stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8344214: Remove Security Manager dependencies from jdk.crypto.mscapi module

Browse Source 
Reviewed-by: rriggs, ascarpino
This commit is contained in:
Sean Mullan 2024-11-15 19:02:13 +00:00
parent ff12ff534a
commit fc8fb34f3d
2 changed files with 110 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/CKeyStore.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,15 +29,12 @@ import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.AccessController;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStoreSpi;
import java.security.KeyStoreException;
import java.security.PrivilegedAction;
import java.security.UnrecoverableKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecurityPermission;
import java.security.cert.X509Certificate;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
@ -242,9 +239,7 @@ abstract class CKeyStore extends KeyStoreSpi {
CKeyStore(String storeName, int storeLocation) {
// Get the compatibility mode
@SuppressWarnings("removal")
String prop = AccessController.doPrivileged(
(PrivilegedAction<String>) () -> System.getProperty(KEYSTORE_COMPATIBILITY_MODE_PROP));
String prop = System.getProperty(KEYSTORE_COMPATIBILITY_MODE_PROP);
if ("false".equalsIgnoreCase(prop)) {
keyStoreCompatibilityMode = false;
@ -695,10 +690,6 @@ abstract class CKeyStore extends KeyStoreSpi {
* the integrity of the keystore cannot be found
* @exception CertificateException if any of the certificates in the
* keystore could not be loaded
* @exception SecurityException if the security check for
* <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
* pass, where <i>name</i> is the value returned by
* this provider's <code>getName</code> method.
*/
public void engineLoad(InputStream stream, char[] password)
throws IOException, NoSuchAlgorithmException, CertificateException {
@ -710,16 +701,6 @@ abstract class CKeyStore extends KeyStoreSpi {
throw new IOException("Keystore password must be null");
}
/*
* Use the same security check as AuthProvider.login
*/
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SecurityPermission(
"authProvider.SunMSCAPI"));
}
// Clear all key entries
entries.clear();

224
src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/SunMSCAPI.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,8 +25,6 @@
package sun.security.mscapi;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidParameterException;
@ -50,14 +48,14 @@ public final class SunMSCAPI extends Provider {
private static final String INFO = "Sun's Microsoft Crypto API provider";
static {
@SuppressWarnings({"removal", "restricted"})
var dummy = AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
System.loadLibrary("sunmscapi");
return null;
}
});
loadLibrary();
}
@SuppressWarnings("restricted")
private static void loadLibrary() {
System.loadLibrary("sunmscapi");
}
private static class ProviderServiceA extends ProviderService {
ProviderServiceA(Provider p, String type, String algo, String cn,
HashMap<String, String> attrs) {
@ -148,119 +146,113 @@ public final class SunMSCAPI extends Provider {
}
}
@SuppressWarnings("removal")
public SunMSCAPI() {
super("SunMSCAPI", PROVIDER_VER, INFO);
final Provider p = this;
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
/*
* Secure random
*/
HashMap<String, String> srattrs = new HashMap<>(1);
srattrs.put("ThreadSafe", "true");
putService(new ProviderService(p, "SecureRandom",
"Windows-PRNG", "sun.security.mscapi.PRNG",
null, srattrs));
/*
* Secure random
*/
HashMap<String, String> srattrs = new HashMap<>(1);
srattrs.put("ThreadSafe", "true");
putService(new ProviderService(p, "SecureRandom",
"Windows-PRNG", "sun.security.mscapi.PRNG",
null, srattrs));
/*
* Key store
*/
putService(new ProviderService(p, "KeyStore",
"Windows-MY", "sun.security.mscapi.CKeyStore$MY"));
putService(new ProviderService(p, "KeyStore",
"Windows-MY-CURRENTUSER", "sun.security.mscapi.CKeyStore$MY"));
putService(new ProviderService(p, "KeyStore",
"Windows-ROOT", "sun.security.mscapi.CKeyStore$ROOT"));
putService(new ProviderService(p, "KeyStore",
"Windows-ROOT-CURRENTUSER", "sun.security.mscapi.CKeyStore$ROOT"));
putService(new ProviderService(p, "KeyStore",
"Windows-MY-LOCALMACHINE", "sun.security.mscapi.CKeyStore$MYLocalMachine"));
putService(new ProviderService(p, "KeyStore",
"Windows-ROOT-LOCALMACHINE", "sun.security.mscapi.CKeyStore$ROOTLocalMachine"));
/*
* Key store
*/
putService(new ProviderService(p, "KeyStore",
"Windows-MY", "sun.security.mscapi.CKeyStore$MY"));
putService(new ProviderService(p, "KeyStore",
"Windows-MY-CURRENTUSER", "sun.security.mscapi.CKeyStore$MY"));
putService(new ProviderService(p, "KeyStore",
"Windows-ROOT", "sun.security.mscapi.CKeyStore$ROOT"));
putService(new ProviderService(p, "KeyStore",
"Windows-ROOT-CURRENTUSER", "sun.security.mscapi.CKeyStore$ROOT"));
putService(new ProviderService(p, "KeyStore",
"Windows-MY-LOCALMACHINE", "sun.security.mscapi.CKeyStore$MYLocalMachine"));
putService(new ProviderService(p, "KeyStore",
"Windows-ROOT-LOCALMACHINE", "sun.security.mscapi.CKeyStore$ROOTLocalMachine"));
/*
* Signature engines
*/
HashMap<String, String> attrs = new HashMap<>(1);
attrs.put("SupportedKeyClasses", "sun.security.mscapi.CKey");
/*
* Signature engines
*/
HashMap<String, String> attrs = new HashMap<>(1);
attrs.put("SupportedKeyClasses", "sun.security.mscapi.CKey");
// NONEwithRSA must be supplied with a pre-computed message digest.
