diff --git a/jdk/src/java.base/linux/classes/sun/nio/fs/LinuxFileSystemProvider.java b/jdk/src/java.base/linux/classes/sun/nio/fs/LinuxFileSystemProvider.java
index f6abaf69d7e..8a2307d2ff6 100644
--- a/jdk/src/java.base/linux/classes/sun/nio/fs/LinuxFileSystemProvider.java
+++ b/jdk/src/java.base/linux/classes/sun/nio/fs/LinuxFileSystemProvider.java
@@ -102,8 +102,8 @@ public class LinuxFileSystemProvider extends UnixFileSystemProvider {
@Override
FileTypeDetector getFileTypeDetector() {
- Path userMimeTypes = Paths.get(AccessController.doPrivileged(
- new GetPropertyAction("user.home")), ".mime.types");
+ String userHome = GetPropertyAction.getProperty("user.home");
+ Path userMimeTypes = Paths.get(userHome, ".mime.types");
Path etcMimeTypes = Paths.get("/etc/mime.types");
return chain(new GioFileTypeDetector(),
diff --git a/jdk/src/java.base/macosx/classes/sun/nio/ch/KQueueArrayWrapper.java b/jdk/src/java.base/macosx/classes/sun/nio/ch/KQueueArrayWrapper.java
index 2aa3fbcbaa2..7598cf9e37f 100644
--- a/jdk/src/java.base/macosx/classes/sun/nio/ch/KQueueArrayWrapper.java
+++ b/jdk/src/java.base/macosx/classes/sun/nio/ch/KQueueArrayWrapper.java
@@ -32,9 +32,9 @@
package sun.nio.ch;
import java.io.IOException;
-import java.io.FileDescriptor;
import java.util.Iterator;
import java.util.LinkedList;
+import sun.security.action.GetPropertyAction;
/*
* struct kevent { // 32-bit 64-bit
@@ -84,10 +84,8 @@ class KQueueArrayWrapper {
static {
IOUtil.load();
initStructSizes();
- String datamodel = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("sun.arch.data.model")
- );
- is64bit = datamodel.equals("64");
+ String datamodel = GetPropertyAction.getProperty("sun.arch.data.model");
+ is64bit = "64".equals(datamodel);
}
KQueueArrayWrapper() {
diff --git a/jdk/src/java.base/macosx/classes/sun/nio/fs/MacOSXFileSystemProvider.java b/jdk/src/java.base/macosx/classes/sun/nio/fs/MacOSXFileSystemProvider.java
index 0dcee95bfc3..6b9a56a9fa7 100644
--- a/jdk/src/java.base/macosx/classes/sun/nio/fs/MacOSXFileSystemProvider.java
+++ b/jdk/src/java.base/macosx/classes/sun/nio/fs/MacOSXFileSystemProvider.java
@@ -28,7 +28,6 @@ package sun.nio.fs;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.spi.FileTypeDetector;
-import java.security.AccessController;
import sun.security.action.GetPropertyAction;
/**
@@ -47,8 +46,8 @@ public class MacOSXFileSystemProvider extends BsdFileSystemProvider {
@Override
FileTypeDetector getFileTypeDetector() {
- Path userMimeTypes = Paths.get(AccessController.doPrivileged(
- new GetPropertyAction("user.home")), ".mime.types");
+ Path userMimeTypes = Paths.get(
+ GetPropertyAction.getProperty("user.home"), ".mime.types");
return chain(new MimeTypesFileTypeDetector(userMimeTypes),
new UTIFileTypeDetector());
diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
index 9f8f54a1823..87fa4a383f3 100644
--- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
+++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
@@ -512,11 +512,17 @@ final class GaloisCounterMode extends FeedbackCipher {
byte[] sOut = new byte[s.length];
GCTR gctrForSToTag = new GCTR(embeddedCipher, this.preCounterBlock);
gctrForSToTag.doFinal(s, 0, s.length, sOut, 0);
+
+ // check entire authentication tag for time-consistency
+ int mismatch = 0;
for (int i = 0; i < tagLenBytes; i++) {
- if (tag[i] != sOut[i]) {
- throw new AEADBadTagException("Tag mismatch!");
- }
+ mismatch |= tag[i] ^ sOut[i];
}
+
+ if (mismatch != 0) {
+ throw new AEADBadTagException("Tag mismatch!");
+ }
+
return len;
}
diff --git a/jdk/src/java.base/share/classes/java/io/DataInput.java b/jdk/src/java.base/share/classes/java/io/DataInput.java
index dca9187d4a7..60e03c2173c 100644
--- a/jdk/src/java.base/share/classes/java/io/DataInput.java
+++ b/jdk/src/java.base/share/classes/java/io/DataInput.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -182,10 +182,11 @@ interface DataInput {
* not all bytes of {@code b} have been
* updated with data from the input stream.
*
- * @param b the buffer into which the data is read.
- * @exception EOFException if this stream reaches the end before reading
- * all the bytes.
- * @exception IOException if an I/O error occurs.
+ * @param b the buffer into which the data is read.
+ * @throws NullPointerException if {@code b} is {@code null}.
+ * @throws EOFException if this stream reaches the end before reading
+ * all the bytes.
+ * @throws IOException if an I/O error occurs.
*/
void readFully(byte b[]) throws IOException;
@@ -226,12 +227,16 @@ interface DataInput {
* and so on. The number of bytes read is,
* at most, equal to {@code len}.
*
- * @param b the buffer into which the data is read.
- * @param off an int specifying the offset into the data.
- * @param len an int specifying the number of bytes to read.
- * @exception EOFException if this stream reaches the end before reading
- * all the bytes.
- * @exception IOException if an I/O error occurs.
+ * @param b the buffer into which the data is read.
+ * @param off an int specifying the offset in the data array {@code b}.
+ * @param len an int specifying the number of bytes to read.
+ * @throws NullPointerException if {@code b} is {@code null}.
+ * @throws IndexOutOfBoundsException if {@code off} is negative,
+ * {@code len} is negative, or {@code len} is greater than
+ * {@code b.length - off}.
+ * @throws EOFException if this stream reaches the end before reading
+ * all the bytes.
+ * @throws IOException if an I/O error occurs.
*/
void readFully(byte b[], int off, int len) throws IOException;
diff --git a/jdk/src/java.base/share/classes/java/io/DataInputStream.java b/jdk/src/java.base/share/classes/java/io/DataInputStream.java
index 6ce6b233ee6..f92c4f91b0c 100644
--- a/jdk/src/java.base/share/classes/java/io/DataInputStream.java
+++ b/jdk/src/java.base/share/classes/java/io/DataInputStream.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1994, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -150,38 +150,43 @@ class DataInputStream extends FilterInputStream implements DataInput {
}
/**
- * See the general contract of the readFully
- * method of DataInput.
+ * See the general contract of the {@code readFully}
+ * method of {@code DataInput}.
*
* Bytes
* for this operation are read from the contained
* input stream.
*
- * @param b the buffer into which the data is read.
- * @exception EOFException if this input stream reaches the end before
- * reading all the bytes.
- * @exception IOException the stream has been closed and the contained
- * input stream does not support reading after close, or
- * another I/O error occurs.
- * @see java.io.FilterInputStream#in
+ * @param b the buffer into which the data is read.
+ * @throws NullPointerException if {@code b} is {@code null}.
+ * @throws EOFException if this input stream reaches the end before
+ * reading all the bytes.
+ * @throws IOException the stream has been closed and the contained
+ * input stream does not support reading after close, or
+ * another I/O error occurs.
+ * @see java.io.FilterInputStream#in
*/
public final void readFully(byte b[]) throws IOException {
readFully(b, 0, b.length);
}
/**
- * See the general contract of the readFully
- * method of DataInput.
+ * See the general contract of the {@code readFully}
+ * method of {@code DataInput}.
*
* Bytes
* for this operation are read from the contained
* input stream.
*
* @param b the buffer into which the data is read.
- * @param off the start offset of the data.
+ * @param off the start offset in the data array {@code b}.
* @param len the number of bytes to read.
+ * @exception NullPointerException if {@code b} is {@code null}.
+ * @exception IndexOutOfBoundsException if {@code off} is negative,
+ * {@code len} is negative, or {@code len} is greater than
+ * {@code b.length - off}.
* @exception EOFException if this input stream reaches the end before
- * reading all the bytes.
+ * reading all the bytes.
* @exception IOException the stream has been closed and the contained
* input stream does not support reading after close, or
* another I/O error occurs.
diff --git a/jdk/src/java.base/share/classes/java/io/File.java b/jdk/src/java.base/share/classes/java/io/File.java
index 089171bab9e..7f23340920b 100644
--- a/jdk/src/java.base/share/classes/java/io/File.java
+++ b/jdk/src/java.base/share/classes/java/io/File.java
@@ -31,7 +31,6 @@ import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.util.List;
import java.util.ArrayList;
-import java.security.AccessController;
import java.security.SecureRandom;
import java.nio.file.Path;
import java.nio.file.FileSystems;
@@ -1896,8 +1895,8 @@ public class File
private TempDirectory() { }
// temporary directory location
- private static final File tmpdir = new File(AccessController
- .doPrivileged(new GetPropertyAction("java.io.tmpdir")));
+ private static final File tmpdir = new File(
+ GetPropertyAction.getProperty("java.io.tmpdir"));
static File location() {
return tmpdir;
}
diff --git a/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java b/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java
index dbf10bd757d..a591136419d 100644
--- a/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java
+++ b/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java
@@ -40,6 +40,9 @@ import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import static java.io.ObjectStreamClass.processQueue;
+import jdk.internal.misc.JavaObjectInputStreamAccess;
+import jdk.internal.misc.ObjectStreamClassValidator;
+import jdk.internal.misc.SharedSecrets;
import jdk.internal.misc.Unsafe;
import sun.reflect.misc.ReflectUtil;
@@ -853,10 +856,14 @@ public class ObjectInputStream
* exactly 'length' bytes.
*
* @param buf the buffer into which the data is read
- * @param off the start offset of the data
+ * @param off the start offset in the destination array {@code buf}
* @param len the maximum number of bytes read
* @return the actual number of bytes read, -1 is returned when the end of
* the stream is reached.
+ * @throws NullPointerException if {@code buf} is {@code null}.
+ * @throws IndexOutOfBoundsException if {@code off} is negative,
+ * {@code len} is negative, or {@code len} is greater than
+ * {@code buf.length - off}.
* @throws IOException If an I/O error has occurred.
* @see java.io.DataInputStream#readFully(byte[],int,int)
*/
@@ -1014,6 +1021,7 @@ public class ObjectInputStream
* Reads bytes, blocking until all bytes are read.
*
* @param buf the buffer into which the data is read
+ * @throws NullPointerException If {@code buf} is {@code null}.
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
@@ -1025,8 +1033,12 @@ public class ObjectInputStream
* Reads bytes, blocking until all bytes are read.
*
* @param buf the buffer into which the data is read
- * @param off the start offset of the data
+ * @param off the start offset into the data array {@code buf}
* @param len the maximum number of bytes to read
+ * @throws NullPointerException If {@code buf} is {@code null}.
+ * @throws IndexOutOfBoundsException If {@code off} is negative,
+ * {@code len} is negative, or {@code len} is greater than
+ * {@code buf.length - off}.
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
@@ -1509,23 +1521,28 @@ public class ObjectInputStream
throws IOException
{
byte tc = bin.peekByte();
+ ObjectStreamClass descriptor;
switch (tc) {
case TC_NULL:
- return (ObjectStreamClass) readNull();
-
+ descriptor = (ObjectStreamClass) readNull();
+ break;
case TC_REFERENCE:
- return (ObjectStreamClass) readHandle(unshared);
-
+ descriptor = (ObjectStreamClass) readHandle(unshared);
+ break;
case TC_PROXYCLASSDESC:
- return readProxyDesc(unshared);
-
+ descriptor = readProxyDesc(unshared);
+ break;
case TC_CLASSDESC:
- return readNonProxyDesc(unshared);
-
+ descriptor = readNonProxyDesc(unshared);
+ break;
default:
throw new StreamCorruptedException(
String.format("invalid type code: %02X", tc));
}
+ if (descriptor != null) {
+ validateDescriptor(descriptor);
+ }
+ return descriptor;
}
private boolean isCustomSubclass() {
@@ -1915,6 +1932,8 @@ public class ObjectInputStream
if (obj == null || handles.lookupException(passHandle) != null) {
defaultReadFields(null, slotDesc); // skip field values
} else if (slotDesc.hasReadObjectMethod()) {
+ ThreadDeath t = null;
+ boolean reset = false;
SerialCallbackContext oldContext = curContext;
if (oldContext != null)
oldContext.check();
@@ -1933,10 +1952,19 @@ public class ObjectInputStream
*/
handles.markException(passHandle, ex);
} finally {
- curContext.setUsed();
- if (oldContext!= null)
- oldContext.check();
- curContext = oldContext;
+ do {
+ try {
+ curContext.setUsed();
+ if (oldContext!= null)
+ oldContext.check();
+ curContext = oldContext;
+ reset = true;
+ } catch (ThreadDeath x) {
+ t = x; // defer until reset is true
+ }
+ } while (!reset);
+ if (t != null)
+ throw t;
}
/*
@@ -3647,4 +3675,20 @@ public class ObjectInputStream
}
}
+ private void validateDescriptor(ObjectStreamClass descriptor) {
+ ObjectStreamClassValidator validating = validator;
+ if (validating != null) {
+ validating.validateDescriptor(descriptor);
+ }
+ }
+
+ // controlled access to ObjectStreamClassValidator
+ private volatile ObjectStreamClassValidator validator;
+
+ private static void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator) {
+ ois.validator = validator;
+ }
+ static {
+ SharedSecrets.setJavaObjectInputStreamAccess(ObjectInputStream::setValidator);
+ }
}
diff --git a/jdk/src/java.base/share/classes/java/io/RandomAccessFile.java b/jdk/src/java.base/share/classes/java/io/RandomAccessFile.java
index db6ae71f89f..1a8344df88b 100644
--- a/jdk/src/java.base/share/classes/java/io/RandomAccessFile.java
+++ b/jdk/src/java.base/share/classes/java/io/RandomAccessFile.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1994, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -418,10 +418,11 @@ public class RandomAccessFile implements DataOutput, DataInput, Closeable {
* read. This method blocks until the requested number of bytes are
* read, the end of the stream is detected, or an exception is thrown.
