diff --git a/src/java.base/share/classes/java/lang/Class.java b/src/java.base/share/classes/java/lang/Class.java index 771084384c8..23b8ac3fb90 100644 --- a/src/java.base/share/classes/java/lang/Class.java +++ b/src/java.base/share/classes/java/lang/Class.java @@ -53,6 +53,7 @@ import java.lang.reflect.Type; import java.lang.reflect.TypeVariable; import java.lang.constant.Constable; import java.net.URL; +import java.security.AllPermission; import java.security.Permissions; import java.security.ProtectionDomain; import java.util.ArrayList; @@ -89,7 +90,6 @@ import sun.reflect.generics.repository.ClassRepository; import sun.reflect.generics.repository.MethodRepository; import sun.reflect.generics.repository.ConstructorRepository; import sun.reflect.generics.scope.ClassScope; -import sun.security.util.SecurityConstants; import sun.reflect.annotation.*; import sun.reflect.misc.ReflectUtil; @@ -2720,7 +2720,7 @@ public final class Class implements java.io.Serializable, private static final ProtectionDomain allPermDomain; static { Permissions perms = new Permissions(); - perms.add(SecurityConstants.ALL_PERMISSION); + perms.add(new AllPermission()); allPermDomain = new ProtectionDomain(null, perms); } } diff --git a/src/java.base/share/classes/java/security/AccessControlContext.java b/src/java.base/share/classes/java/security/AccessControlContext.java index 6c73e6339fb..01c7244fe2c 100644 --- a/src/java.base/share/classes/java/security/AccessControlContext.java +++ b/src/java.base/share/classes/java/security/AccessControlContext.java @@ -44,14 +44,6 @@ import java.util.List; public final class AccessControlContext { private ProtectionDomain[] context; - // isPrivileged and isAuthorized are referenced by the VM - do not remove - // or change their names - private boolean isPrivileged; - private boolean isAuthorized = false; - - // Note: This field is directly used by the virtual machine - // native codes. Don't touch it. - private AccessControlContext privilegedContext; @SuppressWarnings("removal") private DomainCombiner combiner = null; diff --git a/src/java.base/share/classes/java/security/Provider.java b/src/java.base/share/classes/java/security/Provider.java index 7012bcc9eeb..da3f53b9632 100644 --- a/src/java.base/share/classes/java/security/Provider.java +++ b/src/java.base/share/classes/java/security/Provider.java @@ -345,12 +345,6 @@ public abstract class Provider extends Properties { return name + " version " + versionStr; } - /* - * override the following methods to ensure that provider - * information can only be changed if the caller has the appropriate - * permissions. - */ - /** * Clears this {@code Provider} so that it no longer contains the properties * used to look up facilities implemented by the {@code Provider}. @@ -359,7 +353,7 @@ public abstract class Provider extends Properties { */ @Override public synchronized void clear() { - check("clearProviderProperties."+name); + checkInitialized(); if (debug != null) { debug.println("Remove " + name + " provider properties"); } @@ -376,7 +370,7 @@ public abstract class Provider extends Properties { */ @Override public synchronized void load(InputStream inStream) throws IOException { - check("putProviderProperty."+name); + checkInitialized(); if (debug != null) { debug.println("Load " + name + " provider properties"); } @@ -394,7 +388,7 @@ public abstract class Provider extends Properties { */ @Override public synchronized void putAll(Map t) { - check("putProviderProperty."+name); + checkInitialized(); if (debug != null) { debug.println("Put all " + name + " provider properties"); } @@ -461,7 +455,7 @@ public abstract class Provider extends Properties { */ @Override public synchronized Object put(Object key, Object value) { - check("putProviderProperty."+name); + checkInitialized(); if (debug != null) { debug.println("Set " + name + " provider property [" + key + "/" + value +"]"); @@ -478,7 +472,7 @@ public abstract class Provider extends Properties { */ @Override public synchronized Object putIfAbsent(Object key, Object value) { - check("putProviderProperty."+name); + checkInitialized(); if (debug != null) { debug.println("Set " + name + " provider property [" + key + "/" + value +"]"); @@ -494,7 +488,7 @@ public abstract class Provider extends Properties { */ @Override public synchronized Object remove(Object key) { - check("removeProviderProperty."+name); + checkInitialized(); if (debug != null) { debug.println("Remove " + name + " provider property " + key); } @@ -509,7 +503,7 @@ public abstract class Provider extends Properties { */ @Override public synchronized boolean remove(Object key, Object value) { - check("removeProviderProperty."+name); + checkInitialized(); if (debug != null) { debug.println("Remove " + name + " provider property " + key); } @@ -525,7 +519,7 @@ public abstract class Provider extends Properties { @Override public synchronized boolean replace(Object key, Object oldValue, Object newValue) { - check("putProviderProperty." + name); + checkInitialized(); if (debug != null) { debug.println("Replace " + name + " provider property " + key); } @@ -540,7 +534,7 @@ public abstract class Provider extends Properties { */ @Override public synchronized Object replace(Object key, Object value) { - check("putProviderProperty." + name); + checkInitialized(); if (debug != null) { debug.println("Replace " + name + " provider property " + key); } @@ -558,7 +552,7 @@ public abstract class Provider extends Properties { @Override public synchronized void replaceAll(BiFunction function) { - check("putProviderProperty." + name); + checkInitialized(); if (debug != null) { debug.println("ReplaceAll " + name + " provider property "); } @@ -575,8 +569,7 @@ public abstract class Provider extends Properties { @Override public synchronized Object compute(Object key, BiFunction remappingFunction) { - check("putProviderProperty." + name); - check("removeProviderProperty." + name); + checkInitialized(); if (debug != null) { debug.println("Compute " + name + " provider property " + key); } @@ -594,8 +587,7 @@ public abstract class Provider extends Properties { @Override public synchronized Object computeIfAbsent(Object key, Function mappingFunction) { - check("putProviderProperty." + name); - check("removeProviderProperty." + name); + checkInitialized(); if (debug != null) { debug.println("ComputeIfAbsent " + name + " provider property " + key); @@ -613,8 +605,7 @@ public abstract class Provider extends Properties { public synchronized Object computeIfPresent(Object key, BiFunction remappingFunction) { - check("putProviderProperty." + name); - check("removeProviderProperty." + name); + checkInitialized(); if (debug != null) { debug.println("ComputeIfPresent " + name + " provider property " + key); @@ -635,8 +626,7 @@ public abstract class Provider extends Properties { public synchronized Object merge(Object key, Object value, BiFunction remappingFunction) { - check("putProviderProperty." + name); - check("removeProviderProperty." + name); + checkInitialized(); if (debug != null) { debug.println("Merge " + name + " provider property " + key); } @@ -694,15 +684,6 @@ public abstract class Provider extends Properties { } } - private void check(String directive) { - checkInitialized(); - @SuppressWarnings("removal") - SecurityManager security = System.getSecurityManager(); - if (security != null) { - security.checkSecurityAccess(directive); - } - } - // legacyMap changed since last call to getServices() private transient volatile boolean legacyChanged; // serviceMap changed since last call to getServices() @@ -789,8 +770,6 @@ public abstract class Provider extends Properties { /** * Copies all the mappings from the specified Map to this provider. - * Internal method to be called AFTER the security check has been - * performed. */ private void implPutAll(Map t) { for (Map.Entry e : t.entrySet()) { @@ -1239,7 +1218,7 @@ public abstract class Provider extends Properties { * @since 1.5 */ protected void putService(Service s) { - check("putProviderProperty." + name); + checkInitialized(); if (debug != null) { debug.println(name + ".putService(): " + s); } @@ -1303,7 +1282,7 @@ public abstract class Provider extends Properties { private void putPropertyStrings(Service s) { String type = s.getType(); String algorithm = s.getAlgorithm(); - // use super() to avoid permission check and other processing + // use super() to avoid other processing super.put(type + "." + algorithm, s.getClassName()); for (String alias : s.getAliases()) { super.put(ALIAS_PREFIX + type + "." + alias, algorithm); @@ -1321,7 +1300,7 @@ public abstract class Provider extends Properties { private void removePropertyStrings(Service s) { String type = s.getType(); String algorithm = s.getAlgorithm(); - // use super() to avoid permission check and other processing + // use super() to avoid other processing super.remove(type + "." + algorithm); for (String alias : s.getAliases()) { super.remove(ALIAS_PREFIX + type + "." + alias); @@ -1346,7 +1325,7 @@ public abstract class Provider extends Properties { * @since 1.5 */ protected void removeService(Service s) { - check("removeProviderProperty." + name); + checkInitialized(); if (debug != null) { debug.println(name + ".removeService(): " + s); } diff --git a/src/java.base/share/classes/java/security/SecureRandom.java b/src/java.base/share/classes/java/security/SecureRandom.java index 734f25e6615..e6cc1134c09 100644 --- a/src/java.base/share/classes/java/security/SecureRandom.java +++ b/src/java.base/share/classes/java/security/SecureRandom.java @@ -942,11 +942,7 @@ public class SecureRandom extends java.util.Random { public static SecureRandom getInstanceStrong() throws NoSuchAlgorithmException { - @SuppressWarnings("removal") - String property = AccessController.doPrivileged( - (PrivilegedAction) () -> Security.getProperty( - "securerandom.strongAlgorithms")); - + String property = Security.getProperty("securerandom.strongAlgorithms"); if (property == null || property.isEmpty()) { throw new NoSuchAlgorithmException( "Null/empty securerandom.strongAlgorithms Security Property"); diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java index aab793b98e9..6969fe8a8e1 100644 --- a/src/java.base/share/classes/java/security/Security.java +++ b/src/java.base/share/classes/java/security/Security.java @@ -312,14 +312,7 @@ public final class Security { } static { - // doPrivileged here because there are multiple - // things in initialize that might require privs. - // (the FileInputStream call and the File.exists call, etc) - @SuppressWarnings("removal") - var dummy = AccessController.doPrivileged((PrivilegedAction) () -> { - initialize(); - return null; - }); + initialize(); // Set up JavaSecurityPropertiesAccess in SharedSecrets SharedSecrets.setJavaSecurityPropertiesAccess(new JavaSecurityPropertiesAccess() { @Override @@ -475,15 +468,13 @@ public final class Security { */ public static synchronized int insertProviderAt(Provider provider, int position) { - String providerName = provider.getName(); - checkInsertProvider(providerName); ProviderList list = Providers.getFullProviderList(); ProviderList newList = ProviderList.insertAt(list, provider, position - 1); if (list == newList) { return -1; } Providers.setProviderList(newList); - return newList.getIndex(providerName) + 1; + return newList.getIndex(provider.getName()) + 1; } /** @@ -527,7 +518,6 @@ public final class Security { * @see #addProvider */ public static synchronized void removeProvider(String name) { - check("removeProvider." + name); ProviderList list = Providers.getFullProviderList(); ProviderList newList = ProviderList.remove(list, name); Providers.setProviderList(newList); @@ -822,7 +812,6 @@ public final class Security { */ public static String getProperty(String key) { SecPropLoader.checkReservedKey(key); - check("getProperty." + key); String name = props.getProperty(key); if (name != null) name = name.trim(); // could be a class name with trailing ws @@ -845,7 +834,6 @@ public final class Security { */ public static void setProperty(String key, String datum) { SecPropLoader.checkReservedKey(key); - check("setProperty." + key); props.put(key, datum); SecurityPropertyModificationEvent spe = new SecurityPropertyModificationEvent(); @@ -859,32 +847,6 @@ public final class Security { } } - private static void check(String directive) { - @SuppressWarnings("removal") - SecurityManager security = System.getSecurityManager(); - if (security != null) { - security.checkSecurityAccess(directive); - } - } - - private static void checkInsertProvider(String name) { - @SuppressWarnings("removal") - SecurityManager security = System.getSecurityManager(); - if (security != null) { - try { - security.checkSecurityAccess("insertProvider"); - } catch (SecurityException se1) { - try { - security.checkSecurityAccess("insertProvider." + name); - } catch (SecurityException se2) { - // throw first exception, but add second to suppressed - se1.addSuppressed(se2); - throw se1; - } - } - } - } - private static class Criteria { private final String serviceName; private final String algName; diff --git a/src/java.base/share/classes/sun/security/action/GetBooleanAction.java b/src/java.base/share/classes/sun/security/action/GetBooleanAction.java deleted file mode 100644 index d41954601e8..00000000000 --- a/src/java.base/share/classes/sun/security/action/GetBooleanAction.java +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.action; - -import java.security.AccessController; - -/** - * A convenience class for retrieving the boolean value of a system property - * as a privileged action. - * - *

