Skip to content

Commit

Permalink
Ensure static fields set during signed jar process
Browse files Browse the repository at this point in the history
When loading a signed jar file that is on the classpath, such as the
bouncy castle signed JCE jar file, it has been observed that the value
of `restrictedJarVerificationProviders` and
`restrictedJarVerificationProviders` are set to `null`. This causes a
NullPointerException during the loading process.

This update moves the static declarations of both
`restrictedJarVerificationProviders` and
`restrictedJarVerificationProviders` to be prior to the method call
`RestrictedSecurity.checkHashValues()` since this method call needs
both of these fields to be initialized to work correctly.

Signed-off-by: Jason Katonica <katonica@us.ibm.com>
  • Loading branch information
jasonkatonica committed Sep 17, 2024
1 parent 48a49a1 commit d91d804
Showing 1 changed file with 12 additions and 12 deletions.
24 changes: 12 additions & 12 deletions src/java.base/share/classes/sun/security/jca/Providers.java
Original file line number Diff line number Diff line change
Expand Up @@ -56,18 +56,6 @@ public class Providers {
// Note volatile immutable object, so no synchronization needed.
private static volatile ProviderList providerList;

static {
// set providerList to empty list first in case initialization somehow
// triggers a getInstance() call (although that should not happen)
providerList = ProviderList.EMPTY;
providerList = ProviderList.fromSecurityProperties();
RestrictedSecurity.checkHashValues();
}

private Providers() {
// empty
}

// After the switch to modules, JDK providers are all in modules and JDK
// no longer needs to load signed jars during start up.
//
Expand Down Expand Up @@ -114,6 +102,18 @@ private Providers() {
"com.sun.crypto.provider.SunJCE",
};

static {
// set providerList to empty list first in case initialization somehow
// triggers a getInstance() call (although that should not happen)
providerList = ProviderList.EMPTY;
providerList = ProviderList.fromSecurityProperties();
RestrictedSecurity.checkHashValues();
}

private Providers() {
// empty
}

// Return Sun provider.
// This method should only be called by
// sun.security.util.ManifestEntryVerifier and java.security.SecureRandom.
Expand Down

0 comments on commit d91d804

Please sign in to comment.