*
- * @param b the buffer into which the data is read.
- * @exception EOFException if this file reaches the end before reading
- * all the bytes.
- * @exception IOException if an I/O error occurs.
+ * @param b the buffer into which the data is read.
+ * @throws NullPointerException if {@code b} is {@code null}.
+ * @throws EOFException if this file reaches the end before reading
+ * all the bytes.
+ * @throws IOException if an I/O error occurs.
*/
public final void readFully(byte b[]) throws IOException {
readFully(b, 0, b.length);
@@ -434,12 +435,16 @@ public class RandomAccessFile implements DataOutput, DataInput, Closeable {
* read. This method blocks until the requested number of bytes are
* read, the end of the stream is detected, or an exception is thrown.
*
- * @param b the buffer into which the data is read.
- * @param off the start offset of the data.
- * @param len the number of bytes to read.
- * @exception EOFException if this file reaches the end before reading
- * all the bytes.
- * @exception IOException if an I/O error occurs.
+ * @param b the buffer into which the data is read.
+ * @param off the start offset into the data array {@code b}.
+ * @param len the number of bytes to read.
+ * @throws NullPointerException if {@code b} is {@code null}.
+ * @throws IndexOutOfBoundsException if {@code off} is negative,
+ * {@code len} is negative, or {@code len} is greater than
+ * {@code b.length - off}.
+ * @throws EOFException if this file reaches the end before reading
+ * all the bytes.
+ * @throws IOException if an I/O error occurs.
*/
public final void readFully(byte b[], int off, int len) throws IOException {
int n = 0;
diff --git a/jdk/src/java.base/share/classes/java/lang/ClassLoader.java b/jdk/src/java.base/share/classes/java/lang/ClassLoader.java
index 1fcd03b760f..61123302a3c 100644
--- a/jdk/src/java.base/share/classes/java/lang/ClassLoader.java
+++ b/jdk/src/java.base/share/classes/java/lang/ClassLoader.java
@@ -817,6 +817,9 @@ public abstract class ClassLoader {
if (!checkName(name))
throw new NoClassDefFoundError("IllegalName: " + name);
+ // Note: Checking logic in java.lang.invoke.MemberName.checkForTypeAlias
+ // relies on the fact that spoofing is impossible if a class has a name
+ // of the form "java.*"
if ((name != null) && name.startsWith("java.")
&& this != getBuiltinPlatformClassLoader()) {
throw new SecurityException
diff --git a/jdk/src/java.base/share/classes/java/lang/ProcessBuilder.java b/jdk/src/java.base/share/classes/java/lang/ProcessBuilder.java
index ebd47fcfe87..638be0e9f72 100644
--- a/jdk/src/java.base/share/classes/java/lang/ProcessBuilder.java
+++ b/jdk/src/java.base/share/classes/java/lang/ProcessBuilder.java
@@ -30,13 +30,12 @@ import java.io.FileDescriptor;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
-import java.nio.channels.Pipe;
import java.util.Arrays;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
+import sun.security.action.GetPropertyAction;
+
/**
* This class is used to create operating system processes.
*
@@ -468,11 +467,9 @@ public final class ProcessBuilder
* @since 1.7
*/
public abstract static class Redirect {
- private static final File NULL_FILE = AccessController.doPrivileged(
- (PrivilegedAction) () -> {
- return new File((System.getProperty("os.name")
- .startsWith("Windows") ? "NUL" : "/dev/null"));
- }
+ private static final File NULL_FILE = new File(
+ (GetPropertyAction.getProperty("os.name")
+ .startsWith("Windows") ? "NUL" : "/dev/null")
);
/**
diff --git a/jdk/src/java.base/share/classes/java/lang/StackStreamFactory.java b/jdk/src/java.base/share/classes/java/lang/StackStreamFactory.java
index 8dccef351fe..73446062bea 100644
--- a/jdk/src/java.base/share/classes/java/lang/StackStreamFactory.java
+++ b/jdk/src/java.base/share/classes/java/lang/StackStreamFactory.java
@@ -30,8 +30,6 @@ import java.lang.StackWalker.StackFrame;
import java.lang.annotation.Native;
import java.lang.reflect.Method;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.HashSet;
import java.util.NoSuchElementException;
import java.util.Objects;
@@ -41,6 +39,7 @@ import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
+import sun.security.action.GetPropertyAction;
import static java.lang.StackStreamFactory.WalkerState.*;
@@ -990,14 +989,9 @@ final class StackStreamFactory {
}
private static boolean getProperty(String key, boolean value) {
- String s = AccessController.doPrivileged(new PrivilegedAction<>() {
- @Override
- public String run() {
- return System.getProperty(key);
- }
- });
+ String s = GetPropertyAction.getProperty(key);
if (s != null) {
- return Boolean.valueOf(s);
+ return Boolean.parseBoolean(s);
}
return value;
}
diff --git a/jdk/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java b/jdk/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java
index 739573507ab..a0df622f501 100644
--- a/jdk/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java
@@ -88,8 +88,7 @@ import static jdk.internal.org.objectweb.asm.Opcodes.*;
static {
final String key = "jdk.internal.lambda.dumpProxyClasses";
- String path = AccessController.doPrivileged(
- new GetPropertyAction(key));
+ String path = GetPropertyAction.getProperty(key);
dumper = (null == path) ? null : ProxyClassesDumper.getInstance(path);
}
diff --git a/jdk/src/java.base/share/classes/java/lang/invoke/MemberName.java b/jdk/src/java.base/share/classes/java/lang/invoke/MemberName.java
index d141efcac6e..de4e3c15537 100644
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MemberName.java
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/MemberName.java
@@ -827,7 +827,7 @@ import java.util.Objects;
assert(isResolved() == isResolved);
}
- void checkForTypeAlias() {
+ void checkForTypeAlias(Class refc) {
if (isInvocable()) {
MethodType type;
if (this.type instanceof MethodType)
@@ -835,16 +835,16 @@ import java.util.Objects;
else
this.type = type = getMethodType();
if (type.erase() == type) return;
- if (VerifyAccess.isTypeVisible(type, clazz)) return;
- throw new LinkageError("bad method type alias: "+type+" not visible from "+clazz);
+ if (VerifyAccess.isTypeVisible(type, refc)) return;
+ throw new LinkageError("bad method type alias: "+type+" not visible from "+refc);
} else {
Class type;
if (this.type instanceof Class)
type = (Class) this.type;
else
this.type = type = getFieldType();
- if (VerifyAccess.isTypeVisible(type, clazz)) return;
- throw new LinkageError("bad field type alias: "+type+" not visible from "+clazz);
+ if (VerifyAccess.isTypeVisible(type, refc)) return;
+ throw new LinkageError("bad field type alias: "+type+" not visible from "+refc);
}
}
@@ -1016,10 +1016,25 @@ import java.util.Objects;
MemberName m = ref.clone(); // JVM will side-effect the ref
assert(refKind == m.getReferenceKind());
try {
+ // There are 4 entities in play here:
+ // * LC: lookupClass
+ // * REFC: symbolic reference class (MN.clazz before resolution);
+ // * DEFC: resolved method holder (MN.clazz after resolution);
+ // * PTYPES: parameter types (MN.type)
+ //
+ // What we care about when resolving a MemberName is consistency between DEFC and PTYPES.
+ // We do type alias (TA) checks on DEFC to ensure that. DEFC is not known until the JVM
+ // finishes the resolution, so do TA checks right after MHN.resolve() is over.
+ //
+ // All parameters passed by a caller are checked against MH type (PTYPES) on every invocation,
+ // so it is safe to call a MH from any context.
+ //
+ // REFC view on PTYPES doesn't matter, since it is used only as a starting point for resolution and doesn't
+ // participate in method selection.
m = MethodHandleNatives.resolve(m, lookupClass);
- m.checkForTypeAlias();
+ m.checkForTypeAlias(m.getDeclaringClass());
m.resolution = null;
- } catch (LinkageError ex) {
+ } catch (ClassNotFoundException | LinkageError ex) {
// JVM reports that the "bytecode behavior" would get an error
assert(!m.isResolved());
m.resolution = ex;
diff --git a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleNatives.java b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleNatives.java
index 7a5d3f1f0b2..67c197dd709 100644
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleNatives.java
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleNatives.java
@@ -49,7 +49,7 @@ class MethodHandleNatives {
static native void init(MemberName self, Object ref);
static native void expand(MemberName self);
- static native MemberName resolve(MemberName self, Class caller) throws LinkageError;
+ static native MemberName resolve(MemberName self, Class caller) throws LinkageError, ClassNotFoundException;
static native int getMembers(Class defc, String matchName, String matchSig,
int matchFlags, Class caller, int skip, MemberName[] results);
diff --git a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java
index df1cba46fa8..4fbc1d84671 100644
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java
@@ -25,9 +25,9 @@
package java.lang.invoke;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
+import java.util.Properties;
import jdk.internal.misc.Unsafe;
+import sun.security.action.GetPropertyAction;
/**
* This class consists exclusively of static names internal to the
@@ -53,32 +53,27 @@ import jdk.internal.misc.Unsafe;
static final boolean VAR_HANDLE_GUARDS;
static {
- final Object[] values = new Object[10];
- AccessController.doPrivileged(new PrivilegedAction<>() {
- public Void run() {
- values[0] = Boolean.getBoolean("java.lang.invoke.MethodHandle.DEBUG_NAMES");
- values[1] = Boolean.getBoolean("java.lang.invoke.MethodHandle.DUMP_CLASS_FILES");
- values[2] = Boolean.getBoolean("java.lang.invoke.MethodHandle.TRACE_INTERPRETER");
- values[3] = Boolean.getBoolean("java.lang.invoke.MethodHandle.TRACE_METHOD_LINKAGE");
- values[4] = Integer.getInteger("java.lang.invoke.MethodHandle.COMPILE_THRESHOLD", 0);
- values[5] = Integer.getInteger("java.lang.invoke.MethodHandle.DONT_INLINE_THRESHOLD", 30);
- values[6] = Integer.getInteger("java.lang.invoke.MethodHandle.PROFILE_LEVEL", 0);
- values[7] = Boolean.parseBoolean(System.getProperty("java.lang.invoke.MethodHandle.PROFILE_GWT", "true"));
- values[8] = Integer.getInteger("java.lang.invoke.MethodHandle.CUSTOMIZE_THRESHOLD", 127);
- values[9] = Boolean.parseBoolean(System.getProperty("java.lang.invoke.VarHandle.VAR_HANDLE_GUARDS", "true"));
- return null;
- }
- });
- DEBUG_METHOD_HANDLE_NAMES = (Boolean) values[0];
- DUMP_CLASS_FILES = (Boolean) values[1];
- TRACE_INTERPRETER = (Boolean) values[2];
- TRACE_METHOD_LINKAGE = (Boolean) values[3];
- COMPILE_THRESHOLD = (Integer) values[4];
- DONT_INLINE_THRESHOLD = (Integer) values[5];
- PROFILE_LEVEL = (Integer) values[6];
- PROFILE_GWT = (Boolean) values[7];
- CUSTOMIZE_THRESHOLD = (Integer) values[8];
- VAR_HANDLE_GUARDS = (Boolean) values[9];
+ Properties props = GetPropertyAction.getProperties();
+ DEBUG_METHOD_HANDLE_NAMES = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.MethodHandle.DEBUG_NAMES"));
+ DUMP_CLASS_FILES = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.MethodHandle.DUMP_CLASS_FILES"));
+ TRACE_INTERPRETER = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.MethodHandle.TRACE_INTERPRETER"));
+ TRACE_METHOD_LINKAGE = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.MethodHandle.TRACE_METHOD_LINKAGE"));
+ COMPILE_THRESHOLD = Integer.parseInt(
+ props.getProperty("java.lang.invoke.MethodHandle.COMPILE_THRESHOLD", "0"));
+ DONT_INLINE_THRESHOLD = Integer.parseInt(
+ props.getProperty("java.lang.invoke.MethodHandle.DONT_INLINE_THRESHOLD", "30"));
+ PROFILE_LEVEL = Integer.parseInt(
+ props.getProperty("java.lang.invoke.MethodHandle.PROFILE_LEVEL", "0"));
+ PROFILE_GWT = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.MethodHandle.PROFILE_GWT", "true"));
+ CUSTOMIZE_THRESHOLD = Integer.parseInt(
+ props.getProperty("java.lang.invoke.MethodHandle.CUSTOMIZE_THRESHOLD", "127"));
+ VAR_HANDLE_GUARDS = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.VarHandle.VAR_HANDLE_GUARDS", "true"));
if (CUSTOMIZE_THRESHOLD < -1 || CUSTOMIZE_THRESHOLD > 127) {
throw newInternalError("CUSTOMIZE_THRESHOLD should be in [-1...127] range");
diff --git a/jdk/src/java.base/share/classes/java/lang/invoke/StringConcatFactory.java b/jdk/src/java.base/share/classes/java/lang/invoke/StringConcatFactory.java
index 6469a4b8a6d..44f29a4a136 100644
--- a/jdk/src/java.base/share/classes/java/lang/invoke/StringConcatFactory.java
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/StringConcatFactory.java
@@ -33,7 +33,6 @@ import jdk.internal.vm.annotation.ForceInline;
import jdk.internal.misc.Unsafe;
import java.lang.invoke.MethodHandles.Lookup;
-import java.security.AccessController;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
@@ -188,14 +187,15 @@ public final class StringConcatFactory {
private static final ProxyClassesDumper DUMPER;
static {
- final String strategy = AccessController.doPrivileged(
- new GetPropertyAction("java.lang.invoke.stringConcat"));
- CACHE_ENABLE = Boolean.parseBoolean(AccessController.doPrivileged(
- new GetPropertyAction("java.lang.invoke.stringConcat.cache")));