An instance of this class can be used as the argument of - * AccessController.doPrivileged. - * - *

The following code retrieves the boolean value of the system - * property named "prop" as a privileged action: - * - * 

- * boolean b = java.security.AccessController.doPrivileged
- *              (new GetBooleanAction("prop")).booleanValue();
- *
- * - * @author Roland Schemers - * @see java.security.PrivilegedAction - * @see java.security.AccessController - * @since 1.2 - */ - -public class GetBooleanAction - implements java.security.PrivilegedAction { - private final String theProp; - - /** - * Constructor that takes the name of the system property whose boolean - * value needs to be determined. - * - * @param theProp the name of the system property. - */ - public GetBooleanAction(String theProp) { - this.theProp = theProp; - } - - /** - * Determines the boolean value of the system property whose name was - * specified in the constructor. - * - * @return the Boolean value of the system property. - */ - public Boolean run() { - return Boolean.getBoolean(theProp); - } - - /** - * Convenience method to get a property without going through doPrivileged - * if no security manager is present. This is unsafe for inclusion in a - * public API but allowable here since this class is now encapsulated. - * - * Note that this method performs a privileged action using caller-provided - * inputs. The caller of this method should take care to ensure that the - * inputs are not tainted and the returned property is not made accessible - * to untrusted code if it contains sensitive information. - * - * @param theProp the name of the system property. - */ - @SuppressWarnings("removal") - public static boolean privilegedGetProperty(String theProp) { - if (System.getSecurityManager() == null) { - return Boolean.getBoolean(theProp); - } else { - return AccessController.doPrivileged( - new GetBooleanAction(theProp)); - } - } -} diff --git a/src/java.base/share/classes/sun/security/action/GetIntegerAction.java b/src/java.base/share/classes/sun/security/action/GetIntegerAction.java deleted file mode 100644 index 2d9a598149c..00000000000 --- a/src/java.base/share/classes/sun/security/action/GetIntegerAction.java +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.action; - -import java.security.AccessController; - -/** - * A convenience class for retrieving the integer value of a system property - * as a privileged action. - * - *

An instance of this class can be used as the argument of - * AccessController.doPrivileged. - * - *

The following code retrieves the integer value of the system - * property named "prop" as a privileged action. Since it does - * not pass a default value to be used in case the property - * "prop" is not defined, it has to check the result for - * null: - * - * 

- * Integer tmp = java.security.AccessController.doPrivileged
- *     (new sun.security.action.GetIntegerAction("prop"));
- * int i;
- * if (tmp != null) {
- *     i = tmp.intValue();
- * }
- *
- * - *

The following code retrieves the integer value of the system - * property named "prop" as a privileged action, and also passes - * a default value to be used in case the property "prop" is not - * defined: - * - * 

- * int i = ((Integer)java.security.AccessController.doPrivileged(
- *                         new GetIntegerAction("prop", 3))).intValue();
- *
- * - * @author Roland Schemers - * @see java.security.PrivilegedAction - * @see java.security.AccessController - * @since 1.2 - */ - -public class GetIntegerAction - implements java.security.PrivilegedAction { - private final String theProp; - private final int defaultVal; - private final boolean defaultSet; - - /** - * Constructor that takes the name of the system property whose integer - * value needs to be determined. - * - * @param theProp the name of the system property. - */ - public GetIntegerAction(String theProp) { - this.theProp = theProp; - this.defaultVal = 0; - this.defaultSet = false; - } - - /** - * Constructor that takes the name of the system property and the default - * value of that property. - * - * @param theProp the name of the system property. - * @param defaultVal the default value. - */ - public GetIntegerAction(String theProp, int defaultVal) { - this.theProp = theProp; - this.defaultVal = defaultVal; - this.defaultSet = true; - } - - /** - * Determines the integer value of the system property whose name was - * specified in the constructor. - * - *

If there is no property of the specified name, or if the property - * does not have the correct numeric format, then an Integer - * object representing the default value that was specified in the - * constructor is returned, or null if no default value was - * specified. - * - * @return the Integer value of the property. - */ - public Integer run() { - Integer value = Integer.getInteger(theProp); - if ((value == null) && defaultSet) - return defaultVal; - return value; - } - - /** - * Convenience method to get a property without going through doPrivileged - * if no security manager is present. This is unsafe for inclusion in a - * public API but allowable here since this class is now encapsulated. - * - * Note that this method performs a privileged action using caller-provided - * inputs. The caller of this method should take care to ensure that the - * inputs are not tainted and the returned property is not made accessible - * to untrusted code if it contains sensitive information. - * - * @param theProp the name of the system property. - */ - @SuppressWarnings("removal") - public static Integer privilegedGetProperty(String theProp) { - if (System.getSecurityManager() == null) { - return Integer.getInteger(theProp); - } else { - return AccessController.doPrivileged( - new GetIntegerAction(theProp)); - } - } - - /** - * Convenience method to get a property without going through doPrivileged - * if no security manager is present. This is unsafe for inclusion in a - * public API but allowable here since this class is now encapsulated. - * - * Note that this method performs a privileged action using caller-provided - * inputs. The caller of this method should take care to ensure that the - * inputs are not tainted and the returned property is not made accessible - * to untrusted code if it contains sensitive information. - * - * @param theProp the name of the system property. - * @param defaultVal the default value. - */ - @SuppressWarnings("removal") - public static Integer privilegedGetProperty(String theProp, - int defaultVal) { - Integer value; - if (System.getSecurityManager() == null) { - value = Integer.getInteger(theProp); - } else { - value = AccessController.doPrivileged( - new GetIntegerAction(theProp)); - } - return (value != null) ? value : defaultVal; - } -} diff --git a/src/java.base/share/classes/sun/security/action/GetLongAction.java b/src/java.base/share/classes/sun/security/action/GetLongAction.java deleted file mode 100644 index 795f3af239e..00000000000 --- a/src/java.base/share/classes/sun/security/action/GetLongAction.java +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.action; - -/** - * A convenience class for retrieving the Long value of a system - * property as a privileged action. - * - *

An instance of this class can be used as the argument of - * AccessController.doPrivileged. - * - *

The following code retrieves the Long value of the system - * property named "prop" as a privileged action. Since it does - * not pass a default value to be used in case the property - * "prop" is not defined, it has to check the result for - * null: - * - * 

- * Long tmp = java.security.AccessController.doPrivileged
- *     (new sun.security.action.GetLongAction("prop"));
- * long l;
- * if (tmp != null) {
- *     l = tmp.longValue();
- * }
- *
- * - *

The following code retrieves the Long value of the system - * property named "prop" as a privileged action, and also passes - * a default value to be used in case the property "prop" is not - * defined: - * - * 

- * long l = java.security.AccessController.doPrivileged
- *      (new GetLongAction("prop")).longValue();
- *
- * - * @author Roland Schemers - * @see java.security.PrivilegedAction - * @see java.security.AccessController - * @since 1.2 - */ - -public class GetLongAction implements java.security.PrivilegedAction { - private final String theProp; - private final long defaultVal; - private final boolean defaultSet; - - /** - * Constructor that takes the name of the system property whose - * Long value needs to be determined. - * - * @param theProp the name of the system property. - */ - public GetLongAction(String theProp) { - this.theProp = theProp; - this.defaultVal = 0; - this.defaultSet = false; - } - - /** - * Constructor that takes the name of the system property and the default - * value of that property. - * - * @param theProp the name of the system property. - * @param defaultVal the default value. - */ - public GetLongAction(String theProp, long defaultVal) { - this.theProp = theProp; - this.defaultVal = defaultVal; - this.defaultSet = true; - } - - /** - * Determines the Long value of the system property whose - * name was specified in the constructor. - * - *

