8308398: Move SunEC crypto provider into java.base
Reviewed-by: valeriep, alanb
This commit is contained in:
Anthony Scarpino
parent
69a46c25cc
commit
e737968792
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
# Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
#
|
||||
# This code is free software; you can redistribute it and/or modify it
|
||||
@ -41,7 +41,6 @@ $(eval $(call SetupZipArchive,BUILD_SEC_BIN_ZIP, \
|
||||
modules/java.base/sun/security/internal/interfaces \
|
||||
modules/java.base/sun/security/internal/spec \
|
||||
modules/java.base/com/sun/crypto/provider \
|
||||
modules/jdk.crypto.ec/sun/security/ec \
|
||||
modules/jdk.crypto.mscapi/sun/security/mscapi \
|
||||
modules/jdk.crypto.cryptoki/sun/security/pkcs11 \
|
||||
modules/jdk.crypto.cryptoki/sun/security/pkcs11/wrapper \
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Copyright (c) 2014, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
# Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
#
|
||||
# This code is free software; you can redistribute it and/or modify it
|
||||
@ -36,7 +36,6 @@ DOCS_MODULES= \
|
||||
jdk.charsets \
|
||||
jdk.compiler \
|
||||
jdk.crypto.cryptoki \
|
||||
jdk.crypto.ec \
|
||||
jdk.dynalink \
|
||||
jdk.editpad \
|
||||
jdk.hotspot.agent \
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Copyright (c) 2014, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
# Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
#
|
||||
# This code is free software; you can redistribute it and/or modify it
|
||||
@ -77,7 +77,6 @@ PLATFORM_MODULES= \
|
||||
jdk.accessibility \
|
||||
jdk.charsets \
|
||||
jdk.crypto.cryptoki \
|
||||
jdk.crypto.ec \
|
||||
jdk.dynalink \
|
||||
jdk.httpserver \
|
||||
jdk.jsobject \
|
||||
|
||||
@ -322,25 +322,21 @@ module java.base {
|
||||
java.sql.rowset;
|
||||
exports sun.security.action to
|
||||
java.desktop,
|
||||
java.security.jgss,
|
||||
jdk.crypto.ec;
|
||||
java.security.jgss;
|
||||
exports sun.security.internal.interfaces to
|
||||
jdk.crypto.cryptoki;
|
||||
exports sun.security.internal.spec to
|
||||
jdk.crypto.cryptoki;
|
||||
exports sun.security.jca to
|
||||
java.smartcardio,
|
||||
jdk.crypto.ec,
|
||||
jdk.crypto.cryptoki,
|
||||
jdk.naming.dns;
|
||||
exports sun.security.pkcs to
|
||||
jdk.crypto.ec,
|
||||
jdk.jartool;
|
||||
exports sun.security.provider to
|
||||
java.rmi,
|
||||
java.security.jgss,
|
||||
jdk.crypto.cryptoki,
|
||||
jdk.crypto.ec,
|
||||
jdk.security.auth;
|
||||
exports sun.security.provider.certpath to
|
||||
java.naming,
|
||||
@ -359,17 +355,11 @@ module java.base {
|
||||
java.security.sasl,
|
||||
java.smartcardio,
|
||||
java.xml.crypto,
|
||||
jdk.crypto.ec,
|
||||
jdk.crypto.cryptoki,
|
||||
jdk.jartool,
|
||||
jdk.security.auth,
|
||||
jdk.security.jgss;
|
||||
exports sun.security.util.math to
|
||||
jdk.crypto.ec;
|
||||
exports sun.security.util.math.intpoly to
|
||||
jdk.crypto.ec;
|
||||
exports sun.security.x509 to
|
||||
jdk.crypto.ec,
|
||||
jdk.crypto.cryptoki,
|
||||
jdk.jartool;
|
||||
exports sun.security.validator to