// Only the following digest algorithms are supported: MD5, SHA-1,
// SHA-256, SHA-384, SHA-512 and a special-purpose digest
// algorithm which is a concatenation of SHA-1 and MD5 digests.
putService(new ProviderService(p, "Signature",
"NONEwithRSA", "sun.security.mscapi.CSignature$NONEwithRSA",
null, attrs));
putService(new ProviderService(p, "Signature",
"SHA1withRSA", "sun.security.mscapi.CSignature$SHA1withRSA",
null, attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA256withRSA",
"sun.security.mscapi.CSignature$SHA256withRSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA384withRSA",
"sun.security.mscapi.CSignature$SHA384withRSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA512withRSA",
"sun.security.mscapi.CSignature$SHA512withRSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"RSASSA-PSS", "sun.security.mscapi.CSignature$PSS",
attrs));
putService(new ProviderService(p, "Signature",
"MD5withRSA", "sun.security.mscapi.CSignature$MD5withRSA",
null, attrs));
putService(new ProviderService(p, "Signature",
"MD2withRSA", "sun.security.mscapi.CSignature$MD2withRSA",
null, attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA1withECDSA",
"sun.security.mscapi.CSignature$SHA1withECDSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA224withECDSA",
"sun.security.mscapi.CSignature$SHA224withECDSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA256withECDSA",
"sun.security.mscapi.CSignature$SHA256withECDSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA384withECDSA",
"sun.security.mscapi.CSignature$SHA384withECDSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA512withECDSA",
"sun.security.mscapi.CSignature$SHA512withECDSA",
attrs));
/*
* Key Pair Generator engines
*/
attrs.clear();
attrs.put("KeySize", "16384");
putService(new ProviderService(p, "KeyPairGenerator",
"RSA", "sun.security.mscapi.CKeyPairGenerator$RSA",
null, attrs));
// NONEwithRSA must be supplied with a pre-computed message digest.
// Only the following digest algorithms are supported: MD5, SHA-1,
// SHA-256, SHA-384, SHA-512 and a special-purpose digest
// algorithm which is a concatenation of SHA-1 and MD5 digests.
putService(new ProviderService(p, "Signature",
"NONEwithRSA", "sun.security.mscapi.CSignature$NONEwithRSA",
null, attrs));
putService(new ProviderService(p, "Signature",
"SHA1withRSA", "sun.security.mscapi.CSignature$SHA1withRSA",
null, attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA256withRSA",
"sun.security.mscapi.CSignature$SHA256withRSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA384withRSA",
"sun.security.mscapi.CSignature$SHA384withRSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA512withRSA",
"sun.security.mscapi.CSignature$SHA512withRSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"RSASSA-PSS", "sun.security.mscapi.CSignature$PSS",
attrs));
putService(new ProviderService(p, "Signature",
"MD5withRSA", "sun.security.mscapi.CSignature$MD5withRSA",
null, attrs));
putService(new ProviderService(p, "Signature",
"MD2withRSA", "sun.security.mscapi.CSignature$MD2withRSA",
null, attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA1withECDSA",
"sun.security.mscapi.CSignature$SHA1withECDSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA224withECDSA",
"sun.security.mscapi.CSignature$SHA224withECDSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA256withECDSA",
"sun.security.mscapi.CSignature$SHA256withECDSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA384withECDSA",
"sun.security.mscapi.CSignature$SHA384withECDSA",
attrs));
putService(new ProviderServiceA(p, "Signature",
"SHA512withECDSA",
"sun.security.mscapi.CSignature$SHA512withECDSA",
attrs));
/*
* Key Pair Generator engines
*/
attrs.clear();
attrs.put("KeySize", "16384");
putService(new ProviderService(p, "KeyPairGenerator",
"RSA", "sun.security.mscapi.CKeyPairGenerator$RSA",
null, attrs));
/*
* Cipher engines
*/
attrs.clear();
attrs.put("SupportedModes", "ECB");
attrs.put("SupportedPaddings", "PKCS1PADDING");
attrs.put("SupportedKeyClasses", "sun.security.mscapi.CKey");
putService(new ProviderService(p, "Cipher",
"RSA", "sun.security.mscapi.CRSACipher",
null, attrs));
putService(new ProviderService(p, "Cipher",
"RSA/ECB/PKCS1Padding", "sun.security.mscapi.CRSACipher",
null, attrs));
return null;
}
});
/*
* Cipher engines
*/
attrs.clear();
attrs.put("SupportedModes", "ECB");
attrs.put("SupportedPaddings", "PKCS1PADDING");
attrs.put("SupportedKeyClasses", "sun.security.mscapi.CKey");
putService(new ProviderService(p, "Cipher",
"RSA", "sun.security.mscapi.CRSACipher",
null, attrs));
putService(new ProviderService(p, "Cipher",
"RSA/ECB/PKCS1Padding", "sun.security.mscapi.CRSACipher",
null, attrs));
}
}