8209416: Refactoring GetPropertyAction calls in security libs
Reviewed-by: xuelei, rriggs
--- a/src/java.base/share/classes/com/sun/security/ntlm/NTLM.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.base/share/classes/com/sun/security/ntlm/NTLM.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
package com.sun.security.ntlm;
+import sun.security.action.GetBooleanAction;
+
import static com.sun.security.ntlm.Version.*;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
@@ -55,10 +57,8 @@
private final MessageDigest md4;
private final Mac hmac;
private final MessageDigest md5;
- private static final boolean DEBUG =
- java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction("ntlm.debug"))
- .booleanValue();
+ private static final boolean DEBUG
+ = GetBooleanAction.privilegedGetProperty("ntlm.debug");
final Version v;
--- a/src/java.base/share/classes/sun/security/action/GetBooleanAction.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.base/share/classes/sun/security/action/GetBooleanAction.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
package sun.security.action;
+import java.security.AccessController;
+
/**
* A convenience class for retrieving the boolean value of a system property
* as a privileged action.
@@ -69,4 +71,25 @@
public Boolean run() {
return Boolean.getBoolean(theProp);
}
+
+ /**
+ * Convenience method to get a property without going through doPrivileged
+ * if no security manager is present. This is unsafe for inclusion in a
+ * public API but allowable here since this class is now encapsulated.
+ *
+ * Note that this method performs a privileged action using caller-provided
+ * inputs. The caller of this method should take care to ensure that the
+ * inputs are not tainted and the returned property is not made accessible
+ * to untrusted code if it contains sensitive information.
+ *
+ * @param theProp the name of the system property.
+ */
+ public static boolean privilegedGetProperty(String theProp) {
+ if (System.getSecurityManager() == null) {
+ return Boolean.getBoolean(theProp);
+ } else {
+ return AccessController.doPrivileged(
+ new GetBooleanAction(theProp));
+ }
+ }
}
--- a/src/java.base/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.base/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,9 +25,9 @@
package sun.security.internal.spec;
+import sun.security.action.GetBooleanAction;
+
import java.security.spec.AlgorithmParameterSpec;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
/**
* Parameters for SSL/TLS RSA premaster secret.
@@ -51,25 +51,11 @@
* requested in its client hello version). However, we (and other
* implementations) used to send the active negotiated version. The
* system property below allows to toggle the behavior.
- */
- private static final String PROP_NAME =
- "com.sun.net.ssl.rsaPreMasterSecretFix";
-
- /*
* Default is "false" (old behavior) for compatibility reasons in
* SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property.
*/
- private static final boolean rsaPreMasterSecretFix =
- AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
- public Boolean run() {
- String value = System.getProperty(PROP_NAME);
- if (value != null && value.equalsIgnoreCase("true")) {
- return Boolean.TRUE;
- }
-
- return Boolean.FALSE;
- }
- });
+ private static final boolean rsaPreMasterSecretFix = GetBooleanAction
+ .privilegedGetProperty("com.sun.net.ssl.rsaPreMasterSecretFix");
private final int clientVersion;
private final int serverVersion;
--- a/src/java.base/share/classes/sun/security/provider/certpath/Builder.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.base/share/classes/sun/security/provider/certpath/Builder.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -63,8 +63,8 @@
* Authority Information Access extension shall be enabled. Currently
* disabled by default for compatibility reasons.
*/
- static final boolean USE_AIA = AccessController.doPrivileged
- (new GetBooleanAction("com.sun.security.enableAIAcaIssuers"));
+ static final boolean USE_AIA = GetBooleanAction
+ .privilegedGetProperty("com.sun.security.enableAIAcaIssuers");
/**
* Initialize the builder with the input parameters.
