# HG changeset patch # User msheppar # Date 1504451293 -3600 # Node ID 592e22777742c06dcbfd333bae76f5224c97216c # Parent c94c352dc4004e678e7366c5deda4920b2dbbea8 8160104: CORBA communication improvements Reviewed-by: rriggs, dfuchs diff -r c94c352dc400 -r 592e22777742 src/java.base/share/conf/security/java.security --- a/src/java.base/share/conf/security/java.security Mon Jan 08 14:06:25 2018 -0500 +++ b/src/java.base/share/conf/security/java.security Sun Sep 03 16:08:13 2017 +0100 @@ -985,3 +985,24 @@ # java.rmi.dgc.VMID;\ # java.rmi.dgc.Lease;\ # maxdepth=5;maxarray=10000 + +# CORBA ORBIorTypeCheckRegistryFilter +# Type check enhancement for ORB::string_to_object processing +# +# An IOR type check filter, if configured, is used by an ORB during +# an ORB::string_to_object invocation to check the veracity of the type encoded +# in the ior string. +# +# The filter pattern consists of a semi-colon separated list of class names. +# The configured list contains the binary class names of the IDL interface types +# corresponding to the IDL stub class to be instantiated. +# As such, a filter specifies a list of IDL stub classes that will be +# allowed by an ORB when an ORB::string_to_object is invoked. +# It is used to specify a white list configuration of acceptable +# IDL stub types which may be contained in a stringified IOR +# parameter passed as input to an ORB::string_to_object method. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be examined and used by other implementations. +# +#com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name diff -r c94c352dc400 -r 592e22777742 src/java.corba/share/classes/com/sun/corba/se/impl/encoding/BufferManagerWriteGrow.java --- a/src/java.corba/share/classes/com/sun/corba/se/impl/encoding/BufferManagerWriteGrow.java Mon Jan 08 14:06:25 2018 -0500 +++ b/src/java.corba/share/classes/com/sun/corba/se/impl/encoding/BufferManagerWriteGrow.java Sun Sep 03 16:08:13 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,11 +26,13 @@ package com.sun.corba.se.impl.encoding; import com.sun.corba.se.impl.orbutil.ORBConstants; +import com.sun.corba.se.impl.orbutil.ORBUtility; import com.sun.corba.se.impl.encoding.ByteBufferWithInfo; import com.sun.corba.se.impl.encoding.BufferManagerWrite; import com.sun.corba.se.pept.encoding.OutputObject; import com.sun.corba.se.pept.transport.Connection; import com.sun.corba.se.spi.orb.ORB; +import com.sun.corba.se.spi.orb.ORBData; public class BufferManagerWriteGrow extends BufferManagerWrite { @@ -48,7 +50,20 @@ * buffer manager as set in the ORB. */ public int getBufferSize() { - return orb.getORBData().getGIOPBufferSize(); + ORBData orbData = null; + int bufferSize = ORBConstants.GIOP_DEFAULT_BUFFER_SIZE; + if (orb != null) { + orbData = orb.getORBData(); + if (orbData != null) { + bufferSize = orbData.getGIOPBufferSize(); + dprint("BufferManagerWriteGrow.getBufferSize: bufferSize == " + bufferSize); + } else { + dprint("BufferManagerWriteGrow.getBufferSize: orbData reference is NULL"); + } + } else { + dprint("BufferManagerWriteGrow.getBufferSize: orb reference is NULL"); + } + return bufferSize; } public void overflow (ByteBufferWithInfo bbwi) @@ -89,4 +104,9 @@ */ public void close() {} + private void dprint(String msg) { + if (orb.transportDebugFlag) { + ORBUtility.dprint(this, msg); } + } +} diff -r c94c352dc400 -r 592e22777742 src/java.corba/share/classes/com/sun/corba/se/impl/encoding/CDRInputStream_1_0.java --- a/src/java.corba/share/classes/com/sun/corba/se/impl/encoding/CDRInputStream_1_0.java Mon Jan 08 14:06:25 2018 -0500 +++ b/src/java.corba/share/classes/com/sun/corba/se/impl/encoding/CDRInputStream_1_0.java Sun Sep 03 16:08:13 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -725,12 +725,14 @@ // IDLEntity.class.isAssignableFrom( clz ). // 3. If clz is an interface, use it to create the appropriate // stub factory. + public org.omg.CORBA.Object read_Object(Class clz) { // In any case, we must first read the IOR. IOR ior = IORFactories.makeIOR(parent) ; - if (ior.isNil()) + if (ior.isNil()) { return null ; + } PresentationManager.StubFactoryFactory sff = ORB.getStubFactoryFactory() ; String