If there is no property of the specified name, or if the property - * does not have the correct numeric format, then a Long - * object representing the default value that was specified in the - * constructor is returned, or null if no default value was - * specified. - * - * @return the Long value of the property. - */ - public Long run() { - Long value = Long.getLong(theProp); - if ((value == null) && defaultSet) - return defaultVal; - return value; - } -} diff --git a/src/java.base/share/classes/sun/security/action/GetPropertyAction.java b/src/java.base/share/classes/sun/security/action/GetPropertyAction.java index 347072de9f9..8954c615cba 100644 --- a/src/java.base/share/classes/sun/security/action/GetPropertyAction.java +++ b/src/java.base/share/classes/sun/security/action/GetPropertyAction.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,9 +27,7 @@ package sun.security.action; import java.security.AccessController; import java.security.PrivilegedAction; -import java.util.Locale; import java.util.Properties; -import sun.security.util.Debug; /** * A convenience class for retrieving the string value of a system @@ -162,99 +160,4 @@ public class GetPropertyAction implements PrivilegedAction { ); } } - - /** - * Convenience method for fetching System property values that are timeouts. - * Accepted timeout values may be purely numeric, a numeric value - * followed by "s" (both interpreted as seconds), or a numeric value - * followed by "ms" (interpreted as milliseconds). - * - * @param prop the name of the System property - * @param def a default value (in milliseconds) - * @param dbg a Debug object, if null no debug messages will be sent - * - * @return an integer value corresponding to the timeout value in the System - * property in milliseconds. If the property value is empty, negative, - * or contains non-numeric characters (besides a trailing "s" or "ms") - * then the default value will be returned. If a negative value for - * the "def" parameter is supplied, zero will be returned if the - * property's value does not conform to the allowed syntax. - */ - public static int privilegedGetTimeoutProp(String prop, int def, Debug dbg) { - if (def < 0) { - def = 0; - } - - String rawPropVal = privilegedGetProperty(prop, "").trim(); - if (rawPropVal.length() == 0) { - return def; - } - - // Determine if "ms" or just "s" is on the end of the string. - // We may do a little surgery on the value so we'll retain - // the original value in rawPropVal for debug messages. - boolean isMillis = false; - String propVal = rawPropVal; - if (rawPropVal.toLowerCase(Locale.ROOT).endsWith("ms")) { - propVal = rawPropVal.substring(0, rawPropVal.length() - 2); - isMillis = true; - } else if (rawPropVal.toLowerCase(Locale.ROOT).endsWith("s")) { - propVal = rawPropVal.substring(0, rawPropVal.length() - 1); - } - - // Next check to make sure the string is built only from digits - if (propVal.matches("^\\d+$")) { - try { - int timeout = Integer.parseInt(propVal); - return isMillis ? timeout : timeout * 1000; - } catch (NumberFormatException nfe) { - if (dbg != null) { - dbg.println("Warning: Unexpected " + nfe + - " for timeout value " + rawPropVal + - ". Using default value of " + def + " msec."); - } - return def; - } - } else { - if (dbg != null) { - dbg.println("Warning: Incorrect syntax for timeout value " + - rawPropVal + ". Using default value of " + def + - " msec."); - } - return def; - } - } - - /** - * Convenience method for fetching System property values that are booleans. - * - * @param prop the name of the System property - * @param def a default value - * @param dbg a Debug object, if null no debug messages will be sent - * - * @return a boolean value corresponding to the value in the System property. - * If the property value is neither "true" or "false", the default value - * will be returned. - */ - public static boolean privilegedGetBooleanProp(String prop, boolean def, Debug dbg) { - String rawPropVal = privilegedGetProperty(prop, ""); - if ("".equals(rawPropVal)) { - return def; - } - - String lower = rawPropVal.toLowerCase(Locale.ROOT); - if ("true".equals(lower)) { - return true; - } else if ("false".equals(lower)) { - return false; - } else { - if (dbg != null) { - dbg.println("Warning: Unexpected value for " + prop + - ": " + rawPropVal + - ". Using default value: " + def); - } - return def; - } - } - } diff --git a/src/java.base/share/classes/sun/security/action/PutAllAction.java b/src/java.base/share/classes/sun/security/action/PutAllAction.java deleted file mode 100644 index d8b17993213..00000000000 --- a/src/java.base/share/classes/sun/security/action/PutAllAction.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.action; - -import java.util.Map; - -import java.security.Provider; -import java.security.PrivilegedAction; - -/** - * A convenience PrivilegedAction class for setting the properties of - * a provider. See the SunRsaSign provider for a usage example. - * - * @see sun.security.rsa.SunRsaSign - * @author Andreas Sterbenz - * @since 1.5 - */ -public class PutAllAction implements PrivilegedAction { - - private final Provider provider; - private final Map map; - - public PutAllAction(Provider provider, Map map) { - this.provider = provider; - this.map = map; - } - - public Void run() { - provider.putAll(map); - return null; - } - -} diff --git a/src/java.base/share/classes/sun/security/ec/SunEC.java b/src/java.base/share/classes/sun/security/ec/SunEC.java index 7f8c4dba002..ce38ffe9f53 100644 --- a/src/java.base/share/classes/sun/security/ec/SunEC.java +++ b/src/java.base/share/classes/sun/security/ec/SunEC.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,10 +25,8 @@ package sun.security.ec; -import java.security.AccessController; import java.security.InvalidParameterException; import java.security.NoSuchAlgorithmException; -import java.security.PrivilegedAction; import java.security.Provider; import java.security.ProviderException; import java.util.HashMap; @@ -180,15 +178,9 @@ public final class SunEC extends Provider { } } - @SuppressWarnings("removal") public SunEC() { super("SunEC", PROVIDER_VER, "Sun Elliptic Curve provider"); - AccessController.doPrivileged(new PrivilegedAction() { - public Void run() { - putEntries(); - return null; - } - }); + putEntries(); } void putEntries() { diff --git a/src/java.base/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java b/src/java.base/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java index 21b9db97909..fa19acfaeb6 100644 --- a/src/java.base/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java +++ b/src/java.base/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,8 +25,6 @@ package sun.security.internal.spec; -import sun.security.action.GetBooleanAction; - import java.security.spec.AlgorithmParameterSpec; /** @@ -54,8 +52,8 @@ public class TlsRsaPremasterSecretParameterSpec * Default is "false" (old behavior) for compatibility reasons in * SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property. */ - private static final boolean rsaPreMasterSecretFix = GetBooleanAction - .privilegedGetProperty("com.sun.net.ssl.rsaPreMasterSecretFix"); + private static final boolean rsaPreMasterSecretFix = + Boolean.getBoolean("com.sun.net.ssl.rsaPreMasterSecretFix"); private final int clientVersion; private final int serverVersion; diff --git a/src/java.base/share/classes/sun/security/jca/ProviderConfig.java b/src/java.base/share/classes/sun/security/jca/ProviderConfig.java index ace87630dac..ce954b3b6a5 100644 --- a/src/java.base/share/classes/sun/security/jca/ProviderConfig.java +++ b/src/java.base/share/classes/sun/security/jca/ProviderConfig.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -94,23 +94,11 @@ final class ProviderConfig { // avoid if not available (pre Solaris 10) to reduce startup time // or if disabled via system property private void checkSunPKCS11Solaris() { - @SuppressWarnings("removal") - Boolean o = AccessController.doPrivileged( - new PrivilegedAction() { - public Boolean run() { - File file = new File("/usr/lib/libpkcs11.so"); - if (file.exists() == false) { - return Boolean.FALSE; - } - if ("false".equalsIgnoreCase(System.getProperty - ("sun.security.pkcs11.enable-solaris"))) { - return Boolean.FALSE; - } - return Boolean.TRUE; - } - }); - if (o == Boolean.FALSE) { - tries = MAX_LOAD_TRIES; + File file = new File("/usr/lib/libpkcs11.so"); + if (file.exists() == false || + ("false".equalsIgnoreCase(System.getProperty + ("sun.security.pkcs11.enable-solaris")))) { + tries = MAX_LOAD_TRIES; } } @@ -190,28 +178,22 @@ final class ProviderConfig { case "Apple", "apple.security.AppleProvider" -> { // Reflection is needed for compile time as the class // is not available for non-macosx systems - @SuppressWarnings("removal") - var tmp = AccessController.doPrivileged( - new PrivilegedAction() { - public Provider run() { - try { - Class c = Class.forName( - "apple.security.AppleProvider"); - if (Provider.class.isAssignableFrom(c)) { - @SuppressWarnings("deprecation") - Object tmp = c.newInstance(); - return (Provider) tmp; - } - } catch (Exception ex) { - if (debug != null) { - debug.println("Error loading provider Apple"); - ex.printStackTrace(); - } - } - return null; - } - }); - yield tmp; + Provider ap = null; + try { + Class c = Class.forName( + "apple.security.AppleProvider"); + if (Provider.class.isAssignableFrom(c)) { + @SuppressWarnings("deprecation") + Object tmp = c.newInstance(); + ap = (Provider) tmp; + } + } catch (Exception ex) { + if (debug != null) { + debug.println("Error loading provider Apple"); + ex.printStackTrace(); + } + } + yield ap; } default -> { if (isLoading) { @@ -240,83 +222,69 @@ final class ProviderConfig { /** * Load and instantiate the Provider described by this class. * - * NOTE use of doPrivileged(). - * * @return null if the Provider could not be loaded * * @throws ProviderException if executing the Provider's constructor * throws a ProviderException. All other Exceptions are ignored. */ - @SuppressWarnings("removal") private Provider doLoadProvider() { - return AccessController.doPrivileged(new PrivilegedAction() { - public Provider run() { + if (debug != null) { + debug.println("Loading provider " + ProviderConfig.this); + } + try { + Provider p = ProviderLoader.INSTANCE.load(provName); + if (p != null) { + if (hasArgument()) { + p = p.configure(argument); + } if (debug != null) { - debug.println("Loading provider " + ProviderConfig.this); + debug.println("Loaded provider " + p.getName()); } - try { - Provider p = ProviderLoader.INSTANCE.load(provName); - if (p != null) { - if (hasArgument()) { - p = p.configure(argument); - } - if (debug != null) { - debug.println("Loaded provider " + p.getName()); - } - } else { - if (debug != null) { - debug.println("Error loading provider " + - ProviderConfig.this); - } - disableLoad(); - } - return p; - } catch (Exception e) { - if (e instanceof ProviderException) { - // pass up - throw e; - } else { - if (debug != null) { - debug.println("Error loading provider " + - ProviderConfig.this); - e.printStackTrace(); - } - disableLoad(); - return null; - } - } catch (ExceptionInInitializerError err) { - // no sufficient permission to initialize provider class - if (debug != null) { - debug.println("Error loading provider " + ProviderConfig.this); - err.printStackTrace(); - } - disableLoad(); - return null; + } else { + if (debug != null) { + debug.println("Error loading provider " + + ProviderConfig.this); } + disableLoad(); } - }); + return p; + } catch (Exception e) { + if (e instanceof ProviderException) { + // pass up + throw e; + } else { + if (debug != null) { + debug.println("Error loading provider " + + ProviderConfig.this); + e.printStackTrace(); + } + disableLoad(); + return null; + } + } catch (ExceptionInInitializerError err) { + // unable to initialize provider class + if (debug != null) { + debug.println("Error loading provider " + ProviderConfig.this); + err.printStackTrace(); + } + disableLoad(); + return null; + } } /** * Perform property expansion of the provider value. - * - * NOTE use of doPrivileged(). */ - @SuppressWarnings("removal") private static String expand(final String value) { // shortcut if value does not contain any properties if (value.contains("${") == false) { return value; } - return AccessController.doPrivileged(new PrivilegedAction() { - public String run() { - try { - return PropertyExpander.expand(value); - } catch (GeneralSecurityException e) { - throw new ProviderException(e); - } - } - }); + try { + return PropertyExpander.expand(value); + } catch (GeneralSecurityException e) { + throw new ProviderException(e); + } } // Inner class for loading security providers listed in java.security file @@ -356,9 +324,9 @@ final class ProviderConfig { if (pName.equals(pn)) { return p; } - } catch (SecurityException | ServiceConfigurationError | + } catch (ServiceConfigurationError | InvalidParameterException ex) { - // if provider loading fail due to security permission, + // if provider loading failed // log it and move on to next provider if (debug != null) { debug.println("Encountered " + ex + @@ -385,6 +353,7 @@ final class ProviderConfig { } } + @SuppressWarnings("deprecation") // Class.newInstance private Provider legacyLoad(String classname) { if (debug != null) { @@ -403,15 +372,7 @@ final class ProviderConfig { return null; } - @SuppressWarnings("removal") - Provider p = AccessController.doPrivileged - (new PrivilegedExceptionAction() { - @SuppressWarnings("deprecation") // Class.newInstance - public Provider run() throws Exception { - return (Provider) provClass.newInstance(); - } - }); - return p; + return (Provider) provClass.newInstance(); } catch (Exception e) { Throwable t; if (e instanceof InvocationTargetException) { @@ -429,7 +390,7 @@ final class ProviderConfig { } return null; } catch (ExceptionInInitializerError | NoClassDefFoundError err) { - // no sufficient permission to access/initialize provider class + // unable to access/initialize provider class if (debug != null) { debug.println("Error loading legacy provider " + classname); err.printStackTrace(); diff --git a/src/java.base/share/classes/sun/security/jca/ProviderList.java b/src/java.base/share/classes/sun/security/jca/ProviderList.java index 033ad2e9210..b8357140543 100644 --- a/src/java.base/share/classes/sun/security/jca/ProviderList.java +++ b/src/java.base/share/classes/sun/security/jca/ProviderList.java @@ -27,8 +27,6 @@ package sun.security.jca; import java.util.*; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.security.Provider; import java.security.Provider.Service; import java.security.Security; @@ -87,15 +85,8 @@ public final class ProviderList { // construct a ProviderList from the security properties // (static provider configuration in the java.security file) - @SuppressWarnings("removal") static ProviderList fromSecurityProperties() { - // doPrivileged() because of Security.getProperty() - return AccessController.doPrivileged( - new PrivilegedAction() { - public ProviderList run() { - return new ProviderList(); - } - }); + return new ProviderList(); } public static ProviderList add(ProviderList providerList, Provider p) { diff --git a/src/java.base/share/classes/sun/security/provider/ConfigFile.java b/src/java.base/share/classes/sun/security/provider/ConfigFile.java index 775e36c61ba..3642463ade8 100644 --- a/src/java.base/share/classes/sun/security/provider/ConfigFile.java +++ b/src/java.base/share/classes/sun/security/provider/ConfigFile.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,15 +29,10 @@ import java.io.*; import java.net.MalformedURLException; import java.net.URI; import java.net.URL; -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.security.Security; import java.security.URIParameter; import java.text.MessageFormat; import java.util.*; -import javax.security.auth.AuthPermission; import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag; import javax.security.auth.login.Configuration; @@ -159,34 +154,18 @@ public final class ConfigFile extends Configuration { } } - @SuppressWarnings("removal") public Spi(final Configuration.Parameters params) throws IOException { - // call in a doPrivileged - // - // We have already passed the Configuration.getInstance - // security check. Also, this class is not freely accessible - // (it is in the "sun" package). - - try { - AccessController.doPrivileged(new PrivilegedExceptionAction() { - public Void run() throws IOException { - if (params == null) { - init(); - } else { - if (!(params instanceof URIParameter)) { - throw new IllegalArgumentException - ("Unrecognized parameter: " + params); - } - URIParameter uriParam = (URIParameter)params; - url = uriParam.getURI().toURL(); - init(); - } - return null; - } - }); - } catch (PrivilegedActionException pae) { - throw (IOException)pae.getException(); + if (params == null) { + init(); + } else { + if (!(params instanceof URIParameter)) { + throw new IllegalArgumentException + ("Unrecognized parameter: " + params); + } + URIParameter uriParam = (URIParameter)params; + url = uriParam.getURI().toURL(); + init(); } // if init() throws some other RuntimeException, @@ -198,8 +177,6 @@ public final class ConfigFile extends Configuration { * configured URL. * * @throws IOException if the Configuration can not be initialized - * @throws SecurityException if the caller does not have permission - * to initialize the Configuration */ private void init() throws IOException { @@ -377,31 +354,15 @@ public final class ConfigFile extends Configuration { /** * Refresh and reload the Configuration by re-reading all the * login configurations. - * - * @throws SecurityException if the caller does not have permission - * to refresh the Configuration. */ - @SuppressWarnings("removal") @Override public synchronized void engineRefresh() { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission( - new AuthPermission("refreshLoginConfiguration")); + try { + init(); + } catch (IOException ioe) { + throw new SecurityException(ioe.getLocalizedMessage(), ioe); } - - AccessController.doPrivileged(new PrivilegedAction() { - public Void run() { - try { - init(); - } catch (IOException ioe) { - throw new SecurityException(ioe.getLocalizedMessage(), - ioe); - } - return null; - } - }); } private void readConfig(Reader reader, diff --git a/src/java.base/share/classes/sun/security/provider/DRBG.java b/src/java.base/share/classes/sun/security/provider/DRBG.java index 01958285e43..a340a866068 100644 --- a/src/java.base/share/classes/sun/security/provider/DRBG.java +++ b/src/java.base/share/classes/sun/security/provider/DRBG.java @@ -27,9 +27,7 @@ package sun.security.provider; import java.io.IOException; import java.io.InvalidObjectException; -import java.security.AccessController; import java.security.DrbgParameters; -import java.security.PrivilegedAction; import java.security.SecureRandomParameters; import java.security.SecureRandomSpi; import java.security.Security; @@ -93,10 +91,7 @@ public final class DRBG extends SecureRandomSpi { byte[] nonce = null; // Can be configured with a security property - - @SuppressWarnings("removal") - String config = AccessController.doPrivileged((PrivilegedAction) - () -> Security.getProperty(PROP_NAME)); + String config = Security.getProperty(PROP_NAME); if (config != null && !config.isEmpty()) { for (String part : config.split(",")) { diff --git a/src/java.base/share/classes/sun/security/provider/FileInputStreamPool.java b/src/java.base/share/classes/sun/security/provider/FileInputStreamPool.java index 67ad6946806..a0aae674d69 100644 --- a/src/java.base/share/classes/sun/security/provider/FileInputStreamPool.java +++ b/src/java.base/share/classes/sun/security/provider/FileInputStreamPool.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2014, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -65,9 +65,6 @@ class FileInputStreamPool { * @throws FileNotFoundException if the file does not exist, is a directory * rather than a regular file, or for some * other reason cannot be opened for reading. - * @throws SecurityException if a security manager exists and its - * checkRead method denies read - * access to the file. */ static InputStream getInputStream(File file) throws IOException { @@ -78,9 +75,6 @@ class FileInputStreamPool { } // canonicalize the path - // (this also checks the read permission on the file if SecurityManager - // is present, so no checking is needed later when we just return the - // already opened stream) File cfile = file.getCanonicalFile(); // check if it exists in pool diff --git a/src/java.base/share/classes/sun/security/provider/MD4.java b/src/java.base/share/classes/sun/security/provider/MD4.java index 80cd85a8378..97b8a39c0d6 100644 --- a/src/java.base/share/classes/sun/security/provider/MD4.java +++ b/src/java.base/share/classes/sun/security/provider/MD4.