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -176,57 +176,60 @@ final class ProviderConfig {
|
||||
return null;
|
||||
}
|
||||
|
||||
// Create providers which are in java.base directly
|
||||
if (provName.equals("SUN") || provName.equals("sun.security.provider.Sun")) {
|
||||
p = new sun.security.provider.Sun();
|
||||
} else if (provName.equals("SunRsaSign") || provName.equals("sun.security.rsa.SunRsaSign")) {
|
||||
p = new sun.security.rsa.SunRsaSign();
|
||||
} else if (provName.equals("SunJCE") || provName.equals("com.sun.crypto.provider.SunJCE")) {
|
||||
p = new com.sun.crypto.provider.SunJCE();
|
||||
} else if (provName.equals("SunJSSE")) {
|
||||
p = new sun.security.ssl.SunJSSE();
|
||||
} else if (provName.equals("Apple") || provName.equals("apple.security.AppleProvider")) {
|
||||
// need to use reflection since this class only exists on MacOsx
|
||||
@SuppressWarnings("removal")
|
||||
var tmp = AccessController.doPrivileged(new PrivilegedAction<Provider>() {
|
||||
public Provider run() {
|
||||
try {
|
||||
Class<?> c = Class.forName("apple.security.AppleProvider");
|
||||
if (Provider.class.isAssignableFrom(c)) {
|
||||
@SuppressWarnings("deprecation")
|
||||
Object tmp = c.newInstance();
|
||||
return (Provider) tmp;
|
||||
} else {
|
||||
p = switch (provName) {
|
||||
case "SUN", "sun.security.provider.Sun" ->
|
||||
new sun.security.provider.Sun();
|
||||
case "SunRsaSign", "sun.security.rsa.SunRsaSign" ->
|
||||
new sun.security.rsa.SunRsaSign();
|
||||
case "SunJCE", "com.sun.crypto.provider.SunJCE" ->
|
||||
new com.sun.crypto.provider.SunJCE();
|
||||
case "SunJSSE" -> new sun.security.ssl.SunJSSE();
|
||||
case "SunEC" -> new sun.security.ec.SunEC();
|
||||
case "Apple", "apple.security.AppleProvider" -> {
|
||||
// Reflection is needed for compile time as the class
|
||||
// is not available for non-macosx systems
|
||||
@SuppressWarnings("removal")
|
||||
var tmp = AccessController.doPrivileged(
|
||||
new PrivilegedAction<Provider>() {
|
||||
public Provider run() {
|
||||
try {
|
||||
Class<?> c = Class.forName(
|
||||
"apple.security.AppleProvider");
|
||||
if (Provider.class.isAssignableFrom(c)) {
|
||||
@SuppressWarnings("deprecation")
|
||||
Object tmp = c.newInstance();
|
||||
return (Provider) tmp;
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
if (debug != null) {
|
||||
debug.println("Error loading provider Apple");
|
||||
ex.printStackTrace();
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
if (debug != null) {
|
||||
debug.println("Error loading provider Apple");
|
||||
ex.printStackTrace();
|
||||
}
|
||||
return null;
|
||||
});
|
||||
yield tmp;
|
||||
}
|
||||
default -> {
|
||||
if (isLoading) {
|
||||
// because this method is synchronized, this can only
|
||||
// happen if there is recursion.
|
||||
if (debug != null) {
|
||||
debug.println("Recursion loading provider: " + this);
|
||||
new Exception("Call trace").printStackTrace();
|
||||
}
|
||||
yield null;
|
||||
}
|
||||
});
|
||||
p = tmp;
|
||||
} else {
|
||||
if (isLoading) {
|
||||
// because this method is synchronized, this can only
|
||||
// happen if there is recursion.
