Skip to content

Commit

Permalink
Add provider name and class name mapping in Restricted Security
Browse files Browse the repository at this point in the history 
For the Java security providers, for example, the SunSASL, its
class name is com.sun.security.sasl.Provider. From the provider
class name, can not get the provider name which defined in its
construction method. So, add the mapping between the provider
name and its class name in Restricted Security mode.

Signed-off-by: Tao Liu <[email protected]>
  • Loading branch information
@taoliult
taoliult committed Jan 11, 2024
1 parent d89d744 commit 29669a5
Showing 1 changed file with 39 additions and 15 deletions.
54 changes: 39 additions & 15 deletions closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
* ===========================================================================
* (c) Copyright IBM Corp. 2022, 2023 All Rights Reserved
* (c) Copyright IBM Corp. 2022, 2024 All Rights Reserved
* ===========================================================================
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -687,13 +687,8 @@ private void initProviders() {
// Provider with argument (provider name + optional argument).
providers.add(pNum - 1, providerName);

// Remove the provider's optional arguments if there are.
pos = providerName.indexOf(' ');
providerName = (pos < 0) ? providerName.trim() : providerName.substring(0, pos).trim();
// Remove the provider's class package names if there are.
pos = providerName.lastIndexOf('.');
providerName = (pos < 0) ? providerName : providerName.substring(pos + 1, providerName.length());
// Provider without arguments and package names.
// Provider name defined in provider construction method.
providerName = getProvidersSimpleName(providerName);
providersSimpleName.add(pNum - 1, providerName);
}

Expand Down Expand Up @@ -959,13 +954,8 @@ boolean isRestrictedProviderAllowed(String providerName) {
debug.println("Checking the provider " + providerName + " in restricted security mode.");
}

// Remove argument, e.g. -NSS-FIPS, if there is.
int pos = providerName.indexOf('-');
providerName = (pos < 0) ? providerName : providerName.substring(0, pos);

// Remove the provider class package name if there is.
pos = providerName.lastIndexOf('.');
providerName = (pos < 0) ? providerName : providerName.substring(pos + 1, providerName.length());
// Provider name defined in provider construction method.
providerName = getProvidersSimpleName(providerName);

// Check if the provider is in restricted security provider list.
// If not, the provider won't be registered.
Expand All @@ -990,6 +980,40 @@ boolean isRestrictedProviderAllowed(String providerName) {
return false;
}

/**
* Get the provider name defined in provider construction method.
*
* @param providerName provider name or provider with packages or arguments
* @return provider name defined in provider construction method
*/
private static String getProvidersSimpleName(String providerName) {
// Remove the provider's optional arguments if present.
int pos = providerName.indexOf(' ');
if (pos >= 0) {
providerName = providerName.substring(0, pos);
}
providerName = providerName.trim();

// Remove argument, e.g. -NSS-FIPS, if present.
pos = providerName.indexOf('-');
if (pos >= 0) {
providerName = providerName.substring(0, pos);
}

if (providerName.equals("com.sun.security.sasl.Provider")) {
// The main class for the SunSASL provider is com.sun.security.sasl.Provider.
return "SunSASL";
} else {
// Remove the provider's class package names if present.
pos = providerName.lastIndexOf('.');
if (pos >= 0) {
providerName = providerName.substring(pos + 1);
}
// Provider without arguments or package names.
return providerName;
}
}

/**
* List audit info of all available RestrictedSecurity profiles.
*/
Expand Down

0 comments on commit 29669a5

Please sign in to comment.