8131486: SecureClassLoader key for ProtectionDomain cache also needs to take into account certificates
Reviewed-by: weijun
--- a/jdk/src/java.base/share/classes/java/security/CodeSource.java Fri Jul 17 08:10:41 2015 +0200
+++ b/jdk/src/java.base/share/classes/java/security/CodeSource.java Mon Jul 20 09:03:03 2015 -0400
@@ -339,7 +339,7 @@
* @param strict If true then a strict equality match is performed.
* Otherwise a subset match is performed.
*/
- private boolean matchCerts(CodeSource that, boolean strict)
+ boolean matchCerts(CodeSource that, boolean strict)
{
boolean match;
--- a/jdk/src/java.base/share/classes/java/security/SecureClassLoader.java Fri Jul 17 08:10:41 2015 +0200
+++ b/jdk/src/java.base/share/classes/java/security/SecureClassLoader.java Mon Jul 20 09:03:03 2015 -0400
@@ -25,9 +25,10 @@
package java.security;
-import java.util.Map;
+import java.net.URL;
import java.util.ArrayList;
-import java.net.URL;
+import java.util.Map;
+import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Function;
@@ -50,15 +51,15 @@
private final boolean initialized;
/*
- * Map that maps the CodeSource URL (as a String) to ProtectionDomain.
- * We use a String instead of a CodeSource/URL as the key to avoid
+ * Map that maps the CodeSource to a ProtectionDomain. The key is a
+ * CodeSourceKey class that uses a String instead of a URL to avoid
* potential expensive name service lookups. This does mean that URLs that
* are equivalent after nameservice lookup will be placed in separate
* ProtectionDomains; however during policy enforcement these URLs will be
* canonicalized and resolved resulting in a consistent set of granted
* permissions.
*/
- private final Map<String, ProtectionDomain> pdcache
+ private final Map<CodeSourceKey, ProtectionDomain> pdcache
= new ConcurrentHashMap<>(11);
private static final Debug debug = Debug.getInstance("scl");
@@ -209,17 +210,14 @@
return null;
}
- // Use a String form of the URL as the key. It should behave in the
- // same manner as the URL when compared for equality except that no
- // nameservice lookup is done on the hostname (String comparison
+ // Use a CodeSourceKey object key. It should behave in the
+ // same manner as the CodeSource when compared for equality except
+ // that no nameservice lookup is done on the hostname (String comparison
// only), and the fragment is not considered.
- String key = cs.getLocationNoFragString();
- if (key == null) {
- key = "<null>";
- }
+ CodeSourceKey key = new CodeSourceKey(cs);
return pdcache.computeIfAbsent(key, new Function<>() {
@Override
- public ProtectionDomain apply(String key /* not used */) {
+ public ProtectionDomain apply(CodeSourceKey key /* not used */) {
PermissionCollection perms
= SecureClassLoader.this.getPermissions(cs);
ProtectionDomain pd = new ProtectionDomain(
@@ -242,4 +240,37 @@
}
}
+ private static class CodeSourceKey {
+ private final CodeSource cs;
+
+ CodeSourceKey(CodeSource cs) {
+ this.cs = cs;
+ }
+
+ @Override
+ public int hashCode() {
+ String locationNoFrag = cs.getLocationNoFragString();
+ return locationNoFrag != null ? locationNoFrag.hashCode() : 0;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (obj == this) {
+ return true;
+ }
+
+ if (!(obj instanceof CodeSourceKey)) {
+ return false;
+ }
+
+ CodeSourceKey csk = (CodeSourceKey) obj;
+
+ if (!Objects.equals(cs.getLocationNoFragString(),
+ csk.cs.getLocationNoFragString())) {
+ return false;
+ }
+
+ return cs.matchCerts(csk.cs, true);
+ }
+ }
}
--- a/jdk/test/java/security/SecureClassLoader/DefineClass.java Fri Jul 17 08:10:41 2015 +0200
+++ b/jdk/test/java/security/SecureClassLoader/DefineClass.java Mon Jul 20 09:03:03 2015 -0400
@@ -21,28 +21,44 @@
* questions.
*/
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.InputStream;
import java.io.IOException;
+import java.io.OutputStream;
import java.net.URL;
import java.security.CodeSource;
+import java.security.Key;
+import java.security.KeyStoreException;
+import java.security.KeyStoreSpi;
+import java.security.NoSuchAlgorithmException;
import java.security.Permission;
import java.security.Policy;
import java.security.ProtectionDomain;
+import java.security.Provider;
import java.security.SecureClassLoader;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.URIParameter;
import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
import java.util.List;
import java.util.PropertyPermission;
/*
* @test
- * @bug 6826789
+ * @bug 6826789 8131486
* @summary Make sure equivalent ProtectionDomains are granted the same
* permissions when the CodeSource URLs are different but resolve
* to the same ip address after name service resolution.
