8161527: NPE is thrown if exempt application is bundled with specific cryptoPerms
authorwetmore
Thu, 28 Jul 2016 12:09:07 -0700
changeset 39880 d4cfdddbc897
parent 39879 8d20f3881abf
child 39881 c082c149d6eb
8161527: NPE is thrown if exempt application is bundled with specific cryptoPerms Reviewed-by: xuelei
jdk/src/java.base/share/classes/javax/crypto/CryptoPermissions.java
jdk/test/TEST.ROOT
jdk/test/javax/crypto/CryptoPermissions/README.txt
jdk/test/javax/crypto/CryptoPermissions/TestExemption.java
jdk/test/javax/crypto/CryptoPermissions/TestExemption.sh
jdk/test/javax/crypto/CryptoPermissions/cryptoPerms
--- a/jdk/src/java.base/share/classes/javax/crypto/CryptoPermissions.java	Wed Jul 27 10:34:10 2016 -0700
+++ b/jdk/src/java.base/share/classes/javax/crypto/CryptoPermissions.java	Thu Jul 28 12:09:07 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,9 +37,7 @@
 import java.io.BufferedReader;
 import java.io.ObjectStreamField;
 import java.io.ObjectInputStream;
-import java.io.ObjectInputStream.GetField;
 import java.io.ObjectOutputStream;
-import java.io.ObjectOutputStream.PutField;
 import java.io.IOException;
 
 /**
@@ -132,15 +130,18 @@
      *
      * @see isReadOnly
      */
+    @Override
     public void add(Permission permission) {
 
-        if (isReadOnly())
+        if (isReadOnly()) {
             throw new SecurityException("Attempt to add a Permission " +
                                         "to a readonly CryptoPermissions " +
                                         "object");
+        }
 
-        if (!(permission instanceof CryptoPermission))
+        if (!(permission instanceof CryptoPermission)) {
             return;
+        }
 
         CryptoPermission cryptoPerm = (CryptoPermission)permission;
         PermissionCollection pc =
@@ -161,6 +162,7 @@
      * in the PermissionCollection it belongs to, false if not.
      *
      */
+    @Override
     public boolean implies(Permission permission) {
         if (!(permission instanceof CryptoPermission)) {
             return false;
@@ -170,7 +172,13 @@
 
         PermissionCollection pc =
             getPermissionCollection(cryptoPerm.getAlgorithm());
-        return pc.implies(cryptoPerm);
+
+        if (pc != null) {
+            return pc.implies(cryptoPerm);
+        } else {
+            // none found
+            return false;
+        }
     }
 
     /**
@@ -179,6 +187,7 @@
      *
      * @return an enumeration of all the Permissions.
      */
+    @Override
     public Enumeration<Permission> elements() {
         // go through each Permissions in the hash table
         // and call their elements() function.
@@ -453,7 +462,7 @@
 final class PermissionsEnumerator implements Enumeration<Permission> {
 
     // all the perms
-    private Enumeration<PermissionCollection> perms;
+    private final Enumeration<PermissionCollection> perms;
     // the current set
     private Enumeration<Permission> permset;
 
@@ -462,17 +471,20 @@
         permset = getNextEnumWithMore();
     }
 
+    @Override
     public synchronized boolean hasMoreElements() {
         // if we enter with permissionimpl null, we know
         // there are no more left.
 
-        if (permset == null)
+        if (permset == null) {
             return  false;
+        }
 
         // try to see if there are any left in the current one
 
-        if (permset.hasMoreElements())
+        if (permset.hasMoreElements()) {
             return true;
+        }
 
         // get the next one that has something in it...
         permset = getNextEnumWithMore();
@@ -481,6 +493,7 @@
         return (permset != null);
     }
 
+    @Override
     public synchronized Permission nextElement() {
         // hasMoreElements will update permset to the next permset
         // with something in it...
@@ -496,8 +509,9 @@
         while (perms.hasMoreElements()) {
             PermissionCollection pc = perms.nextElement();
             Enumeration<Permission> next = pc.elements();
-            if (next.hasMoreElements())
+            if (next.hasMoreElements()) {
                 return next;
+            }
         }
         return null;
     }
--- a/jdk/test/TEST.ROOT	Wed Jul 27 10:34:10 2016 -0700
+++ b/jdk/test/TEST.ROOT	Thu Jul 28 12:09:07 2016 -0700
@@ -23,8 +23,8 @@
 # Group definitions
 groups=TEST.groups [closed/TEST.groups]
 