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -69,13 +69,7 @@ public final class MD4 extends DigestBase { @java.io.Serial private static final long serialVersionUID = -8850464997518327965L; }; - @SuppressWarnings("removal") - var dummy = AccessController.doPrivileged(new PrivilegedAction() { - public Void run() { - md4Provider.put("MessageDigest.MD4", "sun.security.provider.MD4"); - return null; - } - }); + md4Provider.put("MessageDigest.MD4", "sun.security.provider.MD4"); } public static MessageDigest getInstance() { diff --git a/src/java.base/share/classes/sun/security/provider/SeedGenerator.java b/src/java.base/share/classes/sun/security/provider/SeedGenerator.java index b4c9355bccf..892afced83e 100644 --- a/src/java.base/share/classes/sun/security/provider/SeedGenerator.java +++ b/src/java.base/share/classes/sun/security/provider/SeedGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -149,7 +149,6 @@ abstract class SeedGenerator { /** * Retrieve some system information, hashed. */ - @SuppressWarnings("removal") static byte[] getSystemEntropy() { final MessageDigest md; @@ -164,57 +163,48 @@ abstract class SeedGenerator { byte b =(byte)System.currentTimeMillis(); md.update(b); - java.security.AccessController.doPrivileged - (new java.security.PrivilegedAction<>() { - @Override - public Void run() { - try { - // System properties can change from machine to machine - Properties p = System.getProperties(); - for (String s: p.stringPropertyNames()) { - md.update(s.getBytes()); - md.update(p.getProperty(s).getBytes()); - } + try { + // System properties can change from machine to machine + Properties p = System.getProperties(); + for (String s: p.stringPropertyNames()) { + md.update(s.getBytes()); + md.update(p.getProperty(s).getBytes()); + } - // Include network adapter names (and a Mac address) - addNetworkAdapterInfo(md); + // Include network adapter names (and a Mac address) + addNetworkAdapterInfo(md); - // The temporary dir - File f = new File(p.getProperty("java.io.tmpdir")); - int count = 0; - try ( - DirectoryStream stream = - Files.newDirectoryStream(f.toPath())) { - // We use a Random object to choose what file names - // should be used. Otherwise, on a machine with too - // many files, the same first 1024 files always get - // used. Any, We make sure the first 512 files are - // always used. - Random r = new Random(); - for (Path entry: stream) { - if (count < 512 || r.nextBoolean()) { - md.update(entry.getFileName() - .toString().getBytes()); - } - if (count++ > 1024) { - break; - } - } - } - } catch (Exception ex) { - md.update((byte)ex.hashCode()); + // The temporary dir + File f = new File(p.getProperty("java.io.tmpdir")); + int count = 0; + try (DirectoryStream stream = + Files.newDirectoryStream(f.toPath())) { + // We use a Random object to choose what file names + // should be used. Otherwise, on a machine with too + // many files, the same first 1024 files always get + // used. Any, We make sure the first 512 files are + // always used. + Random r = new Random(); + for (Path entry: stream) { + if (count < 512 || r.nextBoolean()) { + md.update(entry.getFileName().toString().getBytes()); + } + if (count++ > 1024) { + break; } - - // get Runtime memory stats - Runtime rt = Runtime.getRuntime(); - byte[] memBytes = longToByteArray(rt.totalMemory()); - md.update(memBytes, 0, memBytes.length); - memBytes = longToByteArray(rt.freeMemory()); - md.update(memBytes, 0, memBytes.length); - - return null; } - }); + } + } catch (Exception ex) { + md.update((byte)ex.hashCode()); + } + + // get Runtime memory stats + Runtime rt = Runtime.getRuntime(); + byte[] memBytes = longToByteArray(rt.totalMemory()); + md.update(memBytes, 0, memBytes.length); + memBytes = longToByteArray(rt.freeMemory()); + md.update(memBytes, 0, memBytes.length); + return md.digest(); } @@ -293,29 +283,19 @@ abstract class SeedGenerator { , e); } - final ThreadGroup[] finalsg = new ThreadGroup[1]; - @SuppressWarnings("removal") - Thread t = java.security.AccessController.doPrivileged - (new java.security.PrivilegedAction<>() { - @Override - public Thread run() { - ThreadGroup parent, group = - Thread.currentThread().getThreadGroup(); - while ((parent = group.getParent()) != null) { - group = parent; - } - finalsg[0] = new ThreadGroup - (group, "SeedGenerator ThreadGroup"); - Thread newT = new Thread(finalsg[0], - ThreadedSeedGenerator.this, - "SeedGenerator Thread", - 0, - false); - newT.setPriority(Thread.MIN_PRIORITY); - newT.setDaemon(true); - return newT; - } - }); + ThreadGroup[] finalsg = new ThreadGroup[1]; + ThreadGroup parent, group = Thread.currentThread().getThreadGroup(); + while ((parent = group.getParent()) != null) { + group = parent; + } + finalsg[0] = new ThreadGroup(group, "SeedGenerator ThreadGroup"); + Thread t = new Thread(finalsg[0], + ThreadedSeedGenerator.this, + "SeedGenerator Thread", + 0, + false); + t.setPriority(Thread.MIN_PRIORITY); + t.setDaemon(true); seedGroup = finalsg[0]; t.start(); } @@ -502,34 +482,25 @@ abstract class SeedGenerator { init(); } - @SuppressWarnings("removal") private void init() throws IOException { @SuppressWarnings("deprecation") - final URL device = new URL(deviceName); + URL device = new URL(deviceName); try { - seedStream = java.security.AccessController.doPrivileged - (new java.security.PrivilegedExceptionAction<>() { - @Override - public InputStream run() throws IOException { - /* - * return a shared InputStream for file URLs and - * avoid buffering. - * The URL.openStream() call wraps InputStream in a - * BufferedInputStream which - * can buffer up to 8K bytes. This read is a - * performance issue for entropy sources which - * can be slow to replenish. - */ - if (device.getProtocol().equalsIgnoreCase("file")) { - File deviceFile = - SunEntries.getDeviceFile(device); - return FileInputStreamPool - .getInputStream(deviceFile); - } else { - return device.openStream(); - } - } - }); + /* + * return a shared InputStream for file URLs and + * avoid buffering. + * The URL.openStream() call wraps InputStream in a + * BufferedInputStream which + * can buffer up to 8K bytes. This read is a + * performance issue for entropy sources which + * can be slow to replenish. + */ + if (device.getProtocol().equalsIgnoreCase("file")) { + File deviceFile = SunEntries.getDeviceFile(device); + seedStream = FileInputStreamPool.getInputStream(deviceFile); + } else { + seedStream = device.openStream(); + } } catch (Exception e) { throw new IOException( "Failed to open " + deviceName, e.getCause()); diff --git a/src/java.base/share/classes/sun/security/provider/Sun.java b/src/java.base/share/classes/sun/security/provider/Sun.java index 9c441216cee..fbd19ef633e 100644 --- a/src/java.base/share/classes/sun/security/provider/Sun.java +++ b/src/java.base/share/classes/sun/security/provider/Sun.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -47,7 +47,6 @@ public final class Sun extends Provider { "PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; " + "JavaLoginConfig Configuration)"; - @SuppressWarnings("removal") public Sun() { /* We are the SUN provider */ super("SUN", PROVIDER_VER, INFO); @@ -55,24 +54,8 @@ public final class Sun extends Provider { Provider p = this; Iterator serviceIter = new SunEntries(p).iterator(); - // if there is no security manager installed, put directly into - // the provider - if (System.getSecurityManager() == null) { - putEntries(serviceIter); - } else { - AccessController.doPrivileged(new PrivilegedAction() { - @Override - public Void run() { - putEntries(serviceIter); - return null; - } - }); - } - } - - void putEntries(Iterator i) { - while (i.hasNext()) { - putService(i.next()); + while (serviceIter.hasNext()) { + putService(serviceIter.next()); } } } diff --git a/src/java.base/share/classes/sun/security/provider/SunEntries.java b/src/java.base/share/classes/sun/security/provider/SunEntries.java index 36278ae445f..9f5e3447aeb 100644 --- a/src/java.base/share/classes/sun/security/provider/SunEntries.java +++ b/src/java.base/share/classes/sun/security/provider/SunEntries.java @@ -30,8 +30,6 @@ import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; import java.net.URL; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.security.Provider; import java.security.Security; import java.util.HashMap; @@ -39,7 +37,6 @@ import java.util.Iterator; import java.util.LinkedHashSet; import jdk.internal.util.StaticProperty; -import sun.security.action.GetBooleanAction; import static sun.security.util.SecurityProviderConstants.getAliases; @@ -345,29 +342,24 @@ public final class SunEntries { private static final String PROP_RNDSOURCE = "securerandom.source"; private static final boolean useLegacyDSA = - GetBooleanAction.privilegedGetProperty - ("jdk.security.legacyDSAKeyPairGenerator"); + Boolean.getBoolean("jdk.security.legacyDSAKeyPairGenerator"); static final String URL_DEV_RANDOM = "file:/dev/random"; static final String URL_DEV_URANDOM = "file:/dev/urandom"; - @SuppressWarnings("removal") - private static final String seedSource = AccessController.doPrivileged( - new PrivilegedAction() { + private static final String seedSource = getOverridableSeedSource(); - @Override - public String run() { - String egdSource = System.getProperty(PROP_EGD, ""); - if (egdSource.length() != 0) { - return egdSource; - } - egdSource = Security.getProperty(PROP_RNDSOURCE); - if (egdSource == null) { - return ""; - } - return egdSource; - } - }); + private static String getOverridableSeedSource() { + String egdSource = System.getProperty(PROP_EGD, ""); + if (egdSource.length() != 0) { + return egdSource; + } + egdSource = Security.getProperty(PROP_RNDSOURCE); + if (egdSource == null) { + return ""; + } + return egdSource; + } static { DEF_SECURE_RANDOM_ALGO = (NativePRNG.isAvailable() && @@ -386,8 +378,6 @@ public final class SunEntries { * URISyntaxException we make a best effort for backwards * compatibility. e.g. space character in deviceName string. * - * Method called within PrivilegedExceptionAction block. - * * Moved from SeedGenerator to avoid initialization problems with * signed providers. */ diff --git a/src/java.base/share/classes/sun/security/provider/VerificationProvider.java b/src/java.base/share/classes/sun/security/provider/VerificationProvider.java index 5734a6f4c3b..7f5959b8e77 100644 --- a/src/java.base/share/classes/sun/security/provider/VerificationProvider.java +++ b/src/java.base/share/classes/sun/security/provider/VerificationProvider.