8161527: NPE is thrown if exempt application is bundled with specific cryptoPerms
Reviewed-by: xuelei
--- a/jdk/src/java.base/share/classes/javax/crypto/CryptoPermissions.java Wed Jul 27 10:34:10 2016 -0700
+++ b/jdk/src/java.base/share/classes/javax/crypto/CryptoPermissions.java Thu Jul 28 12:09:07 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -37,9 +37,7 @@
import java.io.BufferedReader;
import java.io.ObjectStreamField;
import java.io.ObjectInputStream;
-import java.io.ObjectInputStream.GetField;
import java.io.ObjectOutputStream;
-import java.io.ObjectOutputStream.PutField;
import java.io.IOException;
/**
@@ -132,15 +130,18 @@
*
* @see isReadOnly
*/
+ @Override
public void add(Permission permission) {
- if (isReadOnly())
+ if (isReadOnly()) {
throw new SecurityException("Attempt to add a Permission " +
"to a readonly CryptoPermissions " +
"object");
+ }
- if (!(permission instanceof CryptoPermission))
+ if (!(permission instanceof CryptoPermission)) {
return;
+ }
CryptoPermission cryptoPerm = (CryptoPermission)permission;
PermissionCollection pc =
@@ -161,6 +162,7 @@
* in the PermissionCollection it belongs to, false if not.
*
*/
+ @Override
public boolean implies(Permission permission) {
if (!(permission instanceof CryptoPermission)) {
return false;
@@ -170,7 +172,13 @@
PermissionCollection pc =
getPermissionCollection(cryptoPerm.getAlgorithm());
- return pc.implies(cryptoPerm);
+
+ if (pc != null) {
+ return pc.implies(cryptoPerm);
+ } else {
+ // none found
+ return false;
+ }
}
/**
@@ -179,6 +187,7 @@
*
* @return an enumeration of all the Permissions.
*/
+ @Override
public Enumeration<Permission> elements() {
// go through each Permissions in the hash table
// and call their elements() function.
@@ -453,7 +462,7 @@
final class PermissionsEnumerator implements Enumeration<Permission> {
// all the perms
- private Enumeration<PermissionCollection> perms;
+ private final Enumeration<PermissionCollection> perms;
// the current set
private Enumeration<Permission> permset;
@@ -462,17 +471,20 @@
permset = getNextEnumWithMore();
}
+ @Override
public synchronized boolean hasMoreElements() {
// if we enter with permissionimpl null, we know
// there are no more left.
- if (permset == null)
+ if (permset == null) {
return false;
+ }
// try to see if there are any left in the current one
- if (permset.hasMoreElements())
+ if (permset.hasMoreElements()) {
return true;
+ }
// get the next one that has something in it...
permset = getNextEnumWithMore();
@@ -481,6 +493,7 @@
return (permset != null);
}
+ @Override
public synchronized Permission nextElement() {
// hasMoreElements will update permset to the next permset
// with something in it...
@@ -496,8 +509,9 @@
while (perms.hasMoreElements()) {
PermissionCollection pc = perms.nextElement();
Enumeration<Permission> next = pc.elements();
- if (next.hasMoreElements())
+ if (next.hasMoreElements()) {
return next;
+ }
}
return null;
}
--- a/jdk/test/TEST.ROOT Wed Jul 27 10:34:10 2016 -0700
+++ b/jdk/test/TEST.ROOT Thu Jul 28 12:09:07 2016 -0700
@@ -23,8 +23,8 @@
# Group definitions
groups=TEST.groups [closed/TEST.groups]
-# Allow querying of sun.arch.data.model in @requires clauses
-requires.properties=sun.arch.data.model
+# Allow querying of various System properties in @requires clauses
+requires.properties=sun.arch.data.model java.runtime.name
# Tests using jtreg 4.2 b02 features
requiredVersion=4.2 b02
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/crypto/CryptoPermissions/README.txt Thu Jul 28 12:09:07 2016 -0700
@@ -0,0 +1,2 @@
+If TestExemption.java/cryptoPerms files ever change, please rebuild the
+corresponding signed jar file in the closed repo.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/crypto/CryptoPermissions/TestExemption.java Thu Jul 28 12:09:07 2016 -0700
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.crypto.*;
+import java.security.*;
+
+public class TestExemption {
+
+ public static void main(String[] args) throws Exception {
+
+ KeyGenerator kg = KeyGenerator.getInstance("AES");
+ kg.init(128);
+ SecretKey key128 = kg.generateKey();
+
+ kg.init(192);
+ SecretKey key192 = kg.generateKey();
+
+ kg.init(256);
+ SecretKey key256 = kg.generateKey();
+
+ Cipher c = Cipher.getInstance("AES/CBC/NoPadding");
+
+ System.out.println("Testing 128-bit");
+ c.init(Cipher.ENCRYPT_MODE, key128);
+
+ System.out.println("Testing 192-bit");
+ c.init(Cipher.ENCRYPT_MODE, key192);
+
+ try {
+ System.out.println("Testing 256-bit");
+ c.init(Cipher.ENCRYPT_MODE, key256);
+ } catch (InvalidKeyException e) {
+ System.out.println("Caught the right exception");
+ }
+
+ System.out.println("DONE!");
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/crypto/CryptoPermissions/TestExemption.sh Thu Jul 28 12:09:07 2016 -0700
@@ -0,0 +1,79 @@
+#
+# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+# @test
+# @bug 8161527
+# @summary NPE is thrown if exempt application is bundled with specific
+# cryptoPerms
+# @requires java.runtime.name ~= "OpenJDK.*"
+
+# set a few environment variables so that the shell-script can run stand-alone
+# in the source directory
+
+# set platform-dependent variables
+OS=`uname -s`
+case "$OS" in
+ SunOS | Linux | Darwin | AIX | CYGWIN* )
+ FS="/"
+ ;;
+ Windows_* )
+ FS="\\"
+ ;;
+ * )
+ echo "Unrecognized system!"
+ exit 1;
+ ;;
+esac
+
+if [ "${TESTSRC}" = "" ] ; then
+ TESTSRC="."
+fi
+if [ "${TESTCLASSES}" = "" ] ; then
+ TESTCLASSES="."
+fi
+if [ "${TESTJAVA}" = "" ] ; then
+ JAVAC_CMD=`which javac`
+ TESTJAVA=`dirname $JAVAC_CMD`${FS}..
+ COMPILEJAVA="${TESTJAVA}"
+fi
+
+# Build
+${COMPILEJAVA}${FS}bin${FS}javac \
+ -d . \
+ ${TESTSRC}${FS}TestExemption.java \
+ || exit 10
+
+# Package
+${COMPILEJAVA}${FS}bin${FS}jar \
+ -cvf TestExemption.jar \
+ TestExemption.class \
+ -C ${TESTSRC} cryptoPerms \
+ || exit 10
+
+# Test
+${TESTJAVA}${FS}bin${FS}java \
+ -classpath TestExemption.jar TestExemption
+status=$?
+
+exit $status
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/crypto/CryptoPermissions/cryptoPerms Thu Jul 28 12:09:07 2016 -0700
@@ -0,0 +1,5 @@
+grant {
+ // The stock JDK allows for 128 bit AES.
+ // Grant up to 192 bits, but no further.
+ permission javax.crypto.CryptoPermission "AES", 192;
+};