- DEBUG = Boolean.parseBoolean(AccessController.doPrivileged(
- new GetPropertyAction("java.lang.invoke.stringConcat.debug")));
- final String dumpPath = AccessController.doPrivileged(
- new GetPropertyAction("java.lang.invoke.stringConcat.dumpClasses"));
+ Properties props = GetPropertyAction.getProperties();
+ final String strategy =
+ props.getProperty("java.lang.invoke.stringConcat");
+ CACHE_ENABLE = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.stringConcat.cache"));
+ DEBUG = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.stringConcat.debug"));
+ final String dumpPath =
+ props.getProperty("java.lang.invoke.stringConcat.dumpClasses");
STRATEGY = (strategy == null) ? DEFAULT_STRATEGY : Strategy.valueOf(strategy);
CACHE = CACHE_ENABLE ? new ConcurrentHashMap<>() : null;
diff --git a/jdk/src/java.base/share/classes/java/lang/module/ModuleFinder.java b/jdk/src/java.base/share/classes/java/lang/module/ModuleFinder.java
index 83d8fc59aaf..1cdd12838b1 100644
--- a/jdk/src/java.base/share/classes/java/lang/module/ModuleFinder.java
+++ b/jdk/src/java.base/share/classes/java/lang/module/ModuleFinder.java
@@ -39,6 +39,7 @@ import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
+import sun.security.action.GetPropertyAction;
/**
* A finder of modules. A {@code ModuleFinder} is used to find modules during
@@ -152,7 +153,7 @@ public interface ModuleFinder {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- PrivilegedAction pa = () -> System.getProperty("java.home");
+ PrivilegedAction pa = new GetPropertyAction("java.home");
home = AccessController.doPrivileged(pa);
Permission p = new FilePermission(home + File.separator + "-", "read");
sm.checkPermission(p);
diff --git a/jdk/src/java.base/share/classes/java/lang/reflect/Proxy.java b/jdk/src/java.base/share/classes/java/lang/reflect/Proxy.java
index 12abe79d4ea..8802abeda76 100644
--- a/jdk/src/java.base/share/classes/java/lang/reflect/Proxy.java
+++ b/jdk/src/java.base/share/classes/java/lang/reflect/Proxy.java
@@ -50,6 +50,7 @@ import jdk.internal.misc.VM;
import jdk.internal.reflect.CallerSensitive;
import jdk.internal.reflect.Reflection;
import sun.reflect.misc.ReflectUtil;
+import sun.security.action.GetPropertyAction;
import sun.security.util.SecurityConstants;
/**
@@ -581,11 +582,7 @@ public class Proxy implements java.io.Serializable {
}
private static final String DEBUG =
- AccessController.doPrivileged(new PrivilegedAction<>() {
- public String run() {
- return System.getProperty("jdk.proxy.debug", "");
- }
- });
+ GetPropertyAction.getProperty("jdk.proxy.debug", "");
private static boolean isDebug() {
return !DEBUG.isEmpty();
diff --git a/jdk/src/java.base/share/classes/java/net/AbstractPlainDatagramSocketImpl.java b/jdk/src/java.base/share/classes/java/net/AbstractPlainDatagramSocketImpl.java
index 7a9b7fc17ed..debc60f74b9 100644
--- a/jdk/src/java.base/share/classes/java/net/AbstractPlainDatagramSocketImpl.java
+++ b/jdk/src/java.base/share/classes/java/net/AbstractPlainDatagramSocketImpl.java
@@ -31,6 +31,7 @@ import sun.net.ResourceManager;
import java.util.Set;
import java.util.HashSet;
import java.util.Collections;
+import sun.security.action.GetPropertyAction;
/**
* Abstract datagram and multicast socket implementation base class.
@@ -51,9 +52,7 @@ abstract class AbstractPlainDatagramSocketImpl extends DatagramSocketImpl
protected InetAddress connectedAddress = null;
private int connectedPort = -1;
- private static final String os = AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("os.name")
- );
+ private static final String os = GetPropertyAction.getProperty("os.name");
/**
* flag set if the native connect() call not to be used
diff --git a/jdk/src/java.base/share/classes/java/net/InetAddress.java b/jdk/src/java.base/share/classes/java/net/InetAddress.java
index 8e0d46152ff..e79c5115413 100644
--- a/jdk/src/java.base/share/classes/java/net/InetAddress.java
+++ b/jdk/src/java.base/share/classes/java/net/InetAddress.java
@@ -1123,8 +1123,8 @@ class InetAddress implements java.io.Serializable {
*/
private static NameService createNameService() {
- String hostsFileName = AccessController
- .doPrivileged(new GetPropertyAction("jdk.net.hosts.file"));
+ String hostsFileName =
+ GetPropertyAction.getProperty("jdk.net.hosts.file");
NameService theNameService;
if (hostsFileName != null) {
theNameService = new HostsFileNameService(hostsFileName);
@@ -1643,8 +1643,7 @@ class InetAddress implements java.io.Serializable {
* property can vary across implementations of the java.
* classes. The default is an empty String "".
*/
- String prefix = AccessController.doPrivileged(
- new GetPropertyAction("impl.prefix", ""));
+ String prefix = GetPropertyAction.getProperty("impl.prefix", "");
try {
impl = Class.forName("java.net." + prefix + implName).newInstance();
} catch (ClassNotFoundException e) {
diff --git a/jdk/src/java.base/share/classes/java/net/SocksSocketImpl.java b/jdk/src/java.base/share/classes/java/net/SocksSocketImpl.java
index f7974d0d705..c3a0d1c675a 100644
--- a/jdk/src/java.base/share/classes/java/net/SocksSocketImpl.java
+++ b/jdk/src/java.base/share/classes/java/net/SocksSocketImpl.java
@@ -33,6 +33,7 @@ import java.security.PrivilegedExceptionAction;
import sun.net.SocksProxy;
import sun.net.spi.DefaultProxySelector;
import sun.net.www.ParseUtil;
+import sun.security.action.GetPropertyAction;
/* import org.ietf.jgss.*; */
/**
@@ -177,8 +178,7 @@ class SocksSocketImpl extends PlainSocketImpl implements SocksConsts {
userName = pw.getUserName();
password = new String(pw.getPassword());
} else {
- userName = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("user.name"));
+ userName = GetPropertyAction.getProperty("user.name");
}
if (userName == null)
return false;
@@ -1088,8 +1088,7 @@ class SocksSocketImpl extends PlainSocketImpl implements SocksConsts {
userName = System.getProperty("user.name");
} catch (SecurityException se) { /* swallow Exception */ }
} else {
- userName = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("user.name"));
+ userName = GetPropertyAction.getProperty("user.name");
}
return userName;
}
diff --git a/jdk/src/java.base/share/classes/java/net/URL.java b/jdk/src/java.base/share/classes/java/net/URL.java
index cce9cf9425a..099e8b9e0c8 100644
--- a/jdk/src/java.base/share/classes/java/net/URL.java
+++ b/jdk/src/java.base/share/classes/java/net/URL.java
@@ -42,6 +42,7 @@ import java.util.ServiceConfigurationError;
import java.util.ServiceLoader;
import sun.security.util.SecurityConstants;
+import sun.security.action.GetPropertyAction;
/**
* Class {@code URL} represents a Uniform Resource
@@ -1210,12 +1211,8 @@ public final class URL implements java.io.Serializable {
}
private static URLStreamHandler lookupViaProperty(String protocol) {
- String packagePrefixList = java.security.AccessController.doPrivileged(
- new PrivilegedAction<>() {
- public String run() {
- return System.getProperty(protocolPathProp, null);
- }
- });
+ String packagePrefixList =
+ GetPropertyAction.getProperty(protocolPathProp);
if (packagePrefixList == null) {
// not set
return null;
diff --git a/jdk/src/java.base/share/classes/java/net/URLConnection.java b/jdk/src/java.base/share/classes/java/net/URLConnection.java
index 87f4378b2ad..459a820bcde 100644
--- a/jdk/src/java.base/share/classes/java/net/URLConnection.java
+++ b/jdk/src/java.base/share/classes/java/net/URLConnection.java
@@ -43,6 +43,7 @@ import java.security.Permission;
import java.security.AccessController;
import sun.security.util.SecurityConstants;
import sun.net.www.MessageHeader;
+import sun.security.action.GetPropertyAction;
/**
* The abstract class {@code URLConnection} is the superclass
@@ -1395,8 +1396,8 @@ public abstract class URLConnection {
* is always the last one on the returned package list.
*/
private String getContentHandlerPkgPrefixes() {
- String packagePrefixList = AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction(contentPathProp, ""));
+ String packagePrefixList =
+ GetPropertyAction.getProperty(contentPathProp, "");
if (packagePrefixList != "") {
packagePrefixList += "|";
diff --git a/jdk/src/java.base/share/classes/java/net/URLEncoder.java b/jdk/src/java.base/share/classes/java/net/URLEncoder.java
index 5ad817bc72c..2f2c3e6c9c4 100644
--- a/jdk/src/java.base/share/classes/java/net/URLEncoder.java
+++ b/jdk/src/java.base/share/classes/java/net/URLEncoder.java
@@ -25,19 +25,12 @@
package java.net;
-import java.io.ByteArrayOutputStream;
-import java.io.BufferedWriter;
-import java.io.OutputStreamWriter;
-import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.io.CharArrayWriter;
import java.nio.charset.Charset;
import java.nio.charset.IllegalCharsetNameException;
import java.nio.charset.UnsupportedCharsetException ;
import java.util.BitSet;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import sun.security.action.GetBooleanAction;
import sun.security.action.GetPropertyAction;
/**
@@ -140,9 +133,7 @@ public class URLEncoder {
dontNeedEncoding.set('.');
dontNeedEncoding.set('*');
- dfltEncName = AccessController.doPrivileged(
- new GetPropertyAction("file.encoding")
- );
+ dfltEncName = GetPropertyAction.getProperty("file.encoding");
}
/**
diff --git a/jdk/src/java.base/share/classes/java/net/URLPermission.java b/jdk/src/java.base/share/classes/java/net/URLPermission.java
index 78373e1087f..e188c81d73b 100644
--- a/jdk/src/java.base/share/classes/java/net/URLPermission.java
+++ b/jdk/src/java.base/share/classes/java/net/URLPermission.java
@@ -170,7 +170,8 @@ public final class URLPermission extends Permission {
parseURI(getName());
int colon = actions.indexOf(':');
if (actions.lastIndexOf(':') != colon) {
- throw new IllegalArgumentException("invalid actions string");
+ throw new IllegalArgumentException(
+ "Invalid actions string: \"" + actions + "\"");
}
String methods, headers;
@@ -371,7 +372,8 @@ public final class URLPermission extends Permission {
l.add(s);
b = new StringBuilder();
} else if (c == ' ' || c == '\t') {
- throw new IllegalArgumentException("white space not allowed");
+ throw new IllegalArgumentException(
+ "White space not allowed in methods: \"" + methods + "\"");
} else {
if (c >= 'a' && c <= 'z') {
c += 'A' - 'a';
@@ -398,7 +400,8 @@ public final class URLPermission extends Permission {
}
b.append(c);
} else if (c == ' ' || c == '\t') {
- throw new IllegalArgumentException("white space not allowed");
+ throw new IllegalArgumentException(
+ "White space not allowed in headers: \"" + headers + "\"");
} else if (c == '-') {
capitalizeNext = true;
b.append(c);
@@ -423,14 +426,16 @@ public final class URLPermission extends Permission {
int len = url.length();
int delim = url.indexOf(':');
if (delim == -1 || delim + 1 == len) {
- throw new IllegalArgumentException("invalid URL string");
+ throw new IllegalArgumentException(
+ "Invalid URL string: \"" + url + "\"");
}
scheme = url.substring(0, delim).toLowerCase();
this.ssp = url.substring(delim + 1);
if (!ssp.startsWith("//")) {
if (!ssp.equals("*")) {
- throw new IllegalArgumentException("invalid URL string");
+ throw new IllegalArgumentException(
+ "Invalid URL string: \"" + url + "\"");
}
this.authority = new Authority(scheme, "*");
return;
diff --git a/jdk/src/java.base/share/classes/java/nio/charset/Charset.java b/jdk/src/java.base/share/classes/java/nio/charset/Charset.java
index 78ee33e764a..de49a8c6271 100644
--- a/jdk/src/java.base/share/classes/java/nio/charset/Charset.java
+++ b/jdk/src/java.base/share/classes/java/nio/charset/Charset.java
@@ -283,8 +283,8 @@ public abstract class Charset
if (level == null) {
if (!VM.isBooted())
return false;
- bugLevel = level = AccessController.doPrivileged(
- new GetPropertyAction("sun.nio.cs.bugLevel", ""));
+ bugLevel = level =
+ GetPropertyAction.getProperty("sun.nio.cs.bugLevel", "");
}
return level.equals(bl);
}
@@ -609,8 +609,7 @@ public abstract class Charset
public static Charset defaultCharset() {
if (defaultCharset == null) {
synchronized (Charset.class) {
- String csn = AccessController.doPrivileged(
- new GetPropertyAction("file.encoding"));
+ String csn = GetPropertyAction.getProperty("file.encoding");
Charset cs = lookup(csn);
if (cs != null)
defaultCharset = cs;
diff --git a/jdk/src/java.base/share/classes/java/nio/file/TempFileHelper.java b/jdk/src/java.base/share/classes/java/nio/file/TempFileHelper.java
index 2bc3d992c60..a6af1a15b1f 100644
--- a/jdk/src/java.base/share/classes/java/nio/file/TempFileHelper.java
+++ b/jdk/src/java.base/share/classes/java/nio/file/TempFileHelper.java
@@ -28,7 +28,6 @@ package java.nio.file;
import java.util.Set;
import java.util.EnumSet;
import java.security.SecureRandom;
-import static java.security.AccessController.*;
import java.io.IOException;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
@@ -47,7 +46,7 @@ class TempFileHelper {
// temporary directory location
private static final Path tmpdir =
- Paths.get(doPrivileged(new GetPropertyAction("java.io.tmpdir")));
+ Paths.get(GetPropertyAction.getProperty("java.io.tmpdir"));