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -61,7 +61,6 @@ public final class VerificationProvider extends Provider { ACTIVE = b; } - @SuppressWarnings("removal") public VerificationProvider() { super("SunJarVerification", PROVIDER_VER, "Jar Verification Provider"); // register all algorithms normally registered by the Sun and SunRsaSign @@ -75,20 +74,8 @@ public final class VerificationProvider extends Provider { Iterator rsaIter = new SunRsaSignEntries(p).iterator(); - // if there is no security manager installed, put directly into - // the provider - if (System.getSecurityManager() == null) { - putEntries(sunIter); - putEntries(rsaIter); - } else { - AccessController.doPrivileged(new PrivilegedAction() { - public Void run() { - putEntries(sunIter); - putEntries(rsaIter); - return null; - } - }); - } + putEntries(sunIter); + putEntries(rsaIter); } void putEntries(Iterator i) { diff --git a/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java b/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java index 6f1f7b6ad73..a32d88605c5 100644 --- a/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java +++ b/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java @@ -38,10 +38,10 @@ import java.util.Date; import java.util.List; import java.util.Map; -import sun.security.action.GetPropertyAction; import sun.security.util.Debug; import sun.security.util.Event; import sun.security.util.IOUtils; +import sun.security.util.SecurityProperties; import sun.security.x509.AccessDescription; import sun.security.x509.AuthorityInfoAccessExtension; import sun.security.x509.GeneralName; @@ -114,7 +114,7 @@ public final class OCSP { */ private static int initializeTimeout(String prop, int def) { int timeoutVal = - GetPropertyAction.privilegedGetTimeoutProp(prop, def, debug); + SecurityProperties.getTimeoutSystemProp(prop, def, debug); if (debug != null) { debug.println(prop + " set to " + timeoutVal + " milliseconds"); } @@ -123,7 +123,7 @@ public final class OCSP { private static boolean initializeBoolean(String prop, boolean def) { boolean value = - GetPropertyAction.privilegedGetBooleanProp(prop, def, debug); + SecurityProperties.getBooleanSystemProp(prop, def, debug); if (debug != null) { debug.println(prop + " set to " + value); } diff --git a/src/java.base/share/classes/sun/security/provider/certpath/URICertStore.java b/src/java.base/share/classes/sun/security/provider/certpath/URICertStore.java index 44f11cb0985..28729a56dbd 100644 --- a/src/java.base/share/classes/sun/security/provider/certpath/URICertStore.java +++ b/src/java.base/share/classes/sun/security/provider/certpath/URICertStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -51,12 +51,12 @@ import java.util.Collections; import java.util.List; import java.util.Locale; -import sun.security.action.GetPropertyAction; import sun.security.x509.AccessDescription; import sun.security.x509.GeneralNameInterface; import sun.security.x509.URIName; import sun.security.util.Cache; import sun.security.util.Debug; +import sun.security.util.SecurityProperties; /** * A CertStore that retrieves Certificates or @@ -175,7 +175,7 @@ class URICertStore extends CertStoreSpi { */ private static int initializeTimeout(String prop, int def) { int timeoutVal = - GetPropertyAction.privilegedGetTimeoutProp(prop, def, debug); + SecurityProperties.getTimeoutSystemProp(prop, def, debug); if (debug != null) { debug.println(prop + " set to " + timeoutVal + " milliseconds"); } diff --git a/src/java.base/share/classes/sun/security/rsa/RSAKeyFactory.java b/src/java.base/share/classes/sun/security/rsa/RSAKeyFactory.java index 6a9cf6edbf8..c6fa1cf8980 100644 --- a/src/java.base/share/classes/sun/security/rsa/RSAKeyFactory.java +++ b/src/java.base/share/classes/sun/security/rsa/RSAKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,7 +32,6 @@ import java.security.interfaces.*; import java.security.spec.*; import java.util.Arrays; -import sun.security.action.GetPropertyAction; import sun.security.rsa.RSAUtil.KeyType; /** @@ -91,7 +90,7 @@ public class RSAKeyFactory extends KeyFactorySpi { public static final int MAX_RESTRICTED_EXPLEN = 64; private static final boolean restrictExpLen = - "true".equalsIgnoreCase(GetPropertyAction.privilegedGetProperty( + "true".equalsIgnoreCase(System.getProperty( "sun.security.rsa.restrictRSAExponent", "true")); static RSAKeyFactory getInstance(KeyType type) { diff --git a/src/java.base/share/classes/sun/security/rsa/SunRsaSign.java b/src/java.base/share/classes/sun/security/rsa/SunRsaSign.java index 642b97933d5..664881ba6af 100644 --- a/src/java.base/share/classes/sun/security/rsa/SunRsaSign.java +++ b/src/java.base/share/classes/sun/security/rsa/SunRsaSign.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -43,26 +43,11 @@ public final class SunRsaSign extends Provider { @java.io.Serial private static final long serialVersionUID = 866040293550393045L; - @SuppressWarnings("removal") public SunRsaSign() { super("SunRsaSign", PROVIDER_VER, "Sun RSA signature provider"); Provider p = this; - Iterator serviceIter = new SunRsaSignEntries(p).iterator(); - - if (System.getSecurityManager() == null) { - putEntries(serviceIter); - } else { - AccessController.doPrivileged(new PrivilegedAction() { - @Override - public Void run() { - putEntries(serviceIter); - return null; - } - }); - } - } - void putEntries(Iterator i) { + Iterator i = new SunRsaSignEntries(p).iterator(); while (i.hasNext()) { putService(i.next()); } diff --git a/src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java b/src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java index 28f32742a61..dc5b1aafb20 100644 --- a/src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java +++ b/src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,9 +25,7 @@ package sun.security.util; -import java.security.AccessController; import java.security.AlgorithmConstraints; -import java.security.PrivilegedAction; import java.security.Security; import java.util.Arrays; import java.util.Collections; @@ -48,14 +46,7 @@ public abstract class AbstractAlgorithmConstraints // Get algorithm constraints from the specified security property. static Set getAlgorithms(String propertyName) { - @SuppressWarnings("removal") - String property = AccessController.doPrivileged( - new PrivilegedAction() { - @Override - public String run() { - return Security.getProperty(propertyName); - } - }); + String property = Security.getProperty(propertyName); String[] algorithmsInProperty = null; if (property != null && !property.isEmpty()) { diff --git a/src/java.base/share/classes/sun/security/util/Debug.java b/src/java.base/share/classes/sun/security/util/Debug.java index 9f344601e7e..59bc810ca57 100644 --- a/src/java.base/share/classes/sun/security/util/Debug.java +++ b/src/java.base/share/classes/sun/security/util/Debug.java @@ -34,7 +34,6 @@ import java.util.HexFormat; import java.util.regex.Pattern; import java.util.regex.Matcher; import java.util.Locale; -import sun.security.action.GetPropertyAction; /** * A utility class for debugging. @@ -54,10 +53,9 @@ public class Debug { private static final String THREAD_OPTION = "+thread"; static { - args = GetPropertyAction.privilegedGetProperty("java.security.debug"); + args = System.getProperty("java.security.debug"); - String args2 = GetPropertyAction - .privilegedGetProperty("java.security.auth.debug"); + String args2 = System.getProperty("java.security.auth.debug"); if (args == null) { args = args2; diff --git a/src/java.base/share/classes/sun/security/util/DomainName.java b/src/java.base/share/classes/sun/security/util/DomainName.java index 5182ad1b5ca..53a646c8102 100644 --- a/src/java.base/share/classes/sun/security/util/DomainName.java +++ b/src/java.base/share/classes/sun/security/util/DomainName.java @@ -32,8 +32,6 @@ import java.io.FileNotFoundException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.IOException; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Arrays; import java.util.HashSet; import java.util.Iterator; @@ -205,21 +203,12 @@ class DomainName { } private static InputStream getPubSuffixStream() { - @SuppressWarnings("removal") - InputStream is = AccessController.doPrivileged( - new PrivilegedAction<>() { - @Override - public InputStream run() { - File f = new File(StaticProperty.javaHome(), - "lib/security/public_suffix_list.dat"); - try { - return new FileInputStream(f); - } catch (FileNotFoundException e) { - return null; - } - } - } - ); + InputStream is = null; + File f = new File(System.getProperty("java.home"), + "lib/security/public_suffix_list.dat"); + try { + is = new FileInputStream(f); + } catch (FileNotFoundException e) { } if (is == null) { if (SSLLogger.isOn && SSLLogger.isOn("ssl") && SSLLogger.isOn("trustmanager")) { diff --git a/src/java.base/share/classes/sun/security/util/FilePermCompat.java b/src/java.base/share/classes/sun/security/util/FilePermCompat.java index 1bba80df544..72db4eb93bc 100644 --- a/src/java.base/share/classes/sun/security/util/FilePermCompat.java +++ b/src/java.base/share/classes/sun/security/util/FilePermCompat.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -40,7 +40,7 @@ public class FilePermCompat { public static final boolean compat; static { - String flag = SecurityProperties.privilegedGetOverridable( + String flag = SecurityProperties.getOverridableProperty( "jdk.io.permissionsUseCanonicalPath"); if (flag == null) { flag = "false"; diff --git a/src/java.base/share/classes/sun/security/util/HostnameChecker.java b/src/java.base/share/classes/sun/security/util/HostnameChecker.java index 71a491813eb..1374bc6d535 100644 --- a/src/java.base/share/classes/sun/security/util/HostnameChecker.java +++ b/src/java.base/share/classes/sun/security/util/HostnameChecker.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -153,7 +153,7 @@ public class HostnameChecker { InetAddress.getByName(ipAddress))) { return; } - } catch (UnknownHostException | SecurityException e) {} + } catch (UnknownHostException e) {} } } } diff --git a/src/java.base/share/classes/sun/security/util/LazyCodeSourcePermissionCollection.java b/src/java.base/share/classes/sun/security/util/LazyCodeSourcePermissionCollection.java deleted file mode 100644 index 68a1f70bb01..00000000000 --- a/src/java.base/share/classes/sun/security/util/LazyCodeSourcePermissionCollection.java +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.util; - -import java.io.File; -import java.io.FilePermission; -import java.io.IOException; -import java.net.URL; -import java.security.CodeSource; -import java.security.Permission; -import java.security.PermissionCollection; -import java.util.Enumeration; - -/** - * This {@code PermissionCollection} implementation delegates to another - * {@code PermissionCollection}, taking care to lazily add the permission needed - * to read from the given {@code CodeSource} at first use, i.e., when either of - * {@link #elements}, {@link #implies} or {@link #toString} is called, or when - * the collection is serialized. - */ -public final class LazyCodeSourcePermissionCollection - extends PermissionCollection -{ - @java.io.Serial - private static final long serialVersionUID = -6727011328946861783L; - private final PermissionCollection perms; - private final CodeSource cs; - private volatile boolean permissionAdded; - - public LazyCodeSourcePermissionCollection(PermissionCollection perms, - CodeSource cs) { - this.perms = perms; - this.cs = cs; - } - - private void ensureAdded() { - if (!permissionAdded) { - synchronized(perms) { - if (permissionAdded) - return; - - // open connection to determine the permission needed - URL location = cs.getLocation(); - if (location != null) { - try { - Permission p = location.openConnection().getPermission(); - if (p != null) { - // for directories then need recursive access - if (p instanceof FilePermission) { - String path = p.getName(); - if (path.endsWith(File.separator)) { - path += "-"; - p = new FilePermission(path, - SecurityConstants.FILE_READ_ACTION); - } - } - perms.add(p); - } - } catch (IOException ioe) { - } - } - if (isReadOnly()) { - perms.setReadOnly(); - } - permissionAdded = true; - } - } - } - - @Override - public void add(Permission permission) { - if (isReadOnly()) - throw new SecurityException( - "attempt to add a Permission to a readonly PermissionCollection"); - perms.add(permission); - } - - @Override - public boolean implies(Permission permission) { - ensureAdded(); - return perms.implies(permission); - } - - @Override - public Enumeration elements() { - ensureAdded(); - return perms.elements(); - } - - @Override - public String toString() { - ensureAdded(); - return perms.toString(); - } - - /** - * On serialization, initialize and replace with the underlying - * permissions. This removes the laziness on deserialization. - */ - @java.io.Serial - private Object writeReplace() { - ensureAdded(); - return perms; - } -} diff --git a/src/java.base/share/classes/sun/security/util/LocalizedMessage.java b/src/java.base/share/classes/sun/security/util/LocalizedMessage.java index 99742b3b80f..ffe092a6b6d 100644 --- a/src/java.base/share/classes/sun/security/util/LocalizedMessage.java +++ b/src/java.base/share/classes/sun/security/util/LocalizedMessage.