|
||||
if (debug != null) {
|
||||
debug.println("Recursion loading provider: " + this);
|
||||
new Exception("Call trace").printStackTrace();
|
||||
try {
|
||||
isLoading = true;
|
||||
tries++;
|
||||
yield doLoadProvider();
|
||||
} finally {
|
||||
isLoading = false;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
try {
|
||||
isLoading = true;
|
||||
tries++;
|
||||
p = doLoadProvider();
|
||||
} finally {
|
||||
isLoading = false;
|
||||
}
|
||||
}
|
||||
};
|
||||
provider = p;
|
||||
}
|
||||
return p;
|
||||
|
||||
@ -544,8 +544,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
|
||||
if (pn != null && mn != null) {
|
||||
return ((mn.equals("java.base") &&
|
||||
(pn.equals("SUN") || pn.equals("SunRsaSign") ||
|
||||
pn.equals("SunJCE") || pn.equals("SunJSSE"))) ||
|
||||
(mn.equals("jdk.crypto.ec") && pn.equals("SunEC")) ||
|
||||
pn.equals("SunJCE") || pn.equals("SunJSSE") ||
|
||||
pn.equals("SunEC"))) ||
|
||||
(mn.equals("jdk.crypto.mscapi") && pn.equals("SunMSCAPI")) ||
|
||||
(mn.equals("jdk.crypto.cryptoki") &&
|
||||
pn.startsWith("SunPKCS11")));
|
||||
|
||||
@ -127,15 +127,6 @@ grant codeBase "jrt:/jdk.charsets" {
|
||||
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
|
||||
};
|
||||
|
||||
grant codeBase "jrt:/jdk.crypto.ec" {
|
||||
permission java.lang.RuntimePermission
|
||||
"accessClassInPackage.sun.security.*";
|
||||
permission java.lang.RuntimePermission "loadLibrary.sunec";
|
||||
permission java.security.SecurityPermission "putProviderProperty.SunEC";
|
||||
permission java.security.SecurityPermission "clearProviderProperties.SunEC";
|
||||
permission java.security.SecurityPermission "removeProviderProperty.SunEC";
|
||||
};
|
||||
|
||||
grant codeBase "jrt:/jdk.crypto.cryptoki" {
|
||||
permission java.lang.RuntimePermission
|
||||
"accessClassInPackage.com.sun.crypto.provider";
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -32,8 +32,5 @@
|
||||
* @since 9
|
||||
*/
|
||||
module jdk.crypto.cryptoki {
|
||||
// Depends on SunEC provider for EC related functionality
|
||||
requires jdk.crypto.ec;
|
||||
|
||||
provides java.security.Provider with sun.security.pkcs11.SunPKCS11;
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -31,6 +31,6 @@
|
||||
* @moduleGraph
|
||||
* @since 9
|
||||
*/
|
||||
@Deprecated(since="22", forRemoval = true)
|
||||
module jdk.crypto.ec {
|
||||
provides java.security.Provider with sun.security.ec.SunEC;
|
||||
}
|
||||
|
||||
@ -60,8 +60,7 @@ public class CheckSecurityProvider {
|
||||
// NOTE: the ordering must match what's defined inside java.security
|
||||
expected.add("sun.security.provider.Sun");
|
||||
expected.add("sun.security.rsa.SunRsaSign");
|
||||
layer.findModule("jdk.crypto.ec")
|
||||
.ifPresent(m -> expected.add("sun.security.ec.SunEC"));
|
||||
expected.add("sun.security.ec.SunEC");
|
||||
expected.add("sun.security.ssl.SunJSSE");
|
||||
expected.add("com.sun.crypto.provider.SunJCE");
|
||||
layer.findModule("jdk.security.jgss")
|
||||
|
||||
@ -6,4 +6,4 @@ modules = \
|
||||
java.security.jgss/sun.security.krb5.internal.ccache \
|
||||
java.security.jgss/sun.security.krb5.internal:+open \
|
||||
java.base/sun.security.util \
|
||||
jdk.crypto.ec/sun.security.ec
|
||||
java.base/sun.security.ec
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,7 +25,7 @@
|
||||
* @test
|
||||
* @bug 8049429 8234723
|
||||
* @modules java.management
|
||||
* jdk.crypto.ec/sun.security.ec
|
||||
* java.base/sun.security.ec
|
||||
* @summary Test that all cipher suites work in all versions and all client
|
||||
* authentication types. The way this is setup the server is stateless
|
||||
* and all checking is done on the client side.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,7 +25,7 @@
|
||||
* @test
|
||||
* @bug 8049429 8172273 8234723
|
||||
* @modules java.management
|
||||
* jdk.crypto.ec/sun.security.ec
|
||||
* java.base/sun.security.ec
|
||||
* @summary Test that all cipher suites work in all versions and all client
|
||||
* authentication types. The way this is setup the server is stateless
|
||||
* and all checking is done on the client side.