codeBase = ior.getProfile().getCodebase() ; @@ -739,6 +741,7 @@ if (clz == null) { RepositoryId rid = RepositoryId.cache.getId( ior.getTypeId() ) ; String className = rid.getClassName() ; + orb.validateIORClass(className); boolean isIDLInterface = rid.isIDLType() ; if (className == null || className.equals( "" )) @@ -761,11 +764,9 @@ } else { // clz is an interface class boolean isIDL = IDLEntity.class.isAssignableFrom( clz ) ; - stubFactory = sff.createStubFactory( clz.getName(), isIDL, codeBase, clz, clz.getClassLoader() ) ; } - return internalIORToObject( ior, stubFactory, orb ) ; } diff -r c94c352dc400 -r 592e22777742 src/java.corba/share/classes/com/sun/corba/se/impl/ior/IORTypeCheckRegistryImpl.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/java.corba/share/classes/com/sun/corba/se/impl/ior/IORTypeCheckRegistryImpl.java Sun Sep 03 16:08:13 2017 +0100 @@ -0,0 +1,179 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package com.sun.corba.se.impl.ior; + +import java.util.Set; + +import com.sun.corba.se.impl.orbutil.ORBUtility; +import com.sun.corba.se.spi.ior.IORTypeCheckRegistry; +import com.sun.corba.se.spi.orb.ORB; + +public class IORTypeCheckRegistryImpl implements IORTypeCheckRegistry { + + private final Set iorTypeNames; + private static final Set builtinIorTypeNames; + private ORB theOrb; + + static { + builtinIorTypeNames = initBuiltinIorTypeNames(); + } + + public IORTypeCheckRegistryImpl( String filterProperties, ORB orb) { + theOrb = orb; + iorTypeNames = parseIorClassNameList(filterProperties); + } + + /* + * + * A note on the validation flow: + * 1. against the filter class name list + * 2. against the builtin class name list + */ + + @Override + public boolean isValidIORType(String iorClassName) { + dprintTransport(".isValidIORType : iorClassName == " + iorClassName); + return validateIorTypeByName(iorClassName); + } + + + private boolean validateIorTypeByName(String iorClassName) { + dprintTransport(".validateIorTypeByName : iorClassName == " + iorClassName); + boolean isValidType; + + isValidType = checkIorTypeNames(iorClassName); + + if (!isValidType) { + isValidType = checkBuiltinClassNames(iorClassName); + } + + dprintTransport(".validateIorTypeByName : isValidType == " + isValidType); + return isValidType; + } + + + /* + * check if the class name corresponding to an IOR Type name + * is in the ior class name list as generated from the filter property. + * So if the IOR type is recorded in the registry then allow the creation of the + * stub factory and let it resolve and load the class. That is if current + * type check deliberation permits. + * IOR Type names are configured by the filter property + */ + + private boolean checkIorTypeNames( + String theIorClassName) { + return (iorTypeNames != null) && (iorTypeNames.contains(theIorClassName)); + } + + /* + * Check the IOR interface class name against the set of + * class names that correspond to the builtin JDK IDL stub classes. + */ + + private boolean checkBuiltinClassNames( + String theIorClassName) { + return builtinIorTypeNames.contains(theIorClassName); + } + + + private Set parseIorClassNameList(String filterProperty) { + Set _iorTypeNames = null; + if (filterProperty != null) { + String[] tempIorClassNames = filterProperty.split(";"); + _iorTypeNames = Set.of(tempIorClassNames); + if (theOrb.orbInitDebugFlag) { + dprintConfiguredIorTypeNames(); + } + } + return _iorTypeNames; + } + + + private static Set initBuiltinIorTypeNames() { + Set> builtInCorbaStubTypes = initBuiltInCorbaStubTypes(); + String [] tempBuiltinIorTypeNames = new String[builtInCorbaStubTypes.size()]; + int i = 0; + for (Class _stubClass: builtInCorbaStubTypes) { + tempBuiltinIorTypeNames[i++] = _stubClass.getName(); + } + return Set.of(tempBuiltinIorTypeNames); + } + + private static Set> initBuiltInCorbaStubTypes() { + Class