private static final boolean isPosix =
FileSystems.getDefault().supportedFileAttributeViews().contains("posix");
diff --git a/jdk/src/java.base/share/classes/java/util/Locale.java b/jdk/src/java.base/share/classes/java/util/Locale.java
index 2d121e2e7ef..e05904f6f6b 100644
--- a/jdk/src/java.base/share/classes/java/util/Locale.java
+++ b/jdk/src/java.base/share/classes/java/util/Locale.java
@@ -45,7 +45,6 @@ import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamField;
import java.io.Serializable;
-import java.security.AccessController;
import java.text.MessageFormat;
import java.util.spi.LocaleNameProvider;
@@ -859,11 +858,10 @@ public final class Locale implements Cloneable, Serializable {
private static Locale initDefault() {
String language, region, script, country, variant;
- language = AccessController.doPrivileged(
- new GetPropertyAction("user.language", "en"));
+ Properties props = GetPropertyAction.getProperties();
+ language = props.getProperty("user.language", "en");
// for compatibility, check for old user.region property
- region = AccessController.doPrivileged(
- new GetPropertyAction("user.region"));
+ region = props.getProperty("user.region");
if (region != null) {
// region can be of form country, country_variant, or _variant
int i = region.indexOf('_');
@@ -876,27 +874,25 @@ public final class Locale implements Cloneable, Serializable {
}
script = "";
} else {
- script = AccessController.doPrivileged(
- new GetPropertyAction("user.script", ""));
- country = AccessController.doPrivileged(
- new GetPropertyAction("user.country", ""));
- variant = AccessController.doPrivileged(
- new GetPropertyAction("user.variant", ""));
+ script = props.getProperty("user.script", "");
+ country = props.getProperty("user.country", "");
+ variant = props.getProperty("user.variant", "");
}
return getInstance(language, script, country, variant, null);
}
private static Locale initDefault(Locale.Category category) {
+ Properties props = GetPropertyAction.getProperties();
return getInstance(
- AccessController.doPrivileged(
- new GetPropertyAction(category.languageKey, defaultLocale.getLanguage())),
- AccessController.doPrivileged(
- new GetPropertyAction(category.scriptKey, defaultLocale.getScript())),
- AccessController.doPrivileged(
- new GetPropertyAction(category.countryKey, defaultLocale.getCountry())),
- AccessController.doPrivileged(
- new GetPropertyAction(category.variantKey, defaultLocale.getVariant())),
+ props.getProperty(category.languageKey,
+ defaultLocale.getLanguage()),
+ props.getProperty(category.scriptKey,
+ defaultLocale.getScript()),
+ props.getProperty(category.countryKey,
+ defaultLocale.getCountry()),
+ props.getProperty(category.variantKey,
+ defaultLocale.getVariant()),
null);
}
diff --git a/jdk/src/java.base/share/classes/java/util/PropertyResourceBundle.java b/jdk/src/java.base/share/classes/java/util/PropertyResourceBundle.java
index 58ff7570269..9c20a680733 100644
--- a/jdk/src/java.base/share/classes/java/util/PropertyResourceBundle.java
+++ b/jdk/src/java.base/share/classes/java/util/PropertyResourceBundle.java
@@ -43,7 +43,6 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.io.IOException;
-import java.nio.charset.Charset;
import java.nio.charset.MalformedInputException;
import java.nio.charset.StandardCharsets;
import java.nio.charset.UnmappableCharacterException;
@@ -142,8 +141,8 @@ public class PropertyResourceBundle extends ResourceBundle {
// Check whether the strict encoding is specified.
// The possible encoding is either "ISO-8859-1" or "UTF-8".
private static final String encoding =
- AccessController.doPrivileged(
- new GetPropertyAction("java.util.PropertyResourceBundle.encoding", ""))
+ GetPropertyAction
+ .getProperty("java.util.PropertyResourceBundle.encoding", "")
.toUpperCase(Locale.ROOT);
/**
diff --git a/jdk/src/java.base/share/classes/java/util/TimeZone.java b/jdk/src/java.base/share/classes/java/util/TimeZone.java
index 3bf886b2721..22c382cb0a2 100644
--- a/jdk/src/java.base/share/classes/java/util/TimeZone.java
+++ b/jdk/src/java.base/share/classes/java/util/TimeZone.java
@@ -660,14 +660,12 @@ public abstract class TimeZone implements Serializable, Cloneable {
private static synchronized TimeZone setDefaultZone() {
TimeZone tz;
// get the time zone ID from the system properties
- String zoneID = AccessController.doPrivileged(
- new GetPropertyAction("user.timezone"));
+ String zoneID = GetPropertyAction.getProperty("user.timezone");
// if the time zone ID is not set (yet), perform the
// platform to Java time zone ID mapping.
if (zoneID == null || zoneID.isEmpty()) {
- String javaHome = AccessController.doPrivileged(
- new GetPropertyAction("java.home"));
+ String javaHome = GetPropertyAction.getProperty("java.home");
try {
zoneID = getSystemTimeZoneID(javaHome);
if (zoneID == null) {
diff --git a/jdk/src/java.base/share/classes/java/util/jar/JarFile.java b/jdk/src/java.base/share/classes/java/util/jar/JarFile.java
index f28750c3a97..ff26faad4f4 100644
--- a/jdk/src/java.base/share/classes/java/util/jar/JarFile.java
+++ b/jdk/src/java.base/share/classes/java/util/jar/JarFile.java
@@ -34,7 +34,6 @@ import java.util.stream.StreamSupport;
import java.util.zip.*;
import java.security.CodeSigner;
import java.security.cert.Certificate;
-import java.security.AccessController;
import java.security.CodeSource;
import jdk.internal.misc.SharedSecrets;
import sun.security.action.GetPropertyAction;
@@ -155,16 +154,16 @@ class JarFile extends ZipFile {
BASE_VERSION = 8; // one less than lowest version for versioned entries
int runtimeVersion = jdk.Version.current().major();
- String jarVersion = AccessController.doPrivileged(
- new GetPropertyAction("jdk.util.jar.version"));
+ String jarVersion =
+ GetPropertyAction.getProperty("jdk.util.jar.version");
if (jarVersion != null) {
int jarVer = Integer.parseInt(jarVersion);
runtimeVersion = (jarVer > runtimeVersion)
? runtimeVersion : Math.max(jarVer, 0);
}
RUNTIME_VERSION = runtimeVersion;
- String enableMultiRelease = AccessController.doPrivileged(
- new GetPropertyAction("jdk.util.jar.enableMultiRelease", "true"));
+ String enableMultiRelease = GetPropertyAction
+ .getProperty("jdk.util.jar.enableMultiRelease", "true");
switch (enableMultiRelease) {
case "true":
default:
diff --git a/jdk/src/java.base/share/classes/java/util/jar/Pack200.java b/jdk/src/java.base/share/classes/java/util/jar/Pack200.java
index 44f1cccd080..ac47ad12032 100644
--- a/jdk/src/java.base/share/classes/java/util/jar/Pack200.java
+++ b/jdk/src/java.base/share/classes/java/util/jar/Pack200.java
@@ -29,6 +29,7 @@ import java.io.InputStream;
import java.io.OutputStream;
import java.io.File;
import java.io.IOException;
+import sun.security.action.GetPropertyAction;
/**
@@ -694,8 +695,7 @@ public abstract class Pack200 {
Class impl = (PACK_PROVIDER.equals(prop))? packerImpl: unpackerImpl;
if (impl == null) {
// The first time, we must decide which class to use.
- implName = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction(prop,""));
+ implName = GetPropertyAction.getProperty(prop,"");
if (implName != null && !implName.equals(""))
impl = Class.forName(implName);
else if (PACK_PROVIDER.equals(prop))
diff --git a/jdk/src/java.base/share/classes/java/util/regex/PatternSyntaxException.java b/jdk/src/java.base/share/classes/java/util/regex/PatternSyntaxException.java
index 94d7abc78a5..f7768da27da 100644
--- a/jdk/src/java.base/share/classes/java/util/regex/PatternSyntaxException.java
+++ b/jdk/src/java.base/share/classes/java/util/regex/PatternSyntaxException.java
@@ -94,8 +94,7 @@ public class PatternSyntaxException
}
private static final String nl =
- java.security.AccessController
- .doPrivileged(new GetPropertyAction("line.separator"));
+ GetPropertyAction.getProperty("line.separator");
/**
* Returns a multi-line string containing the description of the syntax
diff --git a/jdk/src/java.base/share/classes/java/util/zip/ZipOutputStream.java b/jdk/src/java.base/share/classes/java/util/zip/ZipOutputStream.java
index 6b480aa1d5e..ff76017651b 100644
--- a/jdk/src/java.base/share/classes/java/util/zip/ZipOutputStream.java
+++ b/jdk/src/java.base/share/classes/java/util/zip/ZipOutputStream.java
@@ -33,6 +33,7 @@ import java.util.Vector;
import java.util.HashSet;
import static java.util.zip.ZipConstants64.*;
import static java.util.zip.ZipUtils.*;
+import sun.security.action.GetPropertyAction;
/**
* This class implements an output stream filter for writing files in the
@@ -54,9 +55,7 @@ class ZipOutputStream extends DeflaterOutputStream implements ZipConstants {
*/
private static final boolean inhibitZip64 =
Boolean.parseBoolean(
- java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction(
- "jdk.util.zip.inhibitZip64", "false")));
+ GetPropertyAction.getProperty("jdk.util.zip.inhibitZip64"));
private static class XEntry {
final ZipEntry entry;
diff --git a/jdk/src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java b/jdk/src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java
index 316016aac35..b436414308f 100644
--- a/jdk/src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java
@@ -51,9 +51,9 @@ public abstract class SSLSocketFactory extends SocketFactory
static final boolean DEBUG;
static {
- String s = java.security.AccessController.doPrivileged(
- new GetPropertyAction("javax.net.debug", "")).toLowerCase(
- Locale.ENGLISH);
+ String s = GetPropertyAction.getProperty("javax.net.debug", "")
+ .toLowerCase(Locale.ENGLISH);
+
DEBUG = s.contains("all") || s.contains("ssl");
}
diff --git a/jdk/src/java.base/share/classes/jdk/Version.java b/jdk/src/java.base/share/classes/jdk/Version.java
index 75c6b35c444..756af9ec051 100644
--- a/jdk/src/java.base/share/classes/jdk/Version.java
+++ b/jdk/src/java.base/share/classes/jdk/Version.java
@@ -26,8 +26,6 @@
package jdk;
import java.math.BigInteger;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -35,6 +33,7 @@ import java.util.stream.Collectors;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
+import sun.security.action.GetPropertyAction;
/**
* A representation of the JDK version-string which contains a version
@@ -274,12 +273,7 @@ public final class Version
*/
public static Version current() {
if (current == null) {
- current = parse(AccessController.doPrivileged(
- new PrivilegedAction<>() {
- public String run() {
- return System.getProperty("java.version");
- }
- }));
+ current = parse(GetPropertyAction.getProperty("java.version"));
}
return current;
}
diff --git a/jdk/src/java.base/share/classes/jdk/internal/loader/URLClassPath.java b/jdk/src/java.base/share/classes/jdk/internal/loader/URLClassPath.java
index 15688e1a573..234a86a9271 100644
--- a/jdk/src/java.base/share/classes/jdk/internal/loader/URLClassPath.java
+++ b/jdk/src/java.base/share/classes/jdk/internal/loader/URLClassPath.java
@@ -52,6 +52,7 @@ import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.NoSuchElementException;
+import java.util.Properties;
import java.util.Set;
import java.util.Stack;
import java.util.StringTokenizer;
@@ -69,6 +70,7 @@ import jdk.internal.util.jar.InvalidJarIndexError;
import jdk.internal.util.jar.JarIndex;
import sun.net.util.URLUtil;
import sun.net.www.ParseUtil;
+import sun.security.action.GetPropertyAction;
/**
* This class is used to maintain a search path of URLs for loading classes
@@ -78,20 +80,15 @@ import sun.net.www.ParseUtil;
*/
public class URLClassPath {
private static final String USER_AGENT_JAVA_VERSION = "UA-Java-Version";
- private static final String JAVA_HOME;
private static final String JAVA_VERSION;
private static final boolean DEBUG;
private static final boolean DISABLE_JAR_CHECKING;
static {
- JAVA_HOME = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("java.home"));
- JAVA_VERSION = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("java.version"));
- DEBUG = (java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("sun.misc.URLClassPath.debug")) != null);
- String p = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("sun.misc.URLClassPath.disableJarChecking"));
+ Properties props = GetPropertyAction.getProperties();
+ JAVA_VERSION = props.getProperty("java.version");
+ DEBUG = (props.getProperty("sun.misc.URLClassPath.debug") != null);
+ String p = props.getProperty("sun.misc.URLClassPath.disableJarChecking");
DISABLE_JAR_CHECKING = p != null ? p.equals("true") || p.equals("") : false;
}
diff --git a/jdk/src/java.base/share/classes/jdk/internal/logger/LoggerFinderLoader.java b/jdk/src/java.base/share/classes/jdk/internal/logger/LoggerFinderLoader.java
index 7d315ba7057..58f235d6ccd 100644
--- a/jdk/src/java.base/share/classes/jdk/internal/logger/LoggerFinderLoader.java
+++ b/jdk/src/java.base/share/classes/jdk/internal/logger/LoggerFinderLoader.java
@@ -33,6 +33,7 @@ import java.util.Locale;
import java.util.ServiceConfigurationError;
import java.util.ServiceLoader;
import sun.security.util.SecurityConstants;
+import sun.security.action.GetPropertyAction;
/**
* Helper class used to load the {@link java.lang.System.LoggerFinder}.
