diff --git a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java index 51039ff198..a2a116eb1c 100644 --- a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java +++ b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java @@ -35,10 +35,10 @@ import java.time.format.DateTimeParseException; import java.util.ArrayList; import java.util.Deque; +import java.util.Enumeration; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; -import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.Objects; @@ -996,6 +996,9 @@ private static final class ProfileParser { // The java.security properties. private final Properties securityProps; + private final Set profileCheckPropertyNames; + private final Set profileCheckProviderNames; + /** * * @param id the restricted security custom profile ID @@ -1018,8 +1021,13 @@ private ProfileParser(String id, Properties props) { parsedProfiles = new HashSet<>(); + profileCheckPropertyNames = new HashSet<>(); + profileCheckProviderNames = new HashSet<>(); + // Initialize the properties. init(profileID); + + checkProfileCheck(profileID); } private RestrictedSecurityProperties getProperties() { @@ -1042,12 +1050,17 @@ private void init(String profileID) { printStackTraceAndExit(profileID + " has already been parsed. Potential infinite recursion."); } - String potentialExtendsProfileID = parseProperty(securityProps.getProperty(profileID + ".extends")); + loadProfileCheck(profileID); + + String profileExtends = profileID + ".extends"; + String potentialExtendsProfileID = parseProperty(securityProps.getProperty(profileExtends)); if (potentialExtendsProfileID != null) { // If profile extends another profile. if (debug != null) { debug.println("\t'" + profileID + "' extends '" + potentialExtendsProfileID + "'."); } + profileCheckPropertyNames.remove(profileExtends); + // Check if extended profile exists. String extendsProfileID = null; if (potentialExtendsProfileID.indexOf('.') != potentialExtendsProfileID.lastIndexOf('.')) { @@ -1103,6 +1116,7 @@ private void init(String profileID) { // Save info to be hashed and expected result to be checked later. profilesHashes.put(profileID, hashValue); profilesInfo.put(profileID, allInfo); + profileCheckPropertyNames.remove(hashProperty); } else if (!isFIPS1402Profile(profileID)) { // A hash is mandatory, but not for older 140-2 profiles. printStackTraceAndExit(profileID + " is a base profile, so a hash value is mandatory."); @@ -1139,6 +1153,7 @@ private void update(String profileExtensionId) { // Save info to be hashed and expected result to be checked later. profilesHashes.put(profileID, hashValue); profilesInfo.put(profileID, allInfo); + profileCheckPropertyNames.remove(hashProperty); } } catch (Exception e) { if (debug != null) { @@ -1259,6 +1274,7 @@ private void initProviders(String profileID, List allInfo) { allInfo.add(property + "=" + providerInfo); parseProvider(providerInfo, pNum, false); + profileCheckProviderNames.remove(property); } if (providers.isEmpty()) { @@ -1289,6 +1305,7 @@ private void updateProviders(String profileExtensionId, List allInfo) { removedProvider = true; break; } + profileCheckProviderNames.remove(property); } } @@ -1316,6 +1333,7 @@ private void updateProviders(String profileExtensionId, List allInfo) { allInfo.add(property + "=" + providerInfo); parseProvider(providerInfo, i, false); + profileCheckProviderNames.remove(property); } } @@ -1640,6 +1658,7 @@ private boolean setProperty(String property, String propertyKey, List al newValue = value; } profileProperties.put(property, newValue); + profileCheckPropertyNames.remove(propertyKey); return true; } if (debug != null) { @@ -1712,6 +1731,39 @@ private static void checkProviderFormat(String providerInfo, boolean update) { printStackTraceAndExit("Provider format is incorrect: " + providerInfo); } } + + private void loadProfileCheck(String profileID) { + Enumeration pNames = securityProps.propertyNames(); + String profileDot = profileID + '.'; + while (pNames.hasMoreElements()) { + String name = (String) pNames.nextElement(); + if (name.startsWith(profileDot)) { + if (name.contains(".jce.provider.")) { + profileCheckProviderNames.add(name); + } else { + profileCheckPropertyNames.add(name); + } + } + } + } + + private void checkProfileCheck(String profileID) { + if (!profileCheckProviderNames.isEmpty()) { + printStackTraceAndExit( + "The order numbers of providers in profile " + profileID + + " (or a base profile) are not consecutive."); + } + if (!profileCheckPropertyNames.isEmpty()) { + printStackTraceAndExit( + "The property names: " + + profileCheckPropertyNames + .stream() + .sorted() + .collect(Collectors.joining(", ")) + + " in profile " + profileID + + " (or a base profile) are not recognized."); + } + } } /**