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -49,8 +49,8 @@ public class LocalizedMessage { /** * A LocalizedMessage can be instantiated with a key and formatted with * arguments later in the style of MessageFormat. This organization - * allows the actual formatting (and associated permission checks) to be - * avoided unless the resulting string is needed. + * allows the actual formatting to be avoided unless the resulting string + * is needed. * @param key */ public LocalizedMessage(String key) { diff --git a/src/java.base/share/classes/sun/security/util/SecurityConstants.java b/src/java.base/share/classes/sun/security/util/SecurityConstants.java index 9d49bbba0a1..34f80faa3ab 100644 --- a/src/java.base/share/classes/sun/security/util/SecurityConstants.java +++ b/src/java.base/share/classes/sun/security/util/SecurityConstants.java @@ -25,12 +25,7 @@ package sun.security.util; -import java.lang.reflect.ReflectPermission; -import java.net.NetPermission; -import java.net.SocketPermission; import java.security.AllPermission; -import java.security.SecurityPermission; -import sun.security.action.GetPropertyAction; /** * Permission constants and string constants used to create permissions @@ -63,72 +58,9 @@ public final class SecurityConstants { // Permission constants used in the various checkPermission() calls in JDK. - // java.lang.Class, java.lang.SecurityManager, java.lang.System, - // java.net.URLConnection, java.security.AllPermission, java.security.Policy, - // sun.security.provider.PolicyFile + // java.net.URLConnection, java.security.AllPermission public static final AllPermission ALL_PERMISSION = new AllPermission(); - // java.net.URL - public static final NetPermission SPECIFY_HANDLER_PERMISSION = - new NetPermission("specifyStreamHandler"); - - // java.net.ServerSocket, java.net.Socket - public static final NetPermission SET_SOCKETIMPL_PERMISSION = - new NetPermission("setSocketImpl"); - - // java.lang.SecurityManager, sun.applet.AppletPanel - public static final RuntimePermission CREATE_CLASSLOADER_PERMISSION = - new RuntimePermission("createClassLoader"); - - // java.lang.SecurityManager - public static final RuntimePermission CHECK_MEMBER_ACCESS_PERMISSION = - new RuntimePermission("accessDeclaredMembers"); - - // java.lang.SecurityManager, sun.applet.AppletSecurity - public static final RuntimePermission MODIFY_THREAD_PERMISSION = - new RuntimePermission("modifyThread"); - - // java.lang.SecurityManager, sun.applet.AppletSecurity - public static final RuntimePermission MODIFY_THREADGROUP_PERMISSION = - new RuntimePermission("modifyThreadGroup"); - - // java.lang.Class - public static final RuntimePermission GET_PD_PERMISSION = - new RuntimePermission("getProtectionDomain"); - - // java.lang.Thread - public static final RuntimePermission GET_STACK_TRACE_PERMISSION = - new RuntimePermission("getStackTrace"); - - // java.lang.Thread - public static final RuntimePermission SUBCLASS_IMPLEMENTATION_PERMISSION = - new RuntimePermission("enableContextClassLoaderOverride"); - - // java.security.AccessControlContext - public static final SecurityPermission CREATE_ACC_PERMISSION = - new SecurityPermission("createAccessControlContext"); - - // java.security.AccessControlContext - public static final SecurityPermission GET_COMBINER_PERMISSION = - new SecurityPermission("getDomainCombiner"); - - // java.security.Policy, java.security.ProtectionDomain - public static final SecurityPermission GET_POLICY_PERMISSION = - new SecurityPermission ("getPolicy"); - - // java.lang.SecurityManager - public static final SocketPermission LOCAL_LISTEN_PERMISSION = - new SocketPermission("localhost:0", SOCKET_LISTEN_ACTION); - public static final String PROVIDER_VER = - GetPropertyAction.privilegedGetProperty("java.specification.version"); - - // java.lang.reflect.AccessibleObject - public static final ReflectPermission ACCESS_PERMISSION = - new ReflectPermission("suppressAccessChecks"); - - // sun.reflect.ReflectionFactory - public static final RuntimePermission REFLECTION_FACTORY_ACCESS_PERMISSION = - new RuntimePermission("reflectionFactoryAccess"); - + System.getProperty("java.specification.version"); } diff --git a/src/java.base/share/classes/sun/security/util/SecurityProperties.java b/src/java.base/share/classes/sun/security/util/SecurityProperties.java index a07c9b743fc..98bc71d829b 100644 --- a/src/java.base/share/classes/sun/security/util/SecurityProperties.java +++ b/src/java.base/share/classes/sun/security/util/SecurityProperties.java @@ -26,10 +26,12 @@ package sun.security.util; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.security.Security; +import java.util.Locale; +/** + * Utility methods for retrieving security and system properties. + */ public class SecurityProperties { public static final boolean INCLUDE_JAR_NAME_IN_EXCEPTIONS @@ -42,15 +44,6 @@ public class SecurityProperties { * @param propName the name of the system or security property * @return the value of the system or security property */ - @SuppressWarnings("removal") - public static String privilegedGetOverridable(String propName) { - if (System.getSecurityManager() == null) { - return getOverridableProperty(propName); - } else { - return AccessController.doPrivileged((PrivilegedAction) () -> getOverridableProperty(propName)); - } - } - public static String getOverridableProperty(String propName) { String val = System.getProperty(propName); if (val == null) { @@ -69,7 +62,7 @@ public class SecurityProperties { * contains refName, false otherwise */ public static boolean includedInExceptions(String refName) { - String val = privilegedGetOverridable("jdk.includeInExceptions"); + String val = getOverridableProperty("jdk.includeInExceptions"); if (val == null) { return false; } @@ -83,4 +76,98 @@ public class SecurityProperties { } return false; } + + /** + * Convenience method for fetching System property values that are timeouts. + * Accepted timeout values may be purely numeric, a numeric value + * followed by "s" (both interpreted as seconds), or a numeric value + * followed by "ms" (interpreted as milliseconds). + * + * @param prop the name of the System property + * @param def a default value (in milliseconds) + * @param dbg a Debug object, if null no debug messages will be sent + * + * @return an integer value corresponding to the timeout value in the System + * property in milliseconds. If the property value is empty, negative, + * or contains non-numeric characters (besides a trailing "s" or "ms") + * then the default value will be returned. If a negative value for + * the "def" parameter is supplied, zero will be returned if the + * property's value does not conform to the allowed syntax. + */ + public static int getTimeoutSystemProp(String prop, int def, Debug dbg) { + if (def < 0) { + def = 0; + } + + String rawPropVal = System.getProperty(prop, "").trim(); + if (rawPropVal.length() == 0) { + return def; + } + + // Determine if "ms" or just "s" is on the end of the string. + // We may do a little surgery on the value so we'll retain + // the original value in rawPropVal for debug messages. + boolean isMillis = false; + String propVal = rawPropVal; + if (rawPropVal.toLowerCase(Locale.ROOT).endsWith("ms")) { + propVal = rawPropVal.substring(0, rawPropVal.length() - 2); + isMillis = true; + } else if (rawPropVal.toLowerCase(Locale.ROOT).endsWith("s")) { + propVal = rawPropVal.substring(0, rawPropVal.length() - 1); + } + + // Next check to make sure the string is built only from digits + if (propVal.matches("^\\d+$")) { + try { + int timeout = Integer.parseInt(propVal); + return isMillis ? timeout : timeout * 1000; + } catch (NumberFormatException nfe) { + if (dbg != null) { + dbg.println("Warning: Unexpected " + nfe + + " for timeout value " + rawPropVal + + ". Using default value of " + def + " msec."); + } + return def; + } + } else { + if (dbg != null) { + dbg.println("Warning: Incorrect syntax for timeout value " + + rawPropVal + ". Using default value of " + def + + " msec."); + } + return def; + } + } + + /** + * Convenience method for fetching System property values that are booleans. + * + * @param prop the name of the System property + * @param def a default value + * @param dbg a Debug object, if null no debug messages will be sent + * + * @return a boolean value corresponding to the value in the System property. + * If the property value is neither "true" or "false", the default value + * will be returned. + */ + public static boolean getBooleanSystemProp(String prop, boolean def, Debug dbg) { + String rawPropVal = System.getProperty(prop, ""); + if ("".equals(rawPropVal)) { + return def; + } + + String lower = rawPropVal.toLowerCase(Locale.ROOT); + if ("true".equals(lower)) { + return true; + } else if ("false".equals(lower)) { + return false; + } else { + if (dbg != null) { + dbg.println("Warning: Unexpected value for " + prop + + ": " + rawPropVal + + ". Using default value: " + def); + } + return def; + } + } } diff --git a/src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java b/src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java index 66c88cd63a9..3ae9375fae1 100644 --- a/src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java +++ b/src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,7 +34,6 @@ import java.security.ProviderException; import java.security.NoSuchAlgorithmException; import javax.crypto.Cipher; import javax.crypto.spec.DHParameterSpec; -import sun.security.action.GetPropertyAction; /** * Various constants such as version number, default key length, used by @@ -175,8 +174,7 @@ public final class SecurityProviderConstants { "jdk.security.defaultKeySize"; static { - String keyLengthStr = GetPropertyAction.privilegedGetProperty - (KEY_LENGTH_PROP); + String keyLengthStr = System.getProperty(KEY_LENGTH_PROP); int dsaKeySize = 2048; int rsaKeySize = 3072; int rsaSsaPssKeySize = rsaKeySize; // default