- * @run main/othervm/java.security.policy=DefineClass.policy DefineClass
+ * @run main/othervm DefineClass
*/
public class DefineClass {
@@ -53,42 +69,100 @@
new PropertyPermission("user.name", "read")
};
- // Base64 encoded bytes of a simple class: "public class Foo {}"
+ // Base64 encoded bytes of simple class: "package foo; public class Foo {}"
private final static String FOO_CLASS =
+ "yv66vgAAADMADQoAAwAKBwALBwAMAQAGPGluaXQ+AQADKClWAQAEQ29kZQEA" +
+ "D0xpbmVOdW1iZXJUYWJsZQEAClNvdXJjZUZpbGUBAAhGb28uamF2YQwABAAF" +
+ "AQAHZm9vL0ZvbwEAEGphdmEvbGFuZy9PYmplY3QAIQACAAMAAAAAAAEAAQAE" +
+ "AAUAAQAGAAAAHQABAAEAAAAFKrcAAbEAAAABAAcAAAAGAAEAAAABAAEACAAA" +
+ "AAIACQ==";
+
+ // Base64 encoded bytes of simple class: "package bar; public class Bar {}"
+ private final static String BAR_CLASS =
+ "yv66vgAAADMADQoAAwAKBwALBwAMAQAGPGluaXQ+AQADKClWAQAEQ29kZQEA" +
+ "D0xpbmVOdW1iZXJUYWJsZQEAClNvdXJjZUZpbGUBAAhCYXIuamF2YQwABAAF" +
+ "AQAHYmFyL0JhcgEAEGphdmEvbGFuZy9PYmplY3QAIQACAAMAAAAAAAEAAQAE" +
+ "AAUAAQAGAAAAHQABAAEAAAAFKrcAAbEAAAABAAcAAAAGAAEAAAABAAEACAAA" +
+ "AAIACQ==";
+
+ // Base64 encoded bytes of simple class: "package baz; public class Baz {}"
+ private final static String BAZ_CLASS =
"yv66vgAAADQADQoAAwAKBwALBwAMAQAGPGluaXQ+AQADKClWAQAEQ29kZQEA" +
- "D0xpbmVOdW1iZXJUYWJsZQEAClNvdXJjZUZpbGUBAAhGb28uamF2YQwABAAF" +
- "AQADRm9vAQAQamF2YS9sYW5nL09iamVjdAAhAAIAAwAAAAAAAQABAAQABQAB" +
- "AAYAAAAdAAEAAQAAAAUqtwABsQAAAAEABwAAAAYAAQAAAAEAAQAIAAAAAgAJ";
+ "D0xpbmVOdW1iZXJUYWJsZQEAClNvdXJjZUZpbGUBAAhCYXouamF2YQwABAAF" +
+ "AQAHYmF6L0JhegEAEGphdmEvbGFuZy9PYmplY3QAIQACAAMAAAAAAAEAAQAE" +
+ "AAUAAQAGAAAAHQABAAEAAAAFKrcAAbEAAAABAAcAAAAGAAEAAAABAAEACAAA" +
+ "AAIACQ==";
- // Base64 encoded bytes of a simple class: "public class Bar {}"
- private final static String BAR_CLASS =
- "yv66vgAAADQADQoAAwAKBwALBwAMAQAGPGluaXQ+AQADKClWAQAEQ29kZQEA" +
- "D0xpbmVOdW1iZXJUYWJsZQEAClNvdXJjZUZpbGUBAAhCYXIuamF2YQwABAAF" +
- "AQADQmFyAQAQamF2YS9sYW5nL09iamVjdAAhAAIAAwAAAAAAAQABAAQABQAB" +
- "AAYAAAAdAAEAAQAAAAUqtwABsQAAAAEABwAAAAYAAQAAAAEAAQAIAAAAAgAJ";
+ private final static String BAZ_CERT =
+ "-----BEGIN CERTIFICATE-----\n" +
+ "MIIEFzCCA8OgAwIBAgIESpPf8TANBglghkgBZQMEAwIFADAOMQwwCgYDVQQDEwNG\n" +
+ "b28wHhcNMTUwNzE1MTY1ODM5WhcNMTUxMDEzMTY1ODM5WjAOMQwwCgYDVQQDEwNG\n" +
+ "b28wggNCMIICNQYHKoZIzjgEATCCAigCggEBAI95Ndm5qum/q+2Ies9JUbbzLsWe\n" +
+ "O683GOjqxJYfPv02BudDUanEGDM5uAnnwq4cU5unR1uF0BGtuLR5h3VJhGlcrA6P\n" +
+ "FLM2CCiiL/onEQo9YqmTRTQJoP5pbEZY+EvdIIGcNwmgEFexla3NACM9ulSEtikf\n" +
+ "nWSO+INEhneXnOwEtDSmrC516Zhd4j2wKS/BEYyf+p2BgeczjbeStzDXueNJWS9o\n" +
+ "CZhyFTkV6j1ri0ZTxjNFj4A7MqTC4PJykCVuTj+KOwg4ocRQ5OGMGimjfd9eoUPe\n" +
+ "S2b/BJA+1c8WI+FY1IfGCOl/IRzYHcojy244B2X4IuNCvkhMBXY5OWAc1mcCHQC6\n" +
+ "9pamhXj3397n+mfJd8eF7zKyM7rlgMC81WldAoIBABamXFggSFBwTnUCo5dXBA00\n" +
+ "2jo0eMFU1OSlwC0kLuBPluYeS9CQSr2sjzfuseCfMYLSPJBDy2QviABBYO35ygmz\n" +
+ "IHannDKmJ/JHPpGHm6LE50S9IIFUTLVbgCw2jR+oPtSJ6U4PoGiOMkKKXHjEeMaN\n" +
+ "BSe3HJo6uwsL4SxEaJY559POdNsQGmWqK4f2TGgm2z7HL0tVmYNLtO2wL3yQ6aSW\n" +
+ "06VdU1vr/EXU9hn2Pz3tu4c5JcLyJOB3MSltqIfsHkdI+H77X963VIQxayIy3uVT\n" +
+ "3a8CESsNHwLaMJcyJP4nrtqLnUspItm6i+Oe2eEDpjxSgQvGiLfi7UMW4e8X294D\n" +