tempBuiltinCorbaStubTypes[] = { + com.sun.corba.se.spi.activation.Activator.class, + com.sun.corba.se.spi.activation._ActivatorStub.class, + com.sun.corba.se.spi.activation._InitialNameServiceStub.class, + com.sun.corba.se.spi.activation._LocatorStub.class, + com.sun.corba.se.spi.activation._RepositoryStub.class, + com.sun.corba.se.spi.activation._ServerManagerStub.class, + com.sun.corba.se.spi.activation._ServerStub.class, + org.omg.CosNaming.BindingIterator.class, + org.omg.CosNaming._BindingIteratorStub.class, + org.omg.CosNaming.NamingContextExt.class, + org.omg.CosNaming._NamingContextExtStub.class, + org.omg.CosNaming.NamingContext.class, + org.omg.CosNaming._NamingContextStub.class, + org.omg.DynamicAny.DynAnyFactory.class, + org.omg.DynamicAny._DynAnyFactoryStub.class, + org.omg.DynamicAny.DynAny.class, + org.omg.DynamicAny._DynAnyStub.class, + org.omg.DynamicAny.DynArray.class, + org.omg.DynamicAny._DynArrayStub.class, + org.omg.DynamicAny.DynEnum.class, + org.omg.DynamicAny._DynEnumStub.class, + org.omg.DynamicAny.DynFixed.class, + org.omg.DynamicAny._DynFixedStub.class, + org.omg.DynamicAny.DynSequence.class, + org.omg.DynamicAny._DynSequenceStub.class, + org.omg.DynamicAny.DynStruct.class, + org.omg.DynamicAny._DynStructStub.class, + org.omg.DynamicAny.DynUnion.class, + org.omg.DynamicAny._DynUnionStub.class, + org.omg.DynamicAny._DynValueStub.class, + org.omg.DynamicAny.DynValue.class, + org.omg.PortableServer.ServantActivator.class, + org.omg.PortableServer._ServantActivatorStub.class, + org.omg.PortableServer.ServantLocator.class, + org.omg.PortableServer._ServantLocatorStub.class }; + return Set.>of(tempBuiltinCorbaStubTypes); + } + + private void dprintConfiguredIorTypeNames() { + if (iorTypeNames != null) { + for (String iorTypeName : iorTypeNames) { + ORBUtility.dprint(this, ".dprintConfiguredIorTypeNames: " + iorTypeName); + } + } + } + + private void dprintTransport(String msg) { + if (theOrb.transportDebugFlag) { + ORBUtility.dprint(this, msg); + } + } +} diff -r c94c352dc400 -r 592e22777742 src/java.corba/share/classes/com/sun/corba/se/impl/orb/ORBImpl.java --- a/src/java.corba/share/classes/com/sun/corba/se/impl/orb/ORBImpl.java Mon Jan 08 14:06:25 2018 -0500 +++ b/src/java.corba/share/classes/com/sun/corba/se/impl/orb/ORBImpl.java Sun Sep 03 16:08:13 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -54,6 +54,7 @@ import java.security.PrivilegedAction; import java.security.AccessController; +import java.security.Security; import javax.rmi.CORBA.Util; import javax.rmi.CORBA.ValueHandler; @@ -90,6 +91,7 @@ import com.sun.corba.se.pept.transport.TransportManager; import com.sun.corba.se.spi.ior.IOR; +import com.sun.corba.se.spi.ior.IORTypeCheckRegistry; import com.sun.corba.se.spi.ior.IdentifiableFactoryFinder; import com.sun.corba.se.spi.ior.TaggedComponentFactoryFinder; import com.sun.corba.se.spi.ior.IORFactories; @@ -124,6 +126,7 @@ import com.sun.corba.se.spi.transport.CorbaContactInfoListFactory; import com.sun.corba.se.spi.transport.CorbaTransportManager; import com.sun.corba.se.spi.legacy.connection.LegacyServerSocketManager; +import com.sun.corba.se.spi.logging.CORBALogDomains; import com.sun.corba.se.spi.copyobject.CopierManager; import com.sun.corba.se.spi.presentation.rmi.PresentationDefaults; import com.sun.corba.se.spi.presentation.rmi.PresentationManager; @@ -145,6 +148,7 @@ import com.sun.corba.se.impl.encoding.CachedCodeBase; import com.sun.corba.se.impl.interceptors.PIHandlerImpl; import com.sun.corba.se.impl.interceptors.PINoOpHandlerImpl; +import com.sun.corba.se.impl.ior.IORTypeCheckRegistryImpl; import com.sun.corba.se.impl.ior.TaggedComponentFactoryFinderImpl; import com.sun.corba.se.impl.ior.TaggedProfileFactoryFinderImpl; import com.sun.corba.se.impl.ior.TaggedProfileTemplateFactoryFinderImpl; @@ -226,6 +230,8 @@ private ServiceContextRegistry serviceContextRegistry ; + private IORTypeCheckRegistry iorTypeCheckRegistry; + // Needed here to implement connect/disconnect private TOAFactory toaFactory ; @@ -274,6 +280,8 @@ // insNamingDelegate. private final Object resolverLock = new Object() ; + private static final String IORTYPECHECKREGISTRY_FILTER_PROPNAME = "com.sun.CORBA.ORBIorTypeCheckRegistryFilter"; + private TaggedComponentFactoryFinder taggedComponentFactoryFinder ; private IdentifiableFactoryFinder taggedProfileFactoryFinder ; @@ -411,6 +419,39 @@ }; serviceContextRegistry = new ServiceContextRegistry( this ) ; + + } + + + private void initIORTypeCheckRegistry() { + String filterProps = AccessController + .doPrivileged(new PrivilegedAction() { + public String run() { + String props = System + .getProperty(IORTYPECHECKREGISTRY_FILTER_PROPNAME); + if (props == null) { + props = Security + .getProperty(IORTYPECHECKREGISTRY_FILTER_PROPNAME); + } + return props; + } + }); + if (filterProps != null) { + try { + iorTypeCheckRegistry = new IORTypeCheckRegistryImpl(filterProps, this); + } catch (Exception ex) { + throw wrapper.bootstrapException(ex); + } + + if (this.orbInitDebugFlag) { + dprint(".initIORTypeCheckRegistry, IORTypeCheckRegistryImpl created for properties == " + + filterProps); + } + } else { + if (this.orbInitDebugFlag) { + dprint(".initIORTypeCheckRegistry, IORTypeCheckRegistryImpl NOT created for properties == "); + } + } } protected void setDebugFlags( String[] args ) @@ -494,6 +535,8 @@ getThreadPoolManager(); super.getByteBufferPool(); + + initIORTypeCheckRegistry(); } private synchronized POAFactory getPOAFactory() @@ -2089,6 +2132,17 @@ } return copierManager ; } + + @Override + public void validateIORClass(String iorClassName) { + if (iorTypeCheckRegistry != null) { + if (!iorTypeCheckRegistry.isValidIORType(iorClassName)) { + throw ORBUtilSystemException.get( this, + CORBALogDomains.OA_IOR ).badStringifiedIor(); + } + } + } + } // Class ORBImpl //////////////////////////////////////////////////////////////////////// diff -r c94c352dc400 -r 592e22777742 src/java.corba/share/classes/com/sun/corba/se/impl/orb/ORBSingleton.java --- a/src/java.corba/share/classes/com/sun/corba/se/impl/orb/ORBSingleton.java Mon Jan 08 14:06:25 2018 -0500 +++ b/src/java.corba/share/classes/com/sun/corba/se/impl/orb/ORBSingleton.java Sun Sep 03 16:08:13 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -768,6 +768,13 @@ public CopierManager getCopierManager() { return null ; } + + @Override + public void validateIORClass(String iorClassName) { + getFullORB().validateIORClass(iorClassName); + + } + } // End of file. diff -r c94c352dc400 -r 592e22777742 src/java.corba/share/classes/com/sun/corba/se/spi/ior/IORTypeCheckRegistry.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/java.corba/share/classes/com/sun/corba/se/spi/ior/IORTypeCheckRegistry.java Sun Sep 03 16:08:13 2017 +0100 @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package com.sun.corba.se.spi.ior; + +public interface IORTypeCheckRegistry { + public boolean isValidIORType(String iorClassName); +} + diff -r c94c352dc400 -r 592e22777742 src/java.corba/share/classes/com/sun/corba/se/spi/orb/ORB.java --- a/src/java.corba/share/classes/com/sun/corba/se/spi/orb/ORB.java Mon Jan 08 14:06:25 2018 -0500 +++ b/src/java.corba/share/classes/com/sun/corba/se/spi/orb/ORB.java Sun Sep 03 16:08:13 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -121,6 +121,7 @@ public boolean shutdownDebugFlag = false; public boolean giopDebugFlag = false; public boolean invocationTimingDebugFlag = false ; + public boolean orbInitDebugFlag = false ; // SystemException log wrappers. Protected so that they can be used in // subclasses. @@ -487,6 +488,24 @@ public abstract ThreadPoolManager getThreadPoolManager(); public abstract CopierManager getCopierManager() ; + + /* + * This method is called to verify that a stringified IOR passed to + * an org.omg.CORBA.ORB::string_to_object method contains a valid and acceptable IOR type. + * If an ORB is configured with IOR type checking enabled, + * the ORB executes a IOR type registry lookup to + * validate that the class name extract from a type id in + * a stringified IOR is a known and accepted type. + * A CORBA {@code org.omg.CORBA.DATA_CONVERSION} exception will be thrown should the type check fail. + * + * @param iorClassName + * a string representing the class name corresponding to the type id of an IOR + * @throws org.omg.CORBA.DATA_CONVERSION + * exception with an indication that it is a "Bad stringified IOR", which is thrown + * when the type check fails. + */ + public abstract void validateIORClass(String iorClassName); + } // End of file.