Skip to content

Commit

Permalink
Merge pull request #814 from taoliult/checkerrors
Browse files Browse the repository at this point in the history 
Check RestrictedSecurity profile for errors
  • Loading branch information
@keithc-ca
keithc-ca authored Oct 2, 2024
2 parents 0674172 + 8371a22 commit 2f5f15e
Showing 1 changed file with 54 additions and 2 deletions.
56 changes: 54 additions & 2 deletions closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,10 +35,10 @@
import java.time.format.DateTimeParseException;
import java.util.ArrayList;
import java.util.Deque;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
Expand Down Expand Up @@ -996,6 +996,9 @@ private static final class ProfileParser {
// The java.security properties.
private final Properties securityProps;

private final Set<String> profileCheckPropertyNames;
private final Set<String> profileCheckProviderNames;

/**
*
* @param id the restricted security custom profile ID
Expand All @@ -1018,8 +1021,13 @@ private ProfileParser(String id, Properties props) {

parsedProfiles = new HashSet<>();

profileCheckPropertyNames = new HashSet<>();
profileCheckProviderNames = new HashSet<>();

// Initialize the properties.
init(profileID);

checkProfileCheck(profileID);
}

private RestrictedSecurityProperties getProperties() {
Expand All @@ -1042,12 +1050,17 @@ private void init(String profileID) {
printStackTraceAndExit(profileID + " has already been parsed. Potential infinite recursion.");
}

String potentialExtendsProfileID = parseProperty(securityProps.getProperty(profileID + ".extends"));
loadProfileCheck(profileID);

String profileExtends = profileID + ".extends";
String potentialExtendsProfileID = parseProperty(securityProps.getProperty(profileExtends));
if (potentialExtendsProfileID != null) { // If profile extends another profile.
if (debug != null) {
debug.println("\t'" + profileID + "' extends '" + potentialExtendsProfileID + "'.");
}

profileCheckPropertyNames.remove(profileExtends);

// Check if extended profile exists.
String extendsProfileID = null;
if (potentialExtendsProfileID.indexOf('.') != potentialExtendsProfileID.lastIndexOf('.')) {
Expand Down Expand Up @@ -1103,6 +1116,7 @@ private void init(String profileID) {
// Save info to be hashed and expected result to be checked later.
profilesHashes.put(profileID, hashValue);
profilesInfo.put(profileID, allInfo);
profileCheckPropertyNames.remove(hashProperty);
} else if (!isFIPS1402Profile(profileID)) {
// A hash is mandatory, but not for older 140-2 profiles.
printStackTraceAndExit(profileID + " is a base profile, so a hash value is mandatory.");
Expand Down Expand Up @@ -1139,6 +1153,7 @@ private void update(String profileExtensionId) {
// Save info to be hashed and expected result to be checked later.
profilesHashes.put(profileID, hashValue);
profilesInfo.put(profileID, allInfo);
profileCheckPropertyNames.remove(hashProperty);
}
} catch (Exception e) {
if (debug != null) {
Expand Down Expand Up @@ -1259,6 +1274,7 @@ private void initProviders(String profileID, List<String> allInfo) {
allInfo.add(property + "=" + providerInfo);

parseProvider(providerInfo, pNum, false);
profileCheckProviderNames.remove(property);
}

if (providers.isEmpty()) {
Expand Down Expand Up @@ -1289,6 +1305,7 @@ private void updateProviders(String profileExtensionId, List<String> allInfo) {
removedProvider = true;
break;
}
profileCheckProviderNames.remove(property);
}
}

Expand Down Expand Up @@ -1316,6 +1333,7 @@ private void updateProviders(String profileExtensionId, List<String> allInfo) {
allInfo.add(property + "=" + providerInfo);

parseProvider(providerInfo, i, false);
profileCheckProviderNames.remove(property);
}
}

Expand Down Expand Up @@ -1640,6 +1658,7 @@ private boolean setProperty(String property, String propertyKey, List<String> al
newValue = value;
}
profileProperties.put(property, newValue);
profileCheckPropertyNames.remove(propertyKey);
return true;
}
if (debug != null) {
Expand Down Expand Up @@ -1712,6 +1731,39 @@ private static void checkProviderFormat(String providerInfo, boolean update) {
printStackTraceAndExit("Provider format is incorrect: " + providerInfo);
}
}

private void loadProfileCheck(String profileID) {
Enumeration<?> pNames = securityProps.propertyNames();
String profileDot = profileID + '.';
while (pNames.hasMoreElements()) {
String name = (String) pNames.nextElement();
if (name.startsWith(profileDot)) {
if (name.contains(".jce.provider.")) {
profileCheckProviderNames.add(name);
} else {
profileCheckPropertyNames.add(name);
}
}
}
}

private void checkProfileCheck(String profileID) {
if (!profileCheckProviderNames.isEmpty()) {
printStackTraceAndExit(
"The order numbers of providers in profile " + profileID
+ " (or a base profile) are not consecutive.");
}
if (!profileCheckPropertyNames.isEmpty()) {
printStackTraceAndExit(
"The property names: "
+ profileCheckPropertyNames
.stream()
.sorted()
.collect(Collectors.joining(", "))
+ " in profile " + profileID
+ " (or a base profile) are not recognized.");
}
}
}

/**
Expand Down

0 comments on commit 2f5f15e

Please sign in to comment.