+ "ggEFAAKCAQBsGeU8/STExzQsJ8kFM9xarA/2VAFMzyUpd3IQ2UGHQC5rEnGh/RiU\n" +
+ "T20y7a2hCpQ1f/qgLnY8hku9GRVY3z8WamBzWLzCAEAx67EsS58mf4o8R3sUbkH5\n" +
+ "/mRaZoNVSPUy+tXoLmTzIetU4W+JT8Rq4OcXXU9uo9TreeBehhVexS3vpVgQeUIn\n" +
+ "MmMma8WHpovIJQQlp4cyjalX7Beda/tqX/HPLkAS4TRqQAz7hFr3FqFrVMKFSGo4\n" +
+ "fTS06GGdQ4tw9c6NQLuQ9WF9BxYSwSk9yENQvKDZaBNarqPMnsh1Gi/QcKMRBVhM\n" +
+ "RT/9vb4QUi/pOowhhKCDBLgjY60QgX3HoyEwHzAdBgNVHQ4EFgQUa787CE+3ZNAb\n" +
+ "g1ql9yJVVrRCdx0wDQYJYIZIAWUDBAMCBQADPwAwPAIcCUkZIRrBlKdTzhKYBEOm\n" +
+ "E1i45MMum1RuHc28agIcfHQkkjBA4FfH5UMRgKpIyRR8V/dVboxDj4hKOA==\n" +
+ "-----END CERTIFICATE-----";
public static void main(String[] args) throws Exception {
+ Security.addProvider(new TestProvider());
+
MySecureClassLoader scl = new MySecureClassLoader();
- Policy p = Policy.getPolicy();
+
+ File policyFile = new File(System.getProperty("test.src", "."),
+ "DefineClass.policy");
+ Policy p = Policy.getInstance("JavaPolicy",
+ new URIParameter(policyFile.toURI()));
+ Policy.setPolicy(p);
+
+ System.setSecurityManager(new SecurityManager());
ArrayList<Permission> perms1 = getPermissions(scl, p,
"http://localhost/",
- "Foo", FOO_CLASS);
+ "foo.Foo", FOO_CLASS,
+ null);
checkPerms(perms1, GRANTED_PERMS);
ArrayList<Permission> perms2 = getPermissions(scl, p,
"http://127.0.0.1/",
- "Bar", BAR_CLASS);
+ "bar.Bar", BAR_CLASS,
+ null);
checkPerms(perms2, GRANTED_PERMS);
assert(perms1.equals(perms2));
+
+ // check that class signed by baz is granted an additional permission
+ Certificate[] chain = new Certificate[] {getCert(BAZ_CERT)};
+ ArrayList<Permission> perms3 = getPermissions(scl, p,
+ "http://localhost/",
+ "baz.Baz", BAZ_CLASS,
+ chain);
+ List<Permission> perms = new ArrayList<>(Arrays.asList(GRANTED_PERMS));
+ perms.add(new PropertyPermission("user.dir", "read"));
+ checkPerms(perms3, perms.toArray(new Permission[0]));
}
// returns the permissions granted to the codebase URL
private static ArrayList<Permission> getPermissions(MySecureClassLoader scl,
Policy p, String url,
String className,
- String classBytes)
+ String classBytes,
+ Certificate[] chain)
throws IOException {
- CodeSource cs = new CodeSource(new URL(url), (Certificate[])null);
+ CodeSource cs = new CodeSource(new URL(url), chain);
Base64.Decoder bd = Base64.getDecoder();
byte[] bytes = bd.decode(classBytes);
Class<?> c = scl.defineMyClass(className, bytes, cs);
@@ -105,10 +179,125 @@
}
}
+ private static Certificate getCert(String base64Cert) throws Exception {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ InputStream is = new ByteArrayInputStream(base64Cert.getBytes("UTF-8"));
+ return cf.generateCertificate(is);
+ }
+
// A SecureClassLoader that allows the test to define its own classes
private static class MySecureClassLoader extends SecureClassLoader {
Class<?> defineMyClass(String name, byte[] b, CodeSource cs) {
return super.defineClass(name, b, 0, b.length, cs);
}
}
+
+ private static class TestProvider extends Provider {
+ TestProvider() {
+ super("Test8131486", 0.0, "For testing only");
+ putService(new Provider.Service(this, "KeyStore", "Test8131486",
+ "DefineClass$TestKeyStore", null, null));
+ }
+ }
+
+ /**
+ * A KeyStore containing a single certificate entry named "baz".