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java Tue Aug 14 22:39:34 2018 +0800
@@ -31,6 +31,8 @@
import java.util.Locale;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
+
+import sun.security.action.GetPropertyAction;
import sun.security.util.Cache;
@@ -196,15 +198,9 @@
private static int getDefaultCacheLimit() {
int defaultCacheLimit = 0;
try {
- String s = java.security.AccessController.doPrivileged(
- new java.security.PrivilegedAction<String>() {
- @Override
- public String run() {
- return System.getProperty(
- "javax.net.ssl.sessionCacheSize");
- }
- });
- defaultCacheLimit = (s != null) ? Integer.parseInt(s) : 0;
+ String s = GetPropertyAction
+ .privilegedGetProperty("javax.net.ssl.sessionCacheSize");
+ defaultCacheLimit = (s != null) ? Integer.parseInt(s) : 0;
} catch (Exception e) {
// swallow the exception
}
--- a/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java Tue Aug 14 22:39:34 2018 +0800
@@ -96,10 +96,10 @@
}
defaultResponder = tmpURI;
- respOverride = AccessController.doPrivileged(
- new GetBooleanAction("jdk.tls.stapling.responderOverride"));
- ignoreExtensions = AccessController.doPrivileged(
- new GetBooleanAction("jdk.tls.stapling.ignoreExtensions"));
+ respOverride = GetBooleanAction
+ .privilegedGetProperty("jdk.tls.stapling.responderOverride");
+ ignoreExtensions = GetBooleanAction
+ .privilegedGetProperty("jdk.tls.stapling.ignoreExtensions");
threadMgr = new ScheduledThreadPoolExecutor(DEFAULT_CORE_THREADS,
new ThreadFactory() {
--- a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java Tue Aug 14 22:39:34 2018 +0800
@@ -482,8 +482,8 @@
//
// If the System Property is not defined or the value is empty, the
// default groups and preferences will be used.
- String property = AccessController.doPrivileged(
- new GetPropertyAction("jdk.tls.namedGroups"));
+ String property = GetPropertyAction
+ .privilegedGetProperty("jdk.tls.namedGroups");
if (property != null && property.length() != 0) {
// remove double quote marks from beginning/end of the property
if (property.length() > 1 && property.charAt(0) == '"' &&
--- a/src/java.base/share/classes/sun/security/validator/PKIXValidator.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.base/share/classes/sun/security/validator/PKIXValidator.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -57,9 +57,8 @@
* manager. Typically, this will only work if the PKIX implementation
* supports CRL distribution points as we do not manually setup CertStores.
*/
- private static final boolean checkTLSRevocation =
- AccessController.doPrivileged
- (new GetBooleanAction("com.sun.net.ssl.checkRevocation"));
+ private static final boolean checkTLSRevocation = GetBooleanAction
+ .privilegedGetProperty("com.sun.net.ssl.checkRevocation");
private final Set<X509Certificate> trustedCerts;
private final PKIXBuilderParameters parameterTemplate;
--- a/src/java.base/share/classes/sun/security/x509/AVA.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.base/share/classes/sun/security/x509/AVA.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -64,9 +64,8 @@
// See CR 6391482: if enabled this flag preserves the old but incorrect
// PrintableString encoding for DomainComponent. It may need to be set to
// avoid breaking preexisting certificates generated with sun.security APIs.