to same value as RSA diff --git a/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java b/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java index 1576388b653..7accd3cbf10 100644 --- a/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java +++ b/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java @@ -37,7 +37,6 @@ import java.util.jar.Attributes; import java.util.jar.Manifest; import jdk.internal.util.ArraysSupport; -import sun.security.action.GetIntegerAction; import sun.security.jca.Providers; import sun.security.pkcs.PKCS7; import sun.security.pkcs.SignerInfo; @@ -847,8 +846,7 @@ public class SignatureFileVerifier { * the maximum allowed number of bytes for the signature-related files * in a JAR file. */ - int tmp = GetIntegerAction.privilegedGetProperty( - "jdk.jar.maxSignatureFileSize", 16000000); + int tmp = Integer.getInteger("jdk.jar.maxSignatureFileSize", 16000000); if (tmp < 0 || tmp > MAX_ARRAY_SIZE) { if (debug != null) { debug.println("The default signature file size of 16000000 bytes " + diff --git a/src/java.base/unix/classes/sun/security/provider/NativePRNG.java b/src/java.base/unix/classes/sun/security/provider/NativePRNG.java index edc5197df2c..a814746d960 100644 --- a/src/java.base/unix/classes/sun/security/provider/NativePRNG.java +++ b/src/java.base/unix/classes/sun/security/provider/NativePRNG.java @@ -126,75 +126,68 @@ public final class NativePRNG extends SecureRandomSpi { /** * Create a RandomIO object for all I/O of this Variant type. */ - @SuppressWarnings("removal") private static RandomIO initIO(final Variant v) { - return AccessController.doPrivileged( - new PrivilegedAction<>() { - @Override - public RandomIO run() { - File seedFile; - File nextFile; + File seedFile; + File nextFile; - switch(v) { - case MIXED: - URL egdUrl; - File egdFile = null; + switch(v) { + case MIXED: + URL egdUrl; + File egdFile = null; - if ((egdUrl = getEgdUrl()) != null) { - try { - egdFile = SunEntries.getDeviceFile(egdUrl); - } catch (IOException e) { - // Swallow, seedFile is still null - } - } - - // Try egd first. - if ((egdFile != null) && egdFile.canRead()) { - seedFile = egdFile; - } else { - // fall back to /dev/random. - seedFile = new File(NAME_RANDOM); - } - nextFile = new File(NAME_URANDOM); - break; - - case BLOCKING: - seedFile = new File(NAME_RANDOM); - nextFile = new File(NAME_RANDOM); - break; - - case NONBLOCKING: - seedFile = new File(NAME_URANDOM); - nextFile = new File(NAME_URANDOM); - break; - - default: - // Shouldn't happen! - return null; - } - - if (debug != null) { - debug.println("NativePRNG." + v + - " seedFile: " + seedFile + - " nextFile: " + nextFile); - } - - if (!seedFile.canRead() || !nextFile.canRead()) { - if (debug != null) { - debug.println("NativePRNG." + v + - " Couldn't read Files."); - } - return null; - } - - try { - return new RandomIO(seedFile, nextFile); - } catch (Exception e) { - return null; - } + if ((egdUrl = getEgdUrl()) != null) { + try { + egdFile = SunEntries.getDeviceFile(egdUrl); + } catch (IOException e) { + // Swallow, seedFile is still null } - }); + } + + // Try egd first. + if ((egdFile != null) && egdFile.canRead()) { + seedFile = egdFile; + } else { + // fall back to /dev/random. + seedFile = new File(NAME_RANDOM); + } + nextFile = new File(NAME_URANDOM); + break; + + case BLOCKING: + seedFile = new File(NAME_RANDOM); + nextFile = new File(NAME_RANDOM); + break; + + case NONBLOCKING: + seedFile = new File(NAME_URANDOM); + nextFile = new File(NAME_URANDOM); + break; + + default: + // Shouldn't happen! + return null; + } + + if (debug != null) { + debug.println("NativePRNG." + v + + " seedFile: " + seedFile + + " nextFile: " + nextFile); + } + + if (!seedFile.canRead() || !nextFile.canRead()) { + if (debug != null) { + debug.println("NativePRNG." + v + + " Couldn't read Files."); + } + return null; + } + + try { + return new RandomIO(seedFile, nextFile); + } catch (Exception e) { + return null; + } } // return whether the NativePRNG is available @@ -457,22 +450,15 @@ public final class NativePRNG extends SecureRandomSpi { // supply random bytes to the OS // write to "seed" if possible // always add the seed to our mixing random - @SuppressWarnings("removal") private void implSetSeed(byte[] seed) { synchronized (LOCK_SET_SEED) { if (seedOutInitialized == false) { seedOutInitialized = true; - seedOut = AccessController.doPrivileged( - new PrivilegedAction<>() { - @Override - public OutputStream run() { - try { - return new FileOutputStream(seedFile, true); - } catch (Exception e) { - return null; - } - } - }); + try { + seedOut = new FileOutputStream(seedFile, true); + } catch (Exception e) { + seedOut = null; + } } if (seedOut != null) { try { diff --git a/src/java.naming/share/classes/com/sun/naming/internal/ObjectFactoriesFilter.java b/src/java.naming/share/classes/com/sun/naming/internal/ObjectFactoriesFilter.java index a80b59927d3..c7d50778d7b 100644 --- a/src/java.naming/share/classes/com/sun/naming/internal/ObjectFactoriesFilter.java +++ b/src/java.naming/share/classes/com/sun/naming/internal/ObjectFactoriesFilter.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2020, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -220,7 +220,7 @@ public final class ObjectFactoriesFilter { // Get security or system property value private static String getFilterPropertyValue(String propertyName, String defaultValue) { - String propVal = SecurityProperties.privilegedGetOverridable(propertyName); + String propVal = SecurityProperties.getOverridableProperty(propertyName); return propVal != null ? propVal : defaultValue; } } diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/Config.java b/src/java.security.jgss/share/classes/sun/security/krb5/Config.java index a9ea9d23eb1..c92a106850b 100644 --- a/src/java.security.jgss/share/classes/sun/security/krb5/Config.java +++ b/src/java.security.jgss/share/classes/sun/security/krb5/Config.java @@ -72,7 +72,7 @@ public class Config { static { String disableReferralsProp = - SecurityProperties.privilegedGetOverridable( + SecurityProperties.getOverridableProperty( "sun.security.krb5.disableReferrals"); if (disableReferralsProp != null) { DISABLE_REFERRALS = "true".equalsIgnoreCase(disableReferralsProp); @@ -82,7 +82,7 @@ public class Config { int maxReferralsValue = 5; String maxReferralsProp = - SecurityProperties.privilegedGetOverridable( + SecurityProperties.getOverridableProperty( "sun.security.krb5.maxReferrals"); try { maxReferralsValue = Integer.parseInt(maxReferralsProp); diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java b/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java index 9482177c174..f9076a9b0dd 100644 --- a/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java +++ b/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java @@ -67,7 +67,7 @@ public class Credentials { private static boolean alreadyTried = false; public static final boolean S4U2PROXY_ACCEPT_NON_FORWARDABLE - = "true".equalsIgnoreCase(SecurityProperties.privilegedGetOverridable( + = "true".equalsIgnoreCase(SecurityProperties.getOverridableProperty( "jdk.security.krb5.s4u2proxy.acceptNonForwardableServiceTicket")); private Credentials proxy = null; diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java b/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java index 9bee88eab9b..400843ff417 100644 --- a/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java +++ b/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java @@ -109,7 +109,7 @@ public class PrincipalName implements Cloneable { private static final boolean NAME_CASE_SENSITIVE_IN_MATCH = "true".equalsIgnoreCase( - SecurityProperties.privilegedGetOverridable( + SecurityProperties.getOverridableProperty( "jdk.security.krb5.name.case.sensitive")); diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java index 8599ffd81b8..a5b128f7129 100644 --- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java +++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java @@ -358,7 +358,7 @@ public class FileCredentialsCache extends CredentialsCache } boolean force; - String prop = SecurityProperties.privilegedGetOverridable( + String prop = SecurityProperties.getOverridableProperty( "jdk.security.krb5.default.initiate.credential"); if (prop == null) { prop = "always-impersonate"; diff --git a/test/jdk/sun/security/action/Generify.java b/test/jdk/sun/security/action/Generify.java index 09cbb3fbb42..4ddbc299a47 100644 --- a/test/jdk/sun/security/action/Generify.java +++ b/test/jdk/sun/security/action/Generify.java @@ -35,37 +35,8 @@ public class Generify { public static void main(String[] args) throws Exception { - long larg = 1234567890L; - - System.setProperty("boolean", "true"); - System.setProperty("integer", "9"); - System.setProperty("long", Long.toString(larg)); System.setProperty("property", "propertyvalue"); - Boolean b = AccessController.doPrivileged - (new GetBooleanAction("boolean")); - if (b.booleanValue() == true) { - System.out.println("boolean test passed"); - } else { - throw new SecurityException("boolean test failed"); - } - - Integer i = AccessController.doPrivileged - (new GetIntegerAction("integer")); - if (i.intValue() == 9) { - System.out.println("integer test passed"); - } else { - throw new SecurityException("integer test failed"); - } - - Long l = AccessController.doPrivileged - (new GetLongAction("long")); - if (l.longValue() == larg) { - System.out.println("long test passed"); - } else { - throw new SecurityException("long test failed"); - } - String prop = AccessController.doPrivileged (new GetPropertyAction("property")); if (prop.equals("propertyvalue")) { diff --git a/test/jdk/sun/security/action/GetLongAction/ReturnNullIfNoDefault.java b/test/jdk/sun/security/action/GetLongAction/ReturnNullIfNoDefault.java deleted file mode 100644 index be465575019..00000000000 --- a/test/jdk/sun/security/action/GetLongAction/ReturnNullIfNoDefault.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 1998, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 4173993 - * @summary Make sure "null" is returned if property does not exist (or has - * wrong numeric format) and no default has been specified. - * @modules java.base/sun.security.action - */ - -import sun.security.action.*; - -public class ReturnNullIfNoDefault { - - public static void main(String[] args) throws Exception { - long larg = 1234567890L; - - GetLongAction ac = new GetLongAction("test"); - if (ac.run() != null) - throw new Exception("Returned value is not null"); - - ac = new GetLongAction("test", larg); - long ret = ((Long)ac.run()).longValue(); - if (ret != larg) - throw new Exception("Returned value differs from default"); - - System.setProperty("test", Long.toString(larg)); - ac = new GetLongAction("test"); - ret = ((Long)ac.run()).longValue(); - if (ret != larg) - throw new Exception("Returned value differs from property"); - } -}