@@ -79,9 +80,8 @@ public final class LoggerFinderLoader {
// Get configuration error policy
private static ErrorPolicy configurationErrorPolicy() {
- final PrivilegedAction getConfigurationErrorPolicy =
- () -> System.getProperty("jdk.logger.finder.error");
- String errorPolicy = AccessController.doPrivileged(getConfigurationErrorPolicy);
+ String errorPolicy =
+ GetPropertyAction.getProperty("jdk.logger.finder.error");
if (errorPolicy == null || errorPolicy.isEmpty()) {
return ErrorPolicy.WARNING;
}
@@ -95,9 +95,8 @@ public final class LoggerFinderLoader {
// Whether multiple provider should be considered as an error.
// This is further submitted to the configuration error policy.
private static boolean ensureSingletonProvider() {
- final PrivilegedAction ensureSingletonProvider =
- () -> Boolean.getBoolean("jdk.logger.finder.singleton");
- return AccessController.doPrivileged(ensureSingletonProvider);
+ return Boolean.parseBoolean(
+ GetPropertyAction.getProperty("jdk.logger.finder.singleton"));
}
private static Iterator findLoggerFinderProviders() {
diff --git a/jdk/src/java.base/share/classes/jdk/internal/logger/SimpleConsoleLogger.java b/jdk/src/java.base/share/classes/jdk/internal/logger/SimpleConsoleLogger.java
index de4451fd35c..c90a7b24e38 100644
--- a/jdk/src/java.base/share/classes/jdk/internal/logger/SimpleConsoleLogger.java
+++ b/jdk/src/java.base/share/classes/jdk/internal/logger/SimpleConsoleLogger.java
@@ -55,8 +55,8 @@ public class SimpleConsoleLogger extends LoggerConfiguration
PlatformLogger.toPlatformLevel(DEFAULT_LEVEL);
static Level getDefaultLevel() {
- String levelName = AccessController.doPrivileged(
- new GetPropertyAction("jdk.system.logger.level", "INFO"));
+ String levelName = GetPropertyAction
+ .getProperty("jdk.system.logger.level", "INFO");
try {
return Level.valueOf(levelName);
} catch (IllegalArgumentException iae) {
@@ -425,8 +425,8 @@ public class SimpleConsoleLogger extends LoggerConfiguration
// Make it easier to wrap Logger...
static private final String[] skips;
static {
- String additionalPkgs = AccessController.doPrivileged(
- new GetPropertyAction("jdk.logger.packages"));
+ String additionalPkgs =
+ GetPropertyAction.getProperty("jdk.logger.packages");
skips = additionalPkgs == null ? new String[0] : additionalPkgs.split(",");
}
@@ -485,7 +485,7 @@ public class SimpleConsoleLogger extends LoggerConfiguration
// jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java
// to fail - because that test has a testcase which somehow references
// PlatformLogger and counts the number of generated lambda classes.
- String format = AccessController.doPrivileged(new GetPropertyAction(key));
+ String format = GetPropertyAction.getProperty(key);
if (format == null && defaultPropertyGetter != null) {
format = defaultPropertyGetter.apply(key);
diff --git a/jdk/src/java.base/share/classes/jdk/internal/misc/JavaObjectInputStreamAccess.java b/jdk/src/java.base/share/classes/jdk/internal/misc/JavaObjectInputStreamAccess.java
new file mode 100644
index 00000000000..c344f8adc7c
--- /dev/null
+++ b/jdk/src/java.base/share/classes/jdk/internal/misc/JavaObjectInputStreamAccess.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package jdk.internal.misc;
+
+import java.io.ObjectInputStream;
+
+/**
+ * The interface to specify methods for accessing {@code ObjectInputStream}
+ * @author sjiang
+ */
+public interface JavaObjectInputStreamAccess {
+ /**
+ * Sets a descriptor validating.
+ * @param ois stream to have the descriptors validated
+ * @param validator validator used to validate a descriptor.
+ */
+ public void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator);
+}
diff --git a/jdk/src/java.base/share/classes/jdk/internal/misc/ObjectStreamClassValidator.java b/jdk/src/java.base/share/classes/jdk/internal/misc/ObjectStreamClassValidator.java
new file mode 100644
index 00000000000..2b543a30721
--- /dev/null
+++ b/jdk/src/java.base/share/classes/jdk/internal/misc/ObjectStreamClassValidator.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package jdk.internal.misc;
+
+import java.io.ObjectStreamClass;
+
+/**
+ * A callback used by {@code ObjectInputStream} to do descriptor validation.
+ *
+ * @author sjiang
+ */
+public interface ObjectStreamClassValidator {
+ /**
+ * This method will be called by ObjectInputStream to
+ * check a descriptor just before creating an object described by this descriptor.
+ * The object will not be created if this method throws a {@code RuntimeException}.
+ * @param descriptor descriptor to be checked.
+ */
+ public void validateDescriptor(ObjectStreamClass descriptor);
+}
diff --git a/jdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java b/jdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
index 3246bde5be1..24dc4ce43a7 100644
--- a/jdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
+++ b/jdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,9 +29,9 @@ import java.lang.module.ModuleDescriptor;
import java.util.jar.JarFile;
import java.io.Console;
import java.io.FileDescriptor;
+import java.io.ObjectInputStream;
import java.security.ProtectionDomain;
import java.security.AccessController;
-import jdk.internal.misc.Unsafe;
/** A repository of "shared secrets", which are a mechanism for
calling implementation-private methods in another package without
@@ -63,6 +63,7 @@ public class SharedSecrets {
private static JavaAWTAccess javaAWTAccess;
private static JavaAWTFontAccess javaAWTFontAccess;
private static JavaBeansAccess javaBeansAccess;
+ private static JavaObjectInputStreamAccess javaObjectInputStreamAccess;
public static JavaUtilJarAccess javaUtilJarAccess() {
if (javaUtilJarAccess == null) {
@@ -262,4 +263,15 @@ public class SharedSecrets {
public static void setJavaUtilResourceBundleAccess(JavaUtilResourceBundleAccess access) {
javaUtilResourceBundleAccess = access;
}
+
+ public static JavaObjectInputStreamAccess getJavaObjectInputStreamAccess() {
+ if (javaObjectInputStreamAccess == null) {
+ unsafe.ensureClassInitialized(ObjectInputStream.class);
+ }
+ return javaObjectInputStreamAccess;
+ }
+
+ public static void setJavaObjectInputStreamAccess(JavaObjectInputStreamAccess access) {
+ javaObjectInputStreamAccess = access;
+ }
}
diff --git a/jdk/src/java.base/share/classes/jdk/internal/reflect/Reflection.java b/jdk/src/java.base/share/classes/jdk/internal/reflect/Reflection.java
index 88e6a8349ca..636b0940345 100644
--- a/jdk/src/java.base/share/classes/jdk/internal/reflect/Reflection.java
+++ b/jdk/src/java.base/share/classes/jdk/internal/reflect/Reflection.java
@@ -27,13 +27,12 @@ package jdk.internal.reflect;
import java.lang.reflect.*;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import jdk.internal.HotSpotIntrinsicCandidate;
import jdk.internal.misc.VM;
+import sun.security.action.GetPropertyAction;
/** Common utility routines used by both java.lang and
java.lang.reflect */
@@ -344,15 +343,10 @@ public class Reflection {
private static void printStackTraceIfNeeded(Throwable e) {
if (!printStackWhenAccessFailsSet && VM.initLevel() >= 1) {
- // can't use method reference here, might be too early in startup
- PrivilegedAction pa = new PrivilegedAction() {
- public Boolean run() {
- String s;
- s = System.getProperty("sun.reflect.debugModuleAccessChecks");
- return (s != null && !s.equalsIgnoreCase("false"));
- }
- };
- printStackWhenAccessFails = AccessController.doPrivileged(pa);
+ String s = GetPropertyAction
+ .getProperty("sun.reflect.debugModuleAccessChecks");
+ printStackWhenAccessFails =
+ (s != null && !s.equalsIgnoreCase("false"));
printStackWhenAccessFailsSet = true;
}
if (printStackWhenAccessFails) {
diff --git a/jdk/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java b/jdk/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java
index 898f56c214f..b40c584efcd 100644
--- a/jdk/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java
+++ b/jdk/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java
@@ -30,10 +30,11 @@ import java.lang.reflect.Executable;
import java.lang.reflect.Method;
import java.lang.reflect.Constructor;
import java.lang.reflect.Modifier;
-import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
+import java.util.Properties;
import sun.reflect.misc.ReflectUtil;
+import sun.security.action.GetPropertyAction;
/**
The master factory for all reflective objects, both those in
java.lang.reflect (Fields, Methods, Constructors) as well as their
@@ -382,41 +383,37 @@ public class ReflectionFactory {
run, before the system properties are set up. */
private static void checkInitted() {
if (initted) return;
- AccessController.doPrivileged(
- new PrivilegedAction<>() {
- public Void run() {
- // Tests to ensure the system properties table is fully
- // initialized. This is needed because reflection code is
- // called very early in the initialization process (before
- // command-line arguments have been parsed and therefore
- // these user-settable properties installed.) We assume that
- // if System.out is non-null then the System class has been
- // fully initialized and that the bulk of the startup code
- // has been run.
- if (System.out == null) {
- // java.lang.System not yet fully initialized
- return null;
- }
+ // Tests to ensure the system properties table is fully
+ // initialized. This is needed because reflection code is
+ // called very early in the initialization process (before
+ // command-line arguments have been parsed and therefore
+ // these user-settable properties installed.) We assume that
+ // if System.out is non-null then the System class has been
+ // fully initialized and that the bulk of the startup code
+ // has been run.
- String val = System.getProperty("sun.reflect.noInflation");
- if (val != null && val.equals("true")) {
- noInflation = true;
- }
+ if (System.out == null) {
+ // java.lang.System not yet fully initialized
+ return;
+ }
- val = System.getProperty("sun.reflect.inflationThreshold");
- if (val != null) {
- try {
- inflationThreshold = Integer.parseInt(val);
- } catch (NumberFormatException e) {
- throw new RuntimeException("Unable to parse property sun.reflect.inflationThreshold", e);
- }
- }
+ Properties props = GetPropertyAction.getProperties();
+ String val = props.getProperty("sun.reflect.noInflation");
+ if (val != null && val.equals("true")) {
+ noInflation = true;
+ }
- initted = true;
- return null;
- }
- });
+ val = props.getProperty("sun.reflect.inflationThreshold");
+ if (val != null) {
+ try {
+ inflationThreshold = Integer.parseInt(val);
+ } catch (NumberFormatException e) {
+ throw new RuntimeException("Unable to parse property sun.reflect.inflationThreshold", e);
+ }
+ }
+
+ initted = true;
}
private static LangReflectAccess langReflectAccess() {
diff --git a/jdk/src/java.base/share/classes/module-info.java b/jdk/src/java.base/share/classes/module-info.java
index 8cc37dd7b2d..942c0582ea0 100644
--- a/jdk/src/java.base/share/classes/module-info.java
+++ b/jdk/src/java.base/share/classes/module-info.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -300,9 +300,5 @@ module java.base {
provides java.nio.file.spi.FileSystemProvider with
jdk.internal.jrtfs.JrtFileSystemProvider;
- provides java.security.Provider with sun.security.provider.Sun;
- provides java.security.Provider with sun.security.rsa.SunRsaSign;
- provides java.security.Provider with com.sun.crypto.provider.SunJCE;
- provides java.security.Provider with com.sun.net.ssl.internal.ssl.Provider;
}
diff --git a/jdk/src/java.base/share/classes/sun/invoke/util/VerifyAccess.java b/jdk/src/java.base/share/classes/sun/invoke/util/VerifyAccess.java
index 456909fde1c..37cbede912a 100644
--- a/jdk/src/java.base/share/classes/sun/invoke/util/VerifyAccess.java
+++ b/jdk/src/java.base/share/classes/sun/invoke/util/VerifyAccess.java
@@ -231,22 +231,66 @@ public class VerifyAccess {
* @param refc the class attempting to make the reference
*/
public static boolean isTypeVisible(Class type, Class refc) {
- if (type == refc) return true; // easy check
+ if (type == refc) {
+ return true; // easy check
+ }
while (type.isArray()) type = type.getComponentType();
- if (type.isPrimitive() || type == Object.class) return true;
- ClassLoader parent = type.getClassLoader();
- if (parent == null) return true;
- ClassLoader child = refc.getClassLoader();
- if (child == null) return false;
- if (parent == child || loadersAreRelated(parent, child, true))
+ if (type.isPrimitive() || type == Object.class) {
return true;
- // Do it the hard way: Look up the type name from the refc loader.