- private static final boolean PRESERVE_OLD_DC_ENCODING =
- AccessController.doPrivileged(new GetBooleanAction
- ("com.sun.security.preserveOldDCEncoding"));
+ private static final boolean PRESERVE_OLD_DC_ENCODING = GetBooleanAction
+ .privilegedGetProperty("com.sun.security.preserveOldDCEncoding");
/**
* DEFAULT format allows both RFC1779 and RFC2253 syntax and
--- a/src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -34,6 +34,8 @@
import sun.net.www.protocol.http.HttpCallerInfo;
import sun.net.www.protocol.http.Negotiator;
+import sun.security.action.GetBooleanAction;
+import sun.security.action.GetPropertyAction;
import sun.security.jgss.GSSManagerImpl;
import sun.security.jgss.GSSContextImpl;
import sun.security.jgss.GSSUtil;
@@ -50,8 +52,7 @@
public class NegotiatorImpl extends Negotiator {
private static final boolean DEBUG =
- java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction("sun.security.krb5.debug"));
+ GetBooleanAction.privilegedGetProperty("sun.security.krb5.debug");
private GSSContext context;
private byte[] oneToken;
@@ -71,14 +72,8 @@
// we can only use Kerberos mech when the scheme is kerberos
oid = GSSUtil.GSS_KRB5_MECH_OID;
} else {
- String pref = java.security.AccessController.doPrivileged(
- new java.security.PrivilegedAction<String>() {
- public String run() {
- return System.getProperty(
- "http.auth.preference",
- "spnego");
- }
- });
+ String pref = GetPropertyAction
+ .privilegedGetProperty("http.auth.preference", "spnego");
if (pref.equalsIgnoreCase("kerberos")) {
oid = GSSUtil.GSS_KRB5_MECH_OID;
} else {
--- a/src/java.security.jgss/share/classes/sun/security/jgss/GSSManagerImpl.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/GSSManagerImpl.java Tue Aug 14 22:39:34 2018 +0800
@@ -26,10 +26,9 @@
package sun.security.jgss;
import org.ietf.jgss.*;
+import sun.security.action.GetBooleanAction;
import sun.security.jgss.spi.*;
import java.security.Provider;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
/**
* This class provides the default implementation of the GSSManager
@@ -38,20 +37,8 @@
public class GSSManagerImpl extends GSSManager {
// Undocumented property
- private static final String USE_NATIVE_PROP =
- "sun.security.jgss.native";
- private static final Boolean USE_NATIVE;
-
- static {
- USE_NATIVE =
- AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
- public Boolean run() {
- return Boolean.valueOf(System.getProperty
- (USE_NATIVE_PROP));
- }
- });
-
- }
+ private static final Boolean USE_NATIVE = GetBooleanAction
+ .privilegedGetProperty("sun.security.jgss.native");
private ProviderList list;
--- a/src/java.security.jgss/share/classes/sun/security/jgss/GSSUtil.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/GSSUtil.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -68,15 +68,8 @@
public static final Oid NT_GSS_KRB5_PRINCIPAL =
GSSUtil.createOid("1.2.840.113554.1.2.2.1");
- private static final String DEFAULT_HANDLER =
- "auth.login.defaultCallbackHandler";
-
- static final boolean DEBUG;
- static {
- DEBUG = (AccessController.doPrivileged
- (new GetBooleanAction("sun.security.jgss.debug"))).
- booleanValue();
- }
+ static final boolean DEBUG =
+ GetBooleanAction.privilegedGetProperty("sun.security.jgss.debug");
static void debug(String message) {
if (DEBUG) {
@@ -240,8 +233,8 @@
cb = new sun.net.www.protocol.http.spnego.NegotiateCallbackHandler(
((HttpCaller)caller).info());
} else {
- String defaultHandler =
- java.security.Security.getProperty(DEFAULT_HANDLER);
+ String defaultHandler = java.security.Security
+ .getProperty("auth.login.defaultCallbackHandler");
// get the default callback handler
if ((defaultHandler != null) && (defaultHandler.length() != 0)) {
cb = null;
@@ -270,8 +263,8 @@
*/
public static boolean useSubjectCredsOnly(GSSCaller caller) {
- String propValue = GetPropertyAction.privilegedGetProperty(
- "javax.security.auth.useSubjectCredsOnly");
+ String propValue = GetPropertyAction
+ .privilegedGetProperty("javax.security.auth.useSubjectCredsOnly");
// Invalid values should be ignored and the default assumed.
if (caller instanceof HttpCaller) {
@@ -295,9 +288,8 @@
* Don't use GetBooleanAction because the default value in the JRE
* (when this is unset) has to treated as true.
