveOldDCEncoding");
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* DEFAULT format allows both RFC1779 and RFC2253 syntax and
|
* DEFAULT format allows both RFC1779 and RFC2253 syntax and
|
||||||
|
Loading…
x
Reference in New Issue
Block a user