-# Allow querying of sun.arch.data.model in @requires clauses
-requires.properties=sun.arch.data.model 
+# Allow querying of various System properties in @requires clauses
+requires.properties=sun.arch.data.model java.runtime.name
 
 # Tests using jtreg 4.2 b02 features
 requiredVersion=4.2 b02
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/crypto/CryptoPermissions/README.txt	Thu Jul 28 12:09:07 2016 -0700
@@ -0,0 +1,2 @@
+If TestExemption.java/cryptoPerms files ever change, please rebuild the
+corresponding signed jar file in the closed repo.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/crypto/CryptoPermissions/TestExemption.java	Thu Jul 28 12:09:07 2016 -0700
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.crypto.*;
+import java.security.*;
+
+public class TestExemption {
+
+    public static void main(String[] args) throws Exception {
+
+        KeyGenerator kg = KeyGenerator.getInstance("AES");
+        kg.init(128);
+        SecretKey key128 = kg.generateKey();
+
+        kg.init(192);
+        SecretKey key192 = kg.generateKey();
+
+        kg.init(256);
+        SecretKey key256 = kg.generateKey();
+
+        Cipher c = Cipher.getInstance("AES/CBC/NoPadding");
+
+        System.out.println("Testing 128-bit");
+        c.init(Cipher.ENCRYPT_MODE, key128);
+
+        System.out.println("Testing 192-bit");
+        c.init(Cipher.ENCRYPT_MODE, key192);
+
+        try {
+            System.out.println("Testing 256-bit");
+            c.init(Cipher.ENCRYPT_MODE, key256);
+        } catch (InvalidKeyException e) {
+            System.out.println("Caught the right exception");
+        }
+
+        System.out.println("DONE!");
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/crypto/CryptoPermissions/TestExemption.sh	Thu Jul 28 12:09:07 2016 -0700
@@ -0,0 +1,79 @@
+#
+# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+# @test
+# @bug 8161527
+# @summary NPE is thrown if exempt application is bundled with specific
+#     cryptoPerms
+# @requires java.runtime.name ~= "OpenJDK.*"
+
+# set a few environment variables so that the shell-script can run stand-alone
+# in the source directory
+
+# set platform-dependent variables
+OS=`uname -s`
+case "$OS" in
+  SunOS | Linux | Darwin | AIX | CYGWIN* )
+    FS="/"
+    ;;
+  Windows_* )
+    FS="\\"
+    ;;
+  * )
+    echo "Unrecognized system!"
+    exit 1;
+    ;;
+esac
+
+if [ "${TESTSRC}" = "" ] ; then
+  TESTSRC="."
+fi
+if [ "${TESTCLASSES}" = "" ] ; then
+  TESTCLASSES="."
+fi
+if [ "${TESTJAVA}" = "" ] ; then
+  JAVAC_CMD=`which javac`
+  TESTJAVA=`dirname $JAVAC_CMD`${FS}..
+  COMPILEJAVA="${TESTJAVA}"
+fi
+
+# Build
+${COMPILEJAVA}${FS}bin${FS}javac \
+    -d . \
+    ${TESTSRC}${FS}TestExemption.java \
+    || exit 10
+
+# Package
+${COMPILEJAVA}${FS}bin${FS}jar \
+    -cvf TestExemption.jar \
+    TestExemption.class \
+    -C ${TESTSRC} cryptoPerms \
+    || exit 10
+
+# Test
+${TESTJAVA}${FS}bin${FS}java \
+    -classpath TestExemption.jar TestExemption
+status=$?
+
+exit $status
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/crypto/CryptoPermissions/cryptoPerms	Thu Jul 28 12:09:07 2016 -0700
@@ -0,0 +1,5 @@
+grant {
+     // The stock JDK allows for 128 bit AES.
+     // Grant up to 192 bits, but no further.
+     permission javax.crypto.CryptoPermission "AES", 192;
+};