*/
- String propValue = AccessController.doPrivileged(
- new GetPropertyAction("sun.security.spnego.msinterop",
- "true"));
+ String propValue = GetPropertyAction
+ .privilegedGetProperty("sun.security.spnego.msinterop", "true");
/*
* This property has to be explicitly set to "false". Invalid
* values should be ignored and the default "true" assumed.
--- a/src/java.security.jgss/share/classes/sun/security/jgss/ProviderList.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/ProviderList.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,7 +27,6 @@
import java.lang.reflect.InvocationTargetException;
import org.ietf.jgss.*;
-import java.security.AccessController;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
@@ -93,10 +92,6 @@
private static final String SPI_MECH_FACTORY_TYPE
= "sun.security.jgss.spi.MechanismFactory";
- // Undocumented property?
- private static final String DEFAULT_MECH_PROP =
- "sun.security.jgss.mechanism";
-
public static final Oid DEFAULT_MECH_OID;
static {
@@ -106,8 +101,8 @@
* with a valid OID value
*/
Oid defOid = null;
- String defaultOidStr = AccessController.doPrivileged
- (new GetPropertyAction(DEFAULT_MECH_PROP));
+ String defaultOidStr = GetPropertyAction
+ .privilegedGetProperty("sun.security.jgss.mechanism");
if (defaultOidStr != null) {
defOid = GSSUtil.createOid(defaultOidStr);
}
--- a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/AcceptSecContextToken.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/AcceptSecContextToken.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,6 @@
import org.ietf.jgss.*;
import java.io.InputStream;
import java.io.IOException;
-import java.security.AccessController;
import sun.security.action.GetBooleanAction;
import sun.security.krb5.*;
@@ -45,8 +44,8 @@
KrbApReq apReq)
throws KrbException, IOException, GSSException {
- boolean useSubkey = AccessController.doPrivileged(
- new GetBooleanAction("sun.security.krb5.acceptor.subkey"));
+ boolean useSubkey = GetBooleanAction
+ .privilegedGetProperty("sun.security.krb5.acceptor.subkey");
boolean useSequenceNumber = true;
--- a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,12 +26,13 @@
package sun.security.jgss.krb5;
import javax.security.auth.kerberos.KerberosTicket;
-import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KeyTab;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import java.security.AccessControlContext;
+
+import sun.security.action.GetBooleanAction;
import sun.security.jgss.GSSUtil;
import sun.security.jgss.GSSCaller;
@@ -39,20 +40,16 @@
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.KrbException;
import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
import sun.security.krb5.KerberosSecrets;
import sun.security.krb5.PrincipalName;
+
/**
* Utilities for obtaining and converting Kerberos tickets.
- *
*/
public class Krb5Util {
- static final boolean DEBUG =
- java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction
- ("sun.security.krb5.debug")).booleanValue();
+ static final boolean DEBUG = GetBooleanAction
+ .privilegedGetProperty("sun.security.krb5.debug");
/**
* Default constructor
--- a/src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoContext.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoContext.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,7 @@
import java.io.*;
import java.security.Provider;
import org.ietf.jgss.*;
+import sun.security.action.GetBooleanAction;
import sun.security.jgss.*;
import sun.security.jgss.spi.*;
import sun.security.util.*;
@@ -81,10 +82,8 @@
final private SpNegoMechFactory factory;
// debug property
- static final boolean DEBUG =
- java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction
- ("sun.security.spnego.debug")).booleanValue();
+ static final boolean DEBUG = GetBooleanAction
+ .privilegedGetProperty("sun.security.spnego.debug");
/**
* Constructor for SpNegoContext to be called on the context initiator's
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java Tue Aug 14 22:39:34 2018 +0800
@@ -51,8 +51,6 @@
private static final String INFO = "Sun Native GSS provider";
private static final String MF_CLASS =
"sun.security.jgss.wrapper.NativeGSSFactory";
