From bb2eb8374d85012c82089dbb0f2d5b8f5b204e84 Mon Sep 17 00:00:00 2001 From: Tao Liu Date: Fri, 12 Jan 2024 13:11:40 -0500 Subject: [PATCH] Add provider name and class name mapping in Restricted Security For the Java security providers, for example, the SunSASL, its class name is com.sun.security.sasl.Provider. From the provider class name, can not get the provider name which defined in its construction method. So, add the mapping between the provider name and its class name in Restricted Security mode. Signed-off-by: Tao Liu --- .../internal/security/RestrictedSecurity.java | 50 +++++++++++++++---- 1 file changed, 40 insertions(+), 10 deletions(-) diff --git a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java index db60a3f2adc..4080d338185 100644 --- a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java +++ b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java @@ -1,6 +1,6 @@ /* * =========================================================================== - * (c) Copyright IBM Corp. 2022, 2023 All Rights Reserved + * (c) Copyright IBM Corp. 2022, 2024 All Rights Reserved * =========================================================================== * * This code is free software; you can redistribute it and/or modify it @@ -687,11 +687,19 @@ private void initProviders() { // Remove the provider's optional arguments if there are. pos = providerName.indexOf(' '); - providerName = (pos < 0) ? providerName.trim() : providerName.substring(0, pos).trim(); - // Remove the provider's class package names if there are. - pos = providerName.lastIndexOf('.'); - providerName = (pos < 0) ? providerName : providerName.substring(pos + 1, providerName.length()); - // Provider without arguments and package names. + if (pos >= 0) { + providerName = providerName.substring(0, pos); + } + providerName = providerName.trim(); + + // Remove argument, e.g. -NSS-FIPS, if present. + pos = providerName.indexOf('-'); + if (pos >= 0) { + providerName = providerName.substring(0, pos); + } + + // Provider name defined in provider construction method. + providerName = getProvidersSimpleName(providerName); providersSimpleName.add(pNum - 1, providerName); } @@ -959,11 +967,12 @@ boolean isRestrictedProviderAllowed(String providerName) { // Remove argument, e.g. -NSS-FIPS, if there is. int pos = providerName.indexOf('-'); - providerName = (pos < 0) ? providerName : providerName.substring(0, pos); + if (pos >= 0) { + providerName = providerName.substring(0, pos); + } - // Remove the provider class package name if there is. - pos = providerName.lastIndexOf('.'); - providerName = (pos < 0) ? providerName : providerName.substring(pos + 1, providerName.length()); + // Provider name defined in provider construction method. + providerName = getProvidersSimpleName(providerName); // Check if the provider is in restricted security provider list. // If not, the provider won't be registered. @@ -988,6 +997,27 @@ boolean isRestrictedProviderAllowed(String providerName) { return false; } + /** + * Get the provider name defined in provider construction method. + * + * @param providerName provider name or provider with packages + * @return provider name defined in provider construction method + */ + private static String getProvidersSimpleName(String providerName) { + if (providerName.equals("com.sun.security.sasl.Provider")) { + // The main class for the SunSASL provider is com.sun.security.sasl.Provider. + return "SunSASL"; + } else { + // Remove the provider's class package names if present. + int pos = providerName.lastIndexOf('.'); + if (pos >= 0) { + providerName = providerName.substring(pos + 1); + } + // Provider without package names. + return providerName; + } + } + /** * List audit info of all available RestrictedSecurity profiles. */