- try {
- Class res = child.loadClass(type.getName());
- return (type == res);
- } catch (ClassNotFoundException ex) {
+ }
+ ClassLoader typeLoader = type.getClassLoader();
+ ClassLoader refcLoader = refc.getClassLoader();
+ if (typeLoader == refcLoader) {
+ return true;
+ }
+ if (refcLoader == null && typeLoader != null) {
return false;
}
+ if (typeLoader == null && type.getName().startsWith("java.")) {
+ // Note: The API for actually loading classes, ClassLoader.defineClass,
+ // guarantees that classes with names beginning "java." cannot be aliased,
+ // because class loaders cannot load them directly.
+ return true;
+ }
+
+ // Do it the hard way: Look up the type name from the refc loader.
+ //
+ // Force the refc loader to report and commit to a particular binding for this type name (type.getName()).
+ //
+ // In principle, this query might force the loader to load some unrelated class,
+ // which would cause this query to fail (and the original caller to give up).
+ // This would be wasted effort, but it is expected to be very rare, occurring
+ // only when an attacker is attempting to create a type alias.
+ // In the normal case, one class loader will simply delegate to the other,
+ // and the same type will be visible through both, with no extra loading.
+ //
+ // It is important to go through Class.forName instead of ClassLoader.loadClass
+ // because Class.forName goes through the JVM system dictionary, which records
+ // the class lookup once for all. This means that even if a not-well-behaved class loader
+ // would "change its mind" about the meaning of the name, the Class.forName request
+ // will use the result cached in the JVM system dictionary. Note that the JVM system dictionary
+ // will record the first successful result. Unsuccessful results are not stored.
+ //
+ // We use doPrivileged in order to allow an unprivileged caller to ask an arbitrary
+ // class loader about the binding of the proposed name (type.getName()).
+ // The looked up type ("res") is compared for equality against the proposed
+ // type ("type") and then is discarded. Thus, the worst that can happen to
+ // the "child" class loader is that it is bothered to load and report a class
+ // that differs from "type"; this happens once due to JVM system dictionary
+ // memoization. And the caller never gets to look at the alternate type binding
+ // ("res"), whether it exists or not.
+ final String name = type.getName();
+ Class res = java.security.AccessController.doPrivileged(
+ new java.security.PrivilegedAction<>() {
+ public Class run() {
+ try {
+ return Class.forName(name, false, refcLoader);
+ } catch (ClassNotFoundException | LinkageError e) {
+ return null; // Assume the class is not found
+ }
+ }
+ });
+ return (type == res);
}
/**
diff --git a/jdk/src/java.base/share/classes/sun/net/ResourceManager.java b/jdk/src/java.base/share/classes/sun/net/ResourceManager.java
index 068b8484728..9c68d7c6bed 100644
--- a/jdk/src/java.base/share/classes/sun/net/ResourceManager.java
+++ b/jdk/src/java.base/share/classes/sun/net/ResourceManager.java
@@ -53,9 +53,8 @@ public class ResourceManager {
private static final AtomicInteger numSockets;
static {
- String prop = java.security.AccessController.doPrivileged(
- new GetPropertyAction("sun.net.maxDatagramSockets")
- );
+ String prop =
+ GetPropertyAction.getProperty("sun.net.maxDatagramSockets");
int defmax = DEFAULT_MAX_SOCKETS;
try {
if (prop != null) {
diff --git a/jdk/src/java.base/share/classes/sun/net/sdp/SdpSupport.java b/jdk/src/java.base/share/classes/sun/net/sdp/SdpSupport.java
index d24a7fed491..797bc7fed50 100644
--- a/jdk/src/java.base/share/classes/sun/net/sdp/SdpSupport.java
+++ b/jdk/src/java.base/share/classes/sun/net/sdp/SdpSupport.java
@@ -31,6 +31,7 @@ import java.security.AccessController;
import jdk.internal.misc.SharedSecrets;
import jdk.internal.misc.JavaIOFileDescriptorAccess;
+import sun.security.action.GetPropertyAction;
/**
@@ -39,8 +40,7 @@ import jdk.internal.misc.JavaIOFileDescriptorAccess;
*/
public final class SdpSupport {
- private static final String os = AccessController
- .doPrivileged(new sun.security.action.GetPropertyAction("os.name"));
+ private static final String os = GetPropertyAction.getProperty("os.name");
private static final boolean isSupported = (os.equals("SunOS") || (os.equals("Linux")));
private static final JavaIOFileDescriptorAccess fdAccess =
SharedSecrets.getJavaIOFileDescriptorAccess();
diff --git a/jdk/src/java.base/share/classes/sun/net/smtp/SmtpClient.java b/jdk/src/java.base/share/classes/sun/net/smtp/SmtpClient.java
index fda15ea9234..ac3f7b8a43f 100644
--- a/jdk/src/java.base/share/classes/sun/net/smtp/SmtpClient.java
+++ b/jdk/src/java.base/share/classes/sun/net/smtp/SmtpClient.java
@@ -25,10 +25,10 @@
package sun.net.smtp;
-import java.util.StringTokenizer;
import java.io.*;
import java.net.*;
import sun.net.TransferProtocolClient;
+import sun.security.action.GetPropertyAction;
/**
* This class implements the SMTP client.
@@ -157,8 +157,7 @@ public class SmtpClient extends TransferProtocolClient {
}
try {
String s;
- mailhost = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("mail.host"));
+ mailhost = GetPropertyAction.getProperty("mail.host");
if (mailhost != null) {
openServer(mailhost);
return;
@@ -184,8 +183,7 @@ public class SmtpClient extends TransferProtocolClient {
setConnectTimeout(to);
try {
String s;
- mailhost = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("mail.host"));
+ mailhost = GetPropertyAction.getProperty("mail.host");
if (mailhost != null) {
openServer(mailhost);
return;
diff --git a/jdk/src/java.base/share/classes/sun/net/www/MimeLauncher.java b/jdk/src/java.base/share/classes/sun/net/www/MimeLauncher.java
index d95ca3774ba..ba26f96e52e 100644
--- a/jdk/src/java.base/share/classes/sun/net/www/MimeLauncher.java
+++ b/jdk/src/java.base/share/classes/sun/net/www/MimeLauncher.java
@@ -27,6 +27,7 @@ package sun.net.www;
import java.net.URL;
import java.io.*;
import java.util.StringTokenizer;
+import sun.security.action.GetPropertyAction;
class MimeLauncher extends Thread {
java.net.URLConnection uc;
@@ -182,8 +183,7 @@ class MimeLauncher extends Thread {
}
String execPathList;
- execPathList = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("exec.path"));
+ execPathList = GetPropertyAction.getProperty("exec.path");
if (execPathList == null) {
// exec.path property not set
return false;
diff --git a/jdk/src/java.base/share/classes/sun/net/www/http/HttpClient.java b/jdk/src/java.base/share/classes/sun/net/www/http/HttpClient.java
index 02c9f98b7a6..392d9ea52dc 100644
--- a/jdk/src/java.base/share/classes/sun/net/www/http/HttpClient.java
+++ b/jdk/src/java.base/share/classes/sun/net/www/http/HttpClient.java
@@ -28,6 +28,7 @@ package sun.net.www.http;
import java.io.*;
import java.net.*;
import java.util.Locale;
+import java.util.Properties;
import sun.net.NetworkClient;
import sun.net.ProgressSource;
import sun.net.www.MessageHeader;
@@ -37,6 +38,7 @@ import sun.net.www.ParseUtil;
import sun.net.www.protocol.http.HttpURLConnection;
import sun.util.logging.PlatformLogger;
import static sun.net.www.protocol.http.HttpURLConnection.TunnelState.*;
+import sun.security.action.GetPropertyAction;
/**
* @author Herb Jellinek
@@ -143,20 +145,18 @@ public class HttpClient extends NetworkClient {
}
static {
- String keepAlive = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("http.keepAlive"));
-
- String retryPost = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("sun.net.http.retryPost"));
+ Properties props = GetPropertyAction.getProperties();
+ String keepAlive = props.getProperty("http.keepAlive");
+ String retryPost = props.getProperty("sun.net.http.retryPost");
if (keepAlive != null) {
- keepAliveProp = Boolean.valueOf(keepAlive).booleanValue();
+ keepAliveProp = Boolean.parseBoolean(keepAlive);
} else {
keepAliveProp = true;
}
if (retryPost != null) {
- retryPostProp = Boolean.valueOf(retryPost).booleanValue();
+ retryPostProp = Boolean.parseBoolean(retryPost);
} else
retryPostProp = true;
diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/ftp/FtpURLConnection.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/ftp/FtpURLConnection.java
index 38d64d23009..b397ba1243f 100644
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/ftp/FtpURLConnection.java
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/ftp/FtpURLConnection.java
@@ -46,6 +46,7 @@ import java.net.ProxySelector;
import java.util.StringTokenizer;
import java.util.Iterator;
import java.security.Permission;
+import java.util.Properties;
import sun.net.NetworkClient;
import sun.net.www.MessageHeader;
import sun.net.www.MeteredStream;
@@ -277,11 +278,10 @@ public class FtpURLConnection extends URLConnection {
if (user == null) {
user = "anonymous";
- String vers = java.security.AccessController.doPrivileged(
- new GetPropertyAction("java.version"));
- password = java.security.AccessController.doPrivileged(
- new GetPropertyAction("ftp.protocol.user",
- "Java" + vers + "@"));
+ Properties props = GetPropertyAction.getProperties();
+ String vers = props.getProperty("java.version");
+ password = props.getProperty("ftp.protocol.user",
+ "Java" + vers + "@");
}
try {
ftp = FtpClient.create();
diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java
index 42f692c3738..b6168d0c2c5 100644
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java
@@ -25,9 +25,10 @@
package sun.net.www.protocol.http;
-import sun.net.www.*;
import java.util.Iterator;
import java.util.HashMap;
+import sun.net.www.*;
+import sun.security.action.GetPropertyAction;
/**
* This class is used to parse the information in WWW-Authenticate: and Proxy-Authenticate:
@@ -93,8 +94,7 @@ public class AuthenticationHeader {
}
static {
- authPref = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("http.auth.preference"));
+ authPref = GetPropertyAction.getProperty("http.auth.preference");
// http.auth.preference can be set to SPNEGO or Kerberos.
// In fact they means "Negotiate with SPNEGO" and "Negotiate with
diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
index 5754c047219..ebabc26182e 100644
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
@@ -52,7 +52,6 @@ import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.security.PrivilegedActionException;
import java.io.*;
-import java.net.*;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
@@ -78,12 +77,15 @@ import java.text.SimpleDateFormat;
import java.util.TimeZone;
import java.net.MalformedURLException;
import java.nio.ByteBuffer;
+import java.util.Properties;
import static sun.net.www.protocol.http.AuthScheme.BASIC;
import static sun.net.www.protocol.http.AuthScheme.DIGEST;
import static sun.net.www.protocol.http.AuthScheme.NTLM;
import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE;
import static sun.net.www.protocol.http.AuthScheme.KERBEROS;
import static sun.net.www.protocol.http.AuthScheme.UNKNOWN;
+import sun.security.action.GetIntegerAction;
+import sun.security.action.GetPropertyAction;
/**
* A class to represent an HTTP connection to a remote object.
@@ -205,46 +207,38 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
};
static {
- maxRedirects = java.security.AccessController.doPrivileged(
- new sun.security.action.GetIntegerAction(
- "http.maxRedirects", defaultmaxRedirects)).intValue();
- version = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("java.version"));
- String agent = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("http.agent"));
+ Properties props = GetPropertyAction.getProperties();
+ maxRedirects = GetIntegerAction.getProperty("http.maxRedirects",
+ defaultmaxRedirects);
+ version = props.getProperty("java.version");
+ String agent = props.getProperty("http.agent");
if (agent == null) {
agent = "Java/"+version;
} else {
agent = agent + " Java/"+version;
}
userAgent = agent;
- validateProxy = java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction(
- "http.auth.digest.validateProxy")).booleanValue();
- validateServer = java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction(
- "http.auth.digest.validateServer")).booleanValue();
+ validateProxy = Boolean.parseBoolean(
+ props.getProperty("http.auth.digest.validateProxy"));
+ validateServer = Boolean.parseBoolean(
+ props.getProperty("http.auth.digest.validateServer"));
- enableESBuffer = java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction(
- "sun.net.http.errorstream.enableBuffering")).booleanValue();
- timeout4ESBuffer = java.security.AccessController.doPrivileged(
- new sun.security.action.GetIntegerAction(
- "sun.net.http.errorstream.timeout", 300)).intValue();
+ enableESBuffer = Boolean.parseBoolean(
+ props.getProperty("sun.net.http.errorstream.enableBuffering"));
+ timeout4ESBuffer = GetIntegerAction
+ .getProperty("sun.net.http.errorstream.timeout", 300);
if (timeout4ESBuffer <= 0) {
timeout4ESBuffer = 300; // use the default
}
- bufSize4ES = java.security.AccessController.doPrivileged(
- new sun.security.action.GetIntegerAction(
- "sun.net.http.errorstream.bufferSize", 4096)).intValue();
+ bufSize4ES = GetIntegerAction
+ .getProperty("sun.net.http.errorstream.bufferSize", 4096);
if (bufSize4ES <= 0) {
bufSize4ES = 4096; // use the default
}
- allowRestrictedHeaders = java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction(
- "sun.net.http.allowRestrictedHeaders")).booleanValue();
+ allowRestrictedHeaders = Boolean.parseBoolean(
+ props.getProperty("sun.net.http.allowRestrictedHeaders"));
if (!allowRestrictedHeaders) {
restrictedHeaderSet = new HashSet<>(restrictedHeaders.length);
for (int i=0; i < restrictedHeaders.length; i++) {
diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java
index 3aecc419cb2..437c3969148 100644
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java
@@ -41,7 +41,6 @@ import java.security.Principal;
import java.security.cert.*;
import java.util.StringTokenizer;
import java.util.Vector;
-import java.security.AccessController;
import javax.security.auth.x500.X500Principal;
@@ -139,8 +138,8 @@ final class HttpsClient extends HttpClient
// If ciphers are assigned, sort them into an array.