- private static final String LIB_PROP = "sun.security.jgss.lib";
- private static final String DEBUG_PROP = "sun.security.nativegss.debug";
private static final HashMap<String, String> MECH_MAP;
static final Provider INSTANCE;
static boolean DEBUG;
@@ -70,8 +68,8 @@
AccessController.doPrivileged(
new PrivilegedAction<HashMap<String, String>>() {
public HashMap<String, String> run() {
- DEBUG = Boolean.parseBoolean
- (System.getProperty(DEBUG_PROP));
+ DEBUG = Boolean.parseBoolean(
+ System.getProperty("sun.security.nativegss.debug"));
try {
System.loadLibrary("j2gss");
} catch (Error err) {
@@ -80,7 +78,8 @@
return null;
}
String[] gssLibs = new String[0];
- String defaultLib = System.getProperty(LIB_PROP);
+ String defaultLib
+ = System.getProperty("sun.security.jgss.lib");
if (defaultLib == null || defaultLib.trim().equals("")) {
String osname = System.getProperty("os.name");
if (osname.startsWith("SunOS")) {
--- a/src/java.security.jgss/share/classes/sun/security/krb5/Config.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/Config.java Tue Aug 14 22:39:34 2018 +0800
@@ -45,6 +45,7 @@
import java.util.regex.Pattern;
import sun.net.dns.ResolverConfiguration;
+import sun.security.action.GetPropertyAction;
import sun.security.krb5.internal.crypto.EType;
import sun.security.krb5.internal.Krb5;
@@ -122,12 +123,12 @@
private static boolean isMacosLionOrBetter() {
// split the "10.x.y" version number
- String osname = getProperty("os.name");
+ String osname = GetPropertyAction.privilegedGetProperty("os.name");
if (!osname.contains("OS X")) {
return false;
}
- String osVersion = getProperty("os.version");
+ String osVersion = GetPropertyAction.privilegedGetProperty("os.version");
String[] fragments = osVersion.split("\\.");
// sanity check the "10." part of the version
@@ -152,14 +153,16 @@
/*
* If either one system property is specified, we throw exception.
*/
- String tmp = getProperty("java.security.krb5.kdc");
+ String tmp = GetPropertyAction
+ .privilegedGetProperty("java.security.krb5.kdc");
if (tmp != null) {
// The user can specify a list of kdc hosts separated by ":"
defaultKDC = tmp.replace(':', ' ');
} else {
defaultKDC = null;
}
- defaultRealm = getProperty("java.security.krb5.realm");
+ defaultRealm = GetPropertyAction
+ .privilegedGetProperty("java.security.krb5.realm");
if ((defaultKDC == null && defaultRealm != null) ||
(defaultRealm == null && defaultKDC != null)) {
throw new KrbException
@@ -818,11 +821,12 @@
* The method returns null if it cannot find a Java config file.
*/
private String getJavaFileName() {
- String name = getProperty("java.security.krb5.conf");
+ String name = GetPropertyAction
+ .privilegedGetProperty("java.security.krb5.conf");
if (name == null) {
- name = getProperty("java.home") + File.separator +
- "conf" + File.separator + "security" +
- File.separator + "krb5.conf";
+ name = GetPropertyAction.privilegedGetProperty("java.home")
+ + File.separator + "conf" + File.separator + "security"
+ + File.separator + "krb5.conf";
if (!fileExists(name)) {
name = null;
}
@@ -852,7 +856,7 @@
*/
private String getNativeFileName() {
String name = null;
- String osname = getProperty("os.name");
+ String osname = GetPropertyAction.privilegedGetProperty("os.name");
if (osname.startsWith("Windows")) {
try {
Credentials.ensureLoaded();
@@ -899,13 +903,8 @@
return name;
}
- private static String getProperty(String property) {
- return java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction(property));
- }
-
private String findMacosConfigFile() {
- String userHome = getProperty("user.home");
+ String userHome = GetPropertyAction.privilegedGetProperty("user.home");
final String PREF_FILE = "/Library/Preferences/edu.mit.Kerberos";
String userPrefs = userHome + PREF_FILE;
--- a/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@
package sun.security.krb5;
+import sun.security.action.GetPropertyAction;
import sun.security.krb5.internal.*;
import sun.security.krb5.internal.ccache.CredentialsCache;
import sun.security.krb5.internal.crypto.EType;
@@ -288,8 +289,7 @@
if (ticketCache == null) {
// The default ticket cache on Windows and Mac is not a file.