+ */
+ public static class TestKeyStore extends KeyStoreSpi {
+ private final String baz = "baz";
+ private final List<String> aliases = Collections.singletonList(baz);
+ private final Certificate bazCert;
+
+ public TestKeyStore() {
+ try {
+ this.bazCert = getCert(BAZ_CERT);
+ } catch (Exception e) {
+ throw new Error();
+ }
+ }
+
+ @Override
+ public Enumeration<String> engineAliases() {
+ return Collections.enumeration(aliases);
+ }
+
+ @Override
+ public boolean engineContainsAlias(String alias) {
+ return alias.equals(baz);
+ }
+
+ @Override
+ public void engineDeleteEntry(String alias) throws KeyStoreException {
+ throw new KeyStoreException();
+ }
+
+ @Override
+ public Certificate engineGetCertificate(String alias) {
+ return alias.equals(baz) ? bazCert : null;
+ }
+
+ @Override
+ public String engineGetCertificateAlias(Certificate cert) {
+ return cert.equals(bazCert) ? baz : null;
+ }
+
+ @Override
+ public Certificate[] engineGetCertificateChain(String alias) {
+ return alias.equals(baz) ? new Certificate[] {bazCert} : null;
+ }
+
+ @Override
+ public Date engineGetCreationDate(String alias) {
+ return alias.equals(baz) ? new Date() : null;
+ }
+
+ @Override
+ public Key engineGetKey(String alias, char[] password)
+ throws NoSuchAlgorithmException, UnrecoverableKeyException {
+ return null;
+ }
+
+ @Override
+ public boolean engineIsCertificateEntry(String alias) {
+ return alias.equals(baz);
+ }
+
+ @Override
+ public boolean engineIsKeyEntry(String alias) {
+ return false;
+ }
+
+ @Override
+ public void engineLoad(InputStream stream, char[] password)
+ throws IOException, NoSuchAlgorithmException, CertificateException {
+ }
+
+ @Override
+ public void engineSetCertificateEntry(String alias, Certificate cert)
+ throws KeyStoreException {
+ throw new KeyStoreException();
+ }
+
+ @Override
+ public void engineSetKeyEntry(String alias, byte[] key,
+ Certificate[] chain)
+ throws KeyStoreException {
+ throw new KeyStoreException();
+ }
+
+ @Override
+ public void engineSetKeyEntry(String alias, Key key, char[] password,
+ Certificate[] chain)
+ throws KeyStoreException {
+ throw new KeyStoreException();
+ }
+
+ @Override
+ public int engineSize() { return 1; }
+
+ @Override
+ public void engineStore(OutputStream stream, char[] password)
+ throws IOException, NoSuchAlgorithmException, CertificateException {
+ }
+ }
}
--- a/jdk/test/java/security/SecureClassLoader/DefineClass.policy Fri Jul 17 08:10:41 2015 +0200
+++ b/jdk/test/java/security/SecureClassLoader/DefineClass.policy Mon Jul 20 09:03:03 2015 -0400
@@ -1,7 +1,7 @@
+keystore "NONE", "Test8131486", "Test8131486";
+
grant {
- permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getProtectionDomain";
- permission java.security.SecurityPermission "getPolicy";
};
grant codebase "http://localhost/" {
permission java.util.PropertyPermission "user.home", "read";
@@ -9,3 +9,6 @@
grant codebase "http://127.0.0.1/" {
permission java.util.PropertyPermission "user.name", "read";
};
+grant codebase "http://localhost/", signedby "baz" {
+ permission java.util.PropertyPermission "user.dir", "read";
+};