//
String ciphers [];
- String cipherString = AccessController.doPrivileged(
- new GetPropertyAction("https.cipherSuites"));
+ String cipherString =
+ GetPropertyAction.getProperty("https.cipherSuites");
if (cipherString == null || "".equals(cipherString)) {
ciphers = null;
@@ -163,8 +162,8 @@ final class HttpsClient extends HttpClient
// If protocols are assigned, sort them into an array.
//
String protocols [];
- String protocolString = AccessController.doPrivileged(
- new GetPropertyAction("https.protocols"));
+ String protocolString =
+ GetPropertyAction.getProperty("https.protocols");
if (protocolString == null || "".equals(protocolString)) {
protocols = null;
@@ -184,8 +183,7 @@ final class HttpsClient extends HttpClient
}
private String getUserAgent() {
- String userAgent = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("https.agent"));
+ String userAgent = GetPropertyAction.getProperty("https.agent");
if (userAgent == null || userAgent.length() == 0) {
userAgent = "JSSE";
}
diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/jrt/JavaRuntimeURLConnection.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/jrt/JavaRuntimeURLConnection.java
index cde9d438714..f58ce457f7a 100644
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/jrt/JavaRuntimeURLConnection.java
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/jrt/JavaRuntimeURLConnection.java
@@ -32,10 +32,7 @@ import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
-import java.security.AccessController;
import java.security.Permission;
-import java.security.PrivilegedAction;
-import java.util.List;
import jdk.internal.jimage.ImageLocation;
import jdk.internal.jimage.ImageReader;
@@ -45,6 +42,7 @@ import jdk.internal.loader.URLClassPath;
import jdk.internal.loader.Resource;
import sun.net.www.ParseUtil;
import sun.net.www.URLConnection;
+import sun.security.action.GetPropertyAction;
/**
* URLConnection implementation that can be used to connect to resources
@@ -163,11 +161,7 @@ public class JavaRuntimeURLConnection extends URLConnection {
public Permission getPermission() throws IOException {
Permission p = permission;
if (p == null) {
- // using lambda expression here leads to recursive initialization
- PrivilegedAction pa = new PrivilegedAction() {
- public String run() { return System.getProperty("java.home"); }
- };
- String home = AccessController.doPrivileged(pa);
+ String home = GetPropertyAction.getProperty("java.home");
p = new FilePermission(home + File.separator + "-", "read");
permission = p;
}
diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/netdoc/Handler.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/netdoc/Handler.java
index fbcddcb826b..81139707655 100644
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/netdoc/Handler.java
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/netdoc/Handler.java
@@ -40,6 +40,7 @@ import java.net.MalformedURLException;
import java.net.URLStreamHandler;
import java.io.InputStream;
import java.io.IOException;
+import sun.security.action.GetPropertyAction;
public class Handler extends URLStreamHandler {
static URL base;
@@ -54,12 +55,10 @@ public class Handler extends URLStreamHandler {
URLConnection uc = null;
URL ru;
- Boolean tmp = java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction("newdoc.localonly"));
- boolean localonly = tmp.booleanValue();
+ boolean localonly = Boolean.parseBoolean(
+ GetPropertyAction.getProperty("newdoc.localonly"));
- String docurl = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("doc.url"));
+ String docurl = GetPropertyAction.getProperty("doc.url");
String file = u.getFile();
if (!localonly) {
diff --git a/jdk/src/java.base/share/classes/sun/nio/ch/FileChannelImpl.java b/jdk/src/java.base/share/classes/sun/nio/ch/FileChannelImpl.java
index 671fe79efcc..8a287bc2839 100644
--- a/jdk/src/java.base/share/classes/sun/nio/ch/FileChannelImpl.java
+++ b/jdk/src/java.base/share/classes/sun/nio/ch/FileChannelImpl.java
@@ -1019,9 +1019,8 @@ public class FileChannelImpl
if (!propertyChecked) {
synchronized (FileChannelImpl.class) {
if (!propertyChecked) {
- String value = AccessController.doPrivileged(
- new GetPropertyAction(
- "sun.nio.ch.disableSystemWideOverlappingFileLockCheck"));
+ String value = GetPropertyAction.getProperty(
+ "sun.nio.ch.disableSystemWideOverlappingFileLockCheck");
isSharedFileLockTable = ((value == null) || value.equals("false"));
propertyChecked = true;
}
diff --git a/jdk/src/java.base/share/classes/sun/nio/ch/Net.java b/jdk/src/java.base/share/classes/sun/nio/ch/Net.java
index 062ce35468e..9a5c4dcb6f8 100644
--- a/jdk/src/java.base/share/classes/sun/nio/ch/Net.java
+++ b/jdk/src/java.base/share/classes/sun/nio/ch/Net.java
@@ -33,6 +33,7 @@ import java.util.*;
import java.security.AccessController;
import java.security.PrivilegedAction;
import sun.net.ExtendedOptionsImpl;
+import sun.security.action.GetPropertyAction;
public class Net {
@@ -382,13 +383,8 @@ public class Net {
}
public static boolean isFastTcpLoopbackRequested() {
- String loopbackProp = java.security.AccessController.doPrivileged(
- new PrivilegedAction() {
- @Override
- public String run() {
- return System.getProperty("jdk.net.useFastTcpLoopback");
- }
- });
+ String loopbackProp =
+ GetPropertyAction.getProperty("jdk.net.useFastTcpLoopback");
boolean enable;
if ("".equals(loopbackProp)) {
enable = true;
@@ -647,16 +643,9 @@ public class Net {
int availLevel = isExclusiveBindAvailable();
if (availLevel >= 0) {
String exclBindProp =
- java.security.AccessController.doPrivileged(
- new PrivilegedAction() {
- @Override
- public String run() {
- return System.getProperty(
- "sun.net.useExclusiveBind");
- }
- });
+ GetPropertyAction.getProperty("sun.net.useExclusiveBind");
if (exclBindProp != null) {
- exclusiveBind = exclBindProp.length() == 0 ?
+ exclusiveBind = exclBindProp.isEmpty() ?
true : Boolean.parseBoolean(exclBindProp);
} else if (availLevel == 1) {
exclusiveBind = true;
diff --git a/jdk/src/java.base/share/classes/sun/nio/ch/Util.java b/jdk/src/java.base/share/classes/sun/nio/ch/Util.java
index af89eca4544..e71e628ede1 100644
--- a/jdk/src/java.base/share/classes/sun/nio/ch/Util.java
+++ b/jdk/src/java.base/share/classes/sun/nio/ch/Util.java
@@ -64,13 +64,7 @@ public class Util {
* for potential future-proofing.
*/
private static long getMaxCachedBufferSize() {
- String s = java.security.AccessController.doPrivileged(
- new PrivilegedAction() {
- @Override
- public String run() {
- return System.getProperty("jdk.nio.maxCachedBufferSize");
- }
- });
+ String s = GetPropertyAction.getProperty("jdk.nio.maxCachedBufferSize");
if (s != null) {
try {
long m = Long.parseLong(s);
@@ -471,8 +465,7 @@ public class Util {
if (bugLevel == null) {
if (!jdk.internal.misc.VM.isBooted())
return false;
- String value = AccessController.doPrivileged(
- new GetPropertyAction("sun.nio.ch.bugLevel"));
+ String value = GetPropertyAction.getProperty("sun.nio.ch.bugLevel");
bugLevel = (value != null) ? value : "";
}
return bugLevel.equals(bl);
diff --git a/jdk/src/java.base/share/classes/sun/nio/cs/StandardCharsets.java.template b/jdk/src/java.base/share/classes/sun/nio/cs/StandardCharsets.java.template
index dd4d3994240..2ad055e50ec 100644
--- a/jdk/src/java.base/share/classes/sun/nio/cs/StandardCharsets.java.template
+++ b/jdk/src/java.base/share/classes/sun/nio/cs/StandardCharsets.java.template
@@ -34,8 +34,7 @@ import java.nio.charset.spi.CharsetProvider;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
+import sun.security.action.GetPropertyAction;
public class StandardCharsets extends CharsetProvider {
@@ -201,15 +200,7 @@ public class StandardCharsets extends CharsetProvider {
}
private static String getProperty(String key) {
- // this method may be called during initialization of
- // system class loader and thus not using lambda
- return AccessController.doPrivileged(
- new PrivilegedAction() {
- @Override
- public String run() {
- return System.getProperty(key);
- }
- });
+ return GetPropertyAction.getProperty(key);
}
diff --git a/jdk/src/java.base/share/classes/sun/nio/fs/Util.java b/jdk/src/java.base/share/classes/sun/nio/fs/Util.java
index 2d5c8cb6443..45d90b99222 100644
--- a/jdk/src/java.base/share/classes/sun/nio/fs/Util.java
+++ b/jdk/src/java.base/share/classes/sun/nio/fs/Util.java
@@ -28,8 +28,7 @@ package sun.nio.fs;
import java.util.*;
import java.nio.file.*;
import java.nio.charset.Charset;
-import java.security.*;
-import sun.security.action.*;
+import sun.security.action.GetPropertyAction;
/**
* Utility methods
@@ -39,7 +38,7 @@ class Util {
private Util() { }
private static final Charset jnuEncoding = Charset.forName(
- AccessController.doPrivileged(new GetPropertyAction("sun.jnu.encoding")));
+ GetPropertyAction.getProperty("sun.jnu.encoding"));
/**
* Returns {@code Charset} corresponding to the sun.jnu.encoding property
diff --git a/jdk/src/java.base/share/classes/sun/security/action/GetIntegerAction.java b/jdk/src/java.base/share/classes/sun/security/action/GetIntegerAction.java
index ff2b2019b48..c454b431861 100644
--- a/jdk/src/java.base/share/classes/sun/security/action/GetIntegerAction.java
+++ b/jdk/src/java.base/share/classes/sun/security/action/GetIntegerAction.java
@@ -25,6 +25,8 @@
package sun.security.action;
+import java.security.AccessController;
+
/**
* A convenience class for retrieving the integer value of a system property
* as a privileged action.
@@ -67,7 +69,7 @@ public class GetIntegerAction
implements java.security.PrivilegedAction {
private String theProp;
private int defaultVal;
- private boolean defaultSet = false;
+ private boolean defaultSet;
/**
* Constructor that takes the name of the system property whose integer
@@ -110,4 +112,39 @@ public class GetIntegerAction
return defaultVal;
return value;
}
+
+ /**
+ * Convenience method to get a property without going through doPrivileged
+ * if no security manager is present. This is unsafe for inclusion in a
+ * public API but allowable here since this class is now encapsulated.
+ *
+ * @param theProp the name of the system property.
+ */
+ public static Integer getProperty(String theProp) {
+ if (System.getSecurityManager() == null) {
+ return Integer.getInteger(theProp);
+ } else {
+ return AccessController.doPrivileged(
+ new GetIntegerAction(theProp));
+ }
+ }
+
+ /**
+ * Convenience method to get a property without going through doPrivileged
+ * if no security manager is present. This is unsafe for inclusion in a
+ * public API but allowable here since this class is now encapsulated.
+ *
+ * @param theProp the name of the system property.
+ * @param defaultVal the default value.
+ */
+ public static Integer getProperty(String theProp, int defaultVal) {
+ Integer value;
+ if (System.getSecurityManager() == null) {
+ value = Integer.getInteger(theProp);
+ } else {
+ value = AccessController.doPrivileged(
+ new GetIntegerAction(theProp));
+ }
+ return (value != null) ? value : defaultVal;
+ }
}
diff --git a/jdk/src/java.base/share/classes/sun/security/action/GetPropertyAction.java b/jdk/src/java.base/share/classes/sun/security/action/GetPropertyAction.java
index 95a113c3bef..bba172b06bc 100644
--- a/jdk/src/java.base/share/classes/sun/security/action/GetPropertyAction.java
+++ b/jdk/src/java.base/share/classes/sun/security/action/GetPropertyAction.java
@@ -25,6 +25,10 @@
package sun.security.action;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.Properties;
+
/**
* A convenience class for retrieving the string value of a system
* property as a privileged action.
@@ -46,8 +50,7 @@ package sun.security.action;
* @since 1.2
*/
-public class GetPropertyAction
- implements java.security.PrivilegedAction {
+public class GetPropertyAction implements PrivilegedAction {
private String theProp;
private String defaultVal;
@@ -84,4 +87,57 @@ public class GetPropertyAction
String value = System.getProperty(theProp);
return (value == null) ? defaultVal : value;
}
+
+ /**
+ * Convenience method to get a property without going through doPrivileged
+ * if no security manager is present. This is unsafe for inclusion in a
+ * public API but allowable here since this class is now encapsulated.
+ *
+ * @param theProp the name of the system property.
+ */
+ public static String getProperty(String theProp) {
+ if (System.getSecurityManager() == null) {
+ return System.getProperty(theProp);
+ } else {
+ return AccessController.doPrivileged(
+ new GetPropertyAction(theProp));
+ }
+ }
+
+ /**
+ * Convenience method to get a property without going through doPrivileged
+ * if no security manager is present. This is unsafe for inclusion in a
+ * public API but allowable here since this class is now encapsulated.
+ *
+ * @param theProp the name of the system property.
+ * @param defaultVal the default value.