|
||||
@ -75,4 +75,9 @@
|
||||
* -DCLIENT_PROTOCOL=TLSv1.3
|
||||
* -DCIPHER=TLS_AES_256_GCM_SHA384
|
||||
* TestJSSE
|
||||
* @run main/othervm --limit-modules java.base
|
||||
* -DSERVER_PROTOCOL=SSLv3,TLSv1,TLSv1.1,TLSv1.2,TLSv1.3
|
||||
* -DCLIENT_PROTOCOL=TLSv1.3
|
||||
* -DCIPHER=TLS_AES_256_GCM_SHA384
|
||||
* TestJSSE
|
||||
*/
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,7 +25,7 @@
|
||||
* @test
|
||||
* @bug 8049429
|
||||
* @modules java.management
|
||||
* jdk.crypto.ec/sun.security.ec
|
||||
* java.base/sun.security.ec
|
||||
* @summary Test that all cipher suites work in all versions and all client
|
||||
* authentication types. The way this is setup the server is stateless
|
||||
* and all checking is done on the client side.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,7 +25,7 @@
|
||||
* @test
|
||||
* @bug 8049429 8234723
|
||||
* @modules java.management
|
||||
* jdk.crypto.ec/sun.security.ec
|
||||
* java.base/sun.security.ec
|
||||
* @summary Test that all cipher suites work in all versions and all client
|
||||
* authentication types. The way this is setup the server is stateless
|
||||
* and all checking is done on the client side.
|
||||
@ -60,4 +60,9 @@
|
||||
* -DCLIENT_PROTOCOL=TLSv1.3
|
||||
* -DCIPHER=TLS_AES_256_GCM_SHA384
|
||||
* TestJSSE javax.net.ssl.SSLHandshakeException
|
||||
* @run main/othervm --limit-modules java.base
|
||||
* -DSERVER_PROTOCOL=TLSv1.2
|
||||
* -DCLIENT_PROTOCOL=TLSv1.3
|
||||
* -DCIPHER=TLS_AES_256_GCM_SHA384
|
||||
* TestJSSE javax.net.ssl.SSLHandshakeException
|
||||
*/
|
||||
|
||||
46
test/jdk/sun/security/ec/ecModuleCheck.java
Normal file
46
test/jdk/sun/security/ec/ecModuleCheck.java
Normal file
@ -0,0 +1,46 @@
|
||||
/*
|
||||
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
import java.lang.module.ModuleFinder;
|
||||
import static jdk.test.lib.Asserts.*;
|
||||
|
||||
/*
|
||||
* @test
|
||||
* @bug 8308398
|
||||
* @library /test/lib
|
||||
* @summary Verify jdk.crypto.ec empty module
|
||||
* @run main ecModuleCheck
|
||||
*/
|
||||
|
||||
/* This test verifies jdk.crypto.ec is in the image, but not resolvable.
|
||||
*/
|
||||
public class ecModuleCheck {
|
||||
public static void main(String[] args) throws Exception {
|
||||
// True if module is found in the image.
|
||||
assertTrue(ModuleFinder.ofSystem().find("jdk.crypto.ec").isPresent(),
|
||||
"jdk.crypto.ec was not found in image.");
|
||||
// Since the module empty, isPresent() should be false.
|
||||
assertFalse(ModuleLayer.boot().findModule("jdk.crypto.ec").
|
||||
isPresent(), "jdk.crypto.ec shouldn't be resolvable.");
|
||||
}
|
||||
}
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2020, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -30,7 +30,7 @@
|
||||
* java.base/sun.security.util
|
||||
* java.base/sun.security.util.math
|
||||
* java.base/sun.security.util.math.intpoly
|
||||
* jdk.crypto.ec/sun.security.ec.ed
|
||||
* java.base/sun.security.ec.ed
|
||||
* @run main TestEdOps
|
||||
*/
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,7 +25,7 @@
|
||||
* @test
|
||||
* @bug 8171277
|
||||
* @summary Test XEC curve operations
|
||||
* @modules jdk.crypto.ec/sun.security.ec
|
||||
* @modules java.base/sun.security.ec
|
||||
* @library /test/lib
|
||||
* @build jdk.test.lib.Convert
|
||||
* @run main TestXECOps
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -27,7 +27,7 @@
|
||||
* @summary XEC curve operations iterative test vectors
|
||||
* @library /test/lib
|
||||
* @build jdk.test.lib.Convert
|
||||
* @modules jdk.crypto.ec/sun.security.ec
|
||||
* @modules java.base/sun.security.ec
|
||||
* @run main XECIterative 0 10000
|
||||
* @run main XECIterative 10000 20000
|
||||
* @run main XECIterative 20000 30000
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2006, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -29,7 +29,7 @@
|
||||
* @library /test/lib ..