- String os = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("os.name"));
+ String os = GetPropertyAction.privilegedGetProperty("os.name");
if (os.toUpperCase(Locale.ENGLISH).startsWith("WINDOWS") ||
os.toUpperCase(Locale.ENGLISH).contains("OS X")) {
Credentials creds = acquireDefaultCreds();
--- a/src/java.security.jgss/share/classes/sun/security/krb5/KdcComm.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/KdcComm.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -74,8 +74,6 @@
private static final boolean DEBUG = Krb5.DEBUG;
- private static final String BAD_POLICY_KEY = "krb5.kdc.bad.policy";
-
/**
* What to do when a KDC is unavailable, specified in the
* java.security file with key krb5.kdc.bad.policy.
@@ -100,7 +98,7 @@
String value = AccessController.doPrivileged(
new PrivilegedAction<String>() {
public String run() {
- return Security.getProperty(BAD_POLICY_KEY);
+ return Security.getProperty("krb5.kdc.bad.policy");
}
});
if (value != null) {
@@ -120,7 +118,7 @@
// Ignored. Please note that tryLess is recognized and
// used, parameters using default values
if (DEBUG) {
- System.out.println("Invalid " + BAD_POLICY_KEY +
+ System.out.println("Invalid krb5.kdc.bad.policy" +
" parameter for tryLess: " +
value + ", use default");
}
--- a/src/java.security.jgss/share/classes/sun/security/krb5/Realm.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/Realm.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@
package sun.security.krb5;
+import sun.security.action.GetBooleanAction;
import sun.security.krb5.internal.Krb5;
import sun.security.util.*;
import java.io.IOException;
@@ -47,10 +48,8 @@
*/
public class Realm implements Cloneable {
- public static final boolean AUTODEDUCEREALM =
- java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction(
- "sun.security.krb5.autodeducerealm"));
+ public static final boolean AUTODEDUCEREALM = GetBooleanAction
+ .privilegedGetProperty("sun.security.krb5.autodeducerealm");
private final String realm; // not null nor empty
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,8 @@
package sun.security.krb5.internal;
+import sun.security.action.GetBooleanAction;
+
import java.util.Hashtable;
// Constants and other defined values from RFC 4120
@@ -303,9 +305,9 @@
}
- public static final boolean DEBUG =
- java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction("sun.security.krb5.debug"));
+ public static final boolean DEBUG = GetBooleanAction
+ .privilegedGetProperty("sun.security.krb5.debug");
+
public static final sun.security.util.HexDumpEncoder hexDumper =
new sun.security.util.HexDumpEncoder();
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ReplayCache.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ReplayCache.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,8 +30,6 @@
import sun.security.krb5.internal.rcache.MemoryCache;
import sun.security.krb5.internal.rcache.DflCache;
-import java.security.AccessController;
-
/**
* Models the replay cache of an acceptor as described in
* RFC 4120 3.2.3.