|
||||
* @library ../../../../java/security/testlibrary
|
||||
* @key randomness
|
||||
* @modules jdk.crypto.cryptoki jdk.crypto.ec/sun.security.ec
|
||||
* @modules jdk.crypto.cryptoki java.base/sun.security.ec
|
||||
* @run main/othervm ReadPKCS12
|
||||
* @run main/othervm -Djava.security.manager=allow ReadPKCS12 sm policy
|
||||
*/
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -64,14 +64,14 @@ public class DefaultPolicy {
|
||||
}
|
||||
|
||||
private static void checkPolicy(Policy p) throws Exception {
|
||||
// check if jdk.crypto.ec module has been de-privileged
|
||||
// check if jdk.crypto.cryptoki module has been de-privileged
|
||||
CodeSource cs =
|
||||
new CodeSource(new URL("jrt:/jdk.crypto.ec"), (CodeSigner[])null);
|
||||
new CodeSource(new URL("jrt:/jdk.crypto.cryptoki"), (CodeSigner[])null);
|
||||
ProtectionDomain pd = new ProtectionDomain(cs, null, null, null);
|
||||
if (p.implies(pd, new AllPermission())) {
|
||||
throw new Exception("module should not be granted AllPermission");
|
||||
}
|
||||
if (!p.implies(pd, new RuntimePermission("loadLibrary.sunec"))) {
|
||||
if (!p.implies(pd, new RuntimePermission("loadLibrary.j2pkcs11"))) {
|
||||
throw new Exception("module should be granted RuntimePermission");
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2019, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -28,9 +28,11 @@
|
||||
* @library /test/lib
|
||||
* @build java.base/sun.security.rsa.RSAKeyPairGenerator
|
||||
* java.base/sun.security.provider.DSAKeyPairGenerator
|
||||
* jdk.crypto.ec/sun.security.ec.ECKeyPairGenerator
|
||||
* java.base/sun.security.ec.ECKeyPairGenerator
|
||||
* @run main DefaultSignatureAlgorithm
|
||||
* @modules jdk.crypto.ec
|
||||
*
|
||||
* This test uses RSA, DSA, and EC inside this test directory, not the providers
|
||||
* from the jdk
|
||||
*/
|
||||
|
||||
import jdk.test.lib.Asserts;
|
||||
@ -82,10 +84,7 @@ public class DefaultSignatureAlgorithm {
|
||||
throws Exception {
|
||||
String patchArg = "-J--patch-module=java.base="
|
||||
+ System.getProperty("test.classes")
|
||||
+ File.separator + "patches" + File.separator + "java.base"
|
||||
+ " -J--patch-module=jdk.crypto.ec="
|
||||
+ System.getProperty("test.classes")
|
||||
+ File.separator + "patches" + File.separator + "jdk.crypto.ec";
|
||||
+ File.separator + "patches" + File.separator + "java.base";
|
||||
return kt(patchArg + " -genkeypair -alias " + alias
|
||||
+ " -dname CN=" + alias + " " + options);
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -63,7 +63,7 @@ public final class JLinkOptionsTest {
|
||||
"--bind-services",
|
||||
},
|
||||
// with bind-services should have some services
|
||||
new String[]{"java.smartcardio", "jdk.crypto.ec"},
|
||||
new String[]{"java.smartcardio", "jdk.crypto.cryptoki"},
|
||||
null,
|
||||
},
|
||||
// bind-services
|
||||
@ -80,7 +80,7 @@ public final class JLinkOptionsTest {
|
||||
"--jlink-options", "--bind-services",
|
||||
},
|
||||
// with bind-services should have some services
|
||||
new String[]{"java.smartcardio", "jdk.crypto.ec"},
|
||||
new String[]{"java.smartcardio", "jdk.crypto.cryptoki"},
|
||||
null,
|
||||
},
|
||||
|
||||
@ -105,7 +105,7 @@ public final class JLinkOptionsTest {
|
||||
// with bind-services should have some services
|
||||
new String[]{"java.smartcardio"},
|
||||
// but not limited
|
||||
new String[]{"jdk.crypto.ec"},
|
||||
new String[]{"jdk.crypto.cryptoki"},
|
||||
},
|
||||
|
||||
});
|
||||
|
||||
Loading…
Reference in New Issue
Block a user