@@ -56,8 +54,8 @@
}
}
public static ReplayCache getInstance() {
- String type = AccessController.doPrivileged(
- new GetPropertyAction("sun.security.krb5.rcache"));
+ String type = GetPropertyAction
+ .privilegedGetProperty("sun.security.krb5.rcache");
return getInstance(type);
}
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@
*/
package sun.security.krb5.internal.ccache;
+import sun.security.action.GetPropertyAction;
import sun.security.krb5.*;
import sun.security.krb5.internal.*;
import java.util.StringTokenizer;
@@ -381,9 +382,7 @@
}
// get cache name from system.property
- String osname =
- java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("os.name"));
+ String osname = GetPropertyAction.privilegedGetProperty("os.name");
/*
* For Unix platforms we use the default cache name to be
@@ -417,18 +416,12 @@
// we did not get the uid;
- String user_name =
- java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("user.name"));
+ String user_name = GetPropertyAction.privilegedGetProperty("user.name");
- String user_home =
- java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("user.home"));
+ String user_home = GetPropertyAction.privilegedGetProperty("user.home");
if (user_home == null) {
- user_home =
- java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("user.dir"));
+ user_home = GetPropertyAction.privilegedGetProperty("user.dir");
}
if (user_name != null) {
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/Des.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/Des.java Tue Aug 14 22:39:34 2018 +0800
@@ -53,9 +53,8 @@
// string-to-key encoding. When set, the specified charset
// name is used. Otherwise, the system default charset.
- private final static String CHARSET =
- java.security.AccessController.doPrivileged(
- new GetPropertyAction("sun.security.krb5.msinterop.des.s2kcharset"));
+ private final static String CHARSET = GetPropertyAction
+ .privilegedGetProperty("sun.security.krb5.msinterop.des.s2kcharset");
private static final long[] bad_keys = {
0x0101010101010101L, 0xfefefefefefefefeL,
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTab.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTab.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@
package sun.security.krb5.internal.ktab;
+import sun.security.action.GetPropertyAction;
import sun.security.krb5.*;
import sun.security.krb5.internal.*;
import sun.security.krb5.internal.crypto.*;
@@ -203,14 +204,12 @@
}
if (kname == null) {
- String user_home =
- java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("user.home"));
+ String user_home = GetPropertyAction
+ .privilegedGetProperty("user.home");
if (user_home == null) {
- user_home =
- java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("user.dir"));
+ user_home = GetPropertyAction
+ .privilegedGetProperty("user.dir");
}
kname = user_home + File.separator + "krb5.keytab";
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/AuthTimeWithHash.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/AuthTimeWithHash.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,7 @@
package sun.security.krb5.internal.rcache;
-import sun.security.action.GetPropertyAction;
+import sun.security.action.GetBooleanAction;
import java.util.Objects;
@@ -40,8 +40,7 @@
public static final String DEFAULT_HASH_ALG;
static {
- if (GetPropertyAction.privilegedGetProperty(
- "jdk.krb5.rcache.useMD5", "false").equals("true")) {
+ if (GetBooleanAction.privilegedGetProperty("jdk.krb5.rcache.useMD5")) {
DEFAULT_HASH_ALG = "HASH";
} else {
DEFAULT_HASH_ALG = "SHA256";
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/DflCache.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/DflCache.java Tue Aug 14 22:39:34 2018 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,6 @@
import java.nio.file.StandardCopyOption;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.PosixFilePermission;
-import java.security.AccessController;
import java.util.*;
import sun.security.action.GetPropertyAction;
@@ -117,8 +116,7 @@
}
private static String defaultPath() {
- return AccessController.doPrivileged(
- new GetPropertyAction("java.io.tmpdir"));
+ return GetPropertyAction.privilegedGetProperty("java.io.tmpdir");
}
private static String defaultFile(String server) {
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/util/KerberosString.java Tue Aug 14 14:28:23 2018 +0200
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/util/KerberosString.java Tue Aug 14 22:39:34 2018 +0800
@@ -55,8 +55,8 @@
public static final boolean MSNAME;
static {
- String prop = GetPropertyAction.privilegedGetProperty(
- "sun.security.krb5.msinterop.kstring", "true");
+ String prop = GetPropertyAction
+ .privilegedGetProperty("sun.security.krb5.msinterop.kstring", "true");
MSNAME = Boolean.parseBoolean(prop);
}