+ */
+ public static String getProperty(String theProp, String defaultVal) {
+ if (System.getSecurityManager() == null) {
+ return System.getProperty(theProp, defaultVal);
+ } else {
+ return AccessController.doPrivileged(
+ new GetPropertyAction(theProp, defaultVal));
+ }
+ }
+
+ /**
+ * Convenience method to call System.getProperties without
+ * having to go through doPrivileged if no security manager is present.
+ * This is unsafe for inclusion in a public API but allowable here since
+ * this class is now encapsulated.
+ */
+ public static Properties getProperties() {
+ if (System.getSecurityManager() == null) {
+ return System.getProperties();
+ } else {
+ return AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Properties run() {
+ return System.getProperties();
+ }
+ }
+ );
+ }
+ }
}
diff --git a/jdk/src/java.base/share/classes/sun/security/jca/ProviderConfig.java b/jdk/src/java.base/share/classes/sun/security/jca/ProviderConfig.java
index 4ab324914bd..bf65180af6f 100644
--- a/jdk/src/java.base/share/classes/sun/security/jca/ProviderConfig.java
+++ b/jdk/src/java.base/share/classes/sun/security/jca/ProviderConfig.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -236,9 +236,8 @@ final class ProviderConfig {
if (debug != null) {
debug.println("Loading provider " + ProviderConfig.this);
}
- ProviderLoader pl = new ProviderLoader();
try {
- Provider p = pl.load(provName);
+ Provider p = ProviderLoader.INSTANCE.load(provName);
if (p != null) {
if (hasArgument()) {
p = p.configure(argument);
@@ -303,9 +302,11 @@ final class ProviderConfig {
// Inner class for loading security providers listed in java.security file
private static final class ProviderLoader {
+ static final ProviderLoader INSTANCE = new ProviderLoader();
+
private final ServiceLoader services;
- ProviderLoader() {
+ private ProviderLoader() {
// VM should already been booted at this point, if not
// - Only providers in java.base should be loaded, don't use
// ServiceLoader
diff --git a/jdk/src/java.base/share/classes/sun/security/provider/DSA.java b/jdk/src/java.base/share/classes/sun/security/provider/DSA.java
index 6f8c27a38c0..a25949742bb 100644
--- a/jdk/src/java.base/share/classes/sun/security/provider/DSA.java
+++ b/jdk/src/java.base/share/classes/sun/security/provider/DSA.java
@@ -106,6 +106,18 @@ abstract class DSA extends SignatureSpi {
this.p1363Format = p1363Format;
}
+ private static void checkKey(DSAParams params, int digestLen, String mdAlgo)
+ throws InvalidKeyException {
+ // FIPS186-3 states in sec4.2 that a hash function which provides
+ // a lower security strength than the (L, N) pair ordinarily should
+ // not be used.
+ int valueN = params.getQ().bitLength();
+ if (valueN > digestLen) {
+ throw new InvalidKeyException("The security strength of " +
+ mdAlgo + " digest algorithm is not sufficient for this key size");
+ }
+ }
+
/**
* Initialize the DSA object with a DSA private key.
*
@@ -130,6 +142,12 @@ abstract class DSA extends SignatureSpi {
throw new InvalidKeyException("DSA private key lacks parameters");
}
+ // check key size against hash output size for signing
+ // skip this check for verification to minimize impact on existing apps
+ if (md.getAlgorithm() != "NullDigest20") {
+ checkKey(params, md.getDigestLength()*8, md.getAlgorithm());
+ }
+
this.params = params;
this.presetX = priv.getX();
this.presetY = null;
@@ -160,7 +178,6 @@ abstract class DSA extends SignatureSpi {
if (params == null) {
throw new InvalidKeyException("DSA public key lacks parameters");
}
-
this.params = params;
this.presetY = pub.getY();
this.presetX = null;
@@ -406,20 +423,13 @@ abstract class DSA extends SignatureSpi {
return t5.mod(q);
}
- // NOTE: This following impl is defined in FIPS 186-3 AppendixB.2.2.
- // Original DSS algos such as SHA1withDSA and RawDSA uses a different
- // algorithm defined in FIPS 186-1 Sec3.2, and thus need to override this.
+ // NOTE: This following impl is defined in FIPS 186-4 AppendixB.2.1.
protected BigInteger generateK(BigInteger q) {
SecureRandom random = getSigningRandom();
- byte[] kValue = new byte[q.bitLength()/8];
+ byte[] kValue = new byte[(q.bitLength() + 7)/8 + 8];
- while (true) {
- random.nextBytes(kValue);
- BigInteger k = new BigInteger(1, kValue).mod(q);
- if (k.signum() > 0 && k.compareTo(q) < 0) {
- return k;
- }
- }
+ random.nextBytes(kValue);
+ return new BigInteger(1, kValue).mod(q.subtract(BigInteger.ONE)).add(BigInteger.ONE);
}
// Use the application-specified SecureRandom Object if provided.
@@ -504,222 +514,10 @@ abstract class DSA extends SignatureSpi {
}
}
- static class LegacyDSA extends DSA {
- /* The random seed used to generate k */
- private int[] kSeed;
- /* The random seed used to generate k (specified by application) */
- private byte[] kSeedAsByteArray;
- /*
- * The random seed used to generate k
- * (prevent the same Kseed from being used twice in a row
- */
- private int[] kSeedLast;
-
- public LegacyDSA(MessageDigest md) throws NoSuchAlgorithmException {
- this(md, false);
- }
-
- private LegacyDSA(MessageDigest md, boolean p1363Format)
- throws NoSuchAlgorithmException {
- super(md, p1363Format);
- }
-
- @Deprecated
- protected void engineSetParameter(String key, Object param) {
- if (key.equals("KSEED")) {
- if (param instanceof byte[]) {
- kSeed = byteArray2IntArray((byte[])param);
- kSeedAsByteArray = (byte[])param;
- } else {
- debug("unrecognized param: " + key);
- throw new InvalidParameterException("kSeed not a byte array");
- }
- } else {
- throw new InvalidParameterException("Unsupported parameter");
- }
- }
-
- @Deprecated
- protected Object engineGetParameter(String key) {
- if (key.equals("KSEED")) {
- return kSeedAsByteArray;
- } else {
- return null;
- }
- }
-
- /*
- * Please read bug report 4044247 for an alternative, faster,
- * NON-FIPS approved method to generate K
- */
- @Override
- protected BigInteger generateK(BigInteger q) {
- BigInteger k = null;
-
- // The application specified a kSeed for us to use.
- // Note: we dis-allow usage of the same Kseed twice in a row
- if (kSeed != null && !Arrays.equals(kSeed, kSeedLast)) {
- k = generateKUsingKSeed(kSeed, q);
- if (k.signum() > 0 && k.compareTo(q) < 0) {
- kSeedLast = kSeed.clone();
- return k;
- }
- }
-
- // The application did not specify a Kseed for us to use.
- // We'll generate a new Kseed by getting random bytes from
- // a SecureRandom object.
- SecureRandom random = getSigningRandom();
-
- while (true) {
- int[] seed = new int[5];
-
- for (int i = 0; i < 5; i++) seed[i] = random.nextInt();
-
- k = generateKUsingKSeed(seed, q);
- if (k.signum() > 0 && k.compareTo(q) < 0) {
- kSeedLast = seed;
- return k;
- }
- }
- }
-
- /**
- * Compute k for the DSA signature as defined in the original DSS,
- * i.e. FIPS186.
- *
- * @param seed the seed for generating k. This seed should be
- * secure. This is what is referred to as the KSEED in the DSA
- * specification.
- *
- * @param g the g parameter from the DSA key pair.
- */
- private BigInteger generateKUsingKSeed(int[] seed, BigInteger q) {
-
- // check out t in the spec.
- int[] t = { 0xEFCDAB89, 0x98BADCFE, 0x10325476,
- 0xC3D2E1F0, 0x67452301 };
- //
- int[] tmp = SHA_7(seed, t);
- byte[] tmpBytes = new byte[tmp.length * 4];
- for (int i = 0; i < tmp.length; i++) {
- int k = tmp[i];
- for (int j = 0; j < 4; j++) {
- tmpBytes[(i * 4) + j] = (byte) (k >>> (24 - (j * 8)));
- }
- }
- BigInteger k = new BigInteger(1, tmpBytes).mod(q);
- return k;
- }
-
- // Constants for each round
- private static final int round1_kt = 0x5a827999;
- private static final int round2_kt = 0x6ed9eba1;
- private static final int round3_kt = 0x8f1bbcdc;
- private static final int round4_kt = 0xca62c1d6;
-
- /**
- * Computes set 1 thru 7 of SHA-1 on m1. */
- static int[] SHA_7(int[] m1, int[] h) {
-
- int[] W = new int[80];
- System.arraycopy(m1,0,W,0,m1.length);
- int temp = 0;
-
- for (int t = 16; t <= 79; t++){
- temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
- W[t] = ((temp << 1) | (temp >>>(32 - 1)));
- }
-
- int a = h[0],b = h[1],c = h[2], d = h[3], e = h[4];
- for (int i = 0; i < 20; i++) {
- temp = ((a<<5) | (a>>>(32-5))) +
- ((b&c)|((~b)&d))+ e + W[i] + round1_kt;
- e = d;
- d = c;
- c = ((b<<30) | (b>>>(32-30)));
- b = a;
- a = temp;
- }
-
- // Round 2
- for (int i = 20; i < 40; i++) {
- temp = ((a<<5) | (a>>>(32-5))) +
- (b ^ c ^ d) + e + W[i] + round2_kt;
- e = d;
- d = c;
- c = ((b<<30) | (b>>>(32-30)));
- b = a;
- a = temp;
- }
-
- // Round 3
- for (int i = 40; i < 60; i++) {
- temp = ((a<<5) | (a>>>(32-5))) +
- ((b&c)|(b&d)|(c&d)) + e + W[i] + round3_kt;
- e = d;
- d = c;
- c = ((b<<30) | (b>>>(32-30)));
- b = a;
- a = temp;
- }
-
- // Round 4
- for (int i = 60; i < 80; i++) {
- temp = ((a<<5) | (a>>>(32-5))) +
- (b ^ c ^ d) + e + W[i] + round4_kt;
- e = d;
- d = c;
- c = ((b<<30) | (b>>>(32-30)));
- b = a;
- a = temp;
- }
- int[] md = new int[5];
- md[0] = h[0] + a;
- md[1] = h[1] + b;
- md[2] = h[2] + c;
- md[3] = h[3] + d;
- md[4] = h[4] + e;
- return md;
- }
-
- /*
- * Utility routine for converting a byte array into an int array
- */
- private int[] byteArray2IntArray(byte[] byteArray) {
-
- int j = 0;
- byte[] newBA;
- int mod = byteArray.length % 4;
-
- // guarantee that the incoming byteArray is a multiple of 4
- // (pad with 0's)
- switch (mod) {
- case 3: newBA = new byte[byteArray.length + 1]; break;
- case 2: newBA = new byte[byteArray.length + 2]; break;
- case 1: newBA = new byte[byteArray.length + 3]; break;
- default: newBA = new byte[byteArray.length + 0]; break;
- }
- System.arraycopy(byteArray, 0, newBA, 0, byteArray.length);
-
- // copy each set of 4 bytes in the byte array into an integer
- int[] newSeed = new int[newBA.length / 4];
- for (int i = 0; i < newBA.length; i += 4) {
- newSeed[j] = newBA[i + 3] & 0xFF;
- newSeed[j] |= (newBA[i + 2] << 8) & 0xFF00;
- newSeed[j] |= (newBA[i + 1] << 16) & 0xFF0000;
- newSeed[j] |= (newBA[i + 0] << 24) & 0xFF000000;
- j++;
- }
-
- return newSeed;
- }
- }
-
/**
* Standard SHA1withDSA implementation.
*/
- public static final class SHA1withDSA extends LegacyDSA {
+ public static final class SHA1withDSA extends DSA {
public SHA1withDSA() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA-1"));
}
@@ -728,7 +526,7 @@ abstract class DSA extends SignatureSpi {
/**
* SHA1withDSA implementation that uses the IEEE P1363 format.
*/
- public static final class SHA1withDSAinP1363Format extends LegacyDSA {
+ public static final class SHA1withDSAinP1363Format extends DSA {
public SHA1withDSAinP1363Format() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA-1"), true);
}
@@ -741,7 +539,7 @@ abstract class DSA extends SignatureSpi {
* not, a SignatureException is thrown when sign()/verify() is called
* per JCA spec.
*/
- static class Raw extends LegacyDSA {
+ static class Raw extends DSA {
// Internal special-purpose MessageDigest impl for RawDSA
// Only override whatever methods used
// NOTE: no clone support
diff --git a/jdk/src/java.base/share/classes/sun/security/provider/DSAKeyFactory.java b/jdk/src/java.base/share/classes/sun/security/provider/DSAKeyFactory.java
index 72797aea18b..731f6b13e45 100644
--- a/jdk/src/java.base/share/classes/sun/security/provider/DSAKeyFactory.java
+++ b/jdk/src/java.base/share/classes/sun/security/provider/DSAKeyFactory.java
@@ -70,8 +70,7 @@ public class DSAKeyFactory extends KeyFactorySpi {
* By default this is false.
* This incompatibility was introduced by 4532506.
*/
- String prop = AccessController.doPrivileged
- (new GetPropertyAction(SERIAL_PROP, null));
+ String prop = GetPropertyAction.getProperty(SERIAL_PROP);
SERIAL_INTEROP = "true".equalsIgnoreCase(prop);
}
diff --git a/jdk/src/java.base/share/classes/sun/security/rsa/RSAKeyFactory.java b/jdk/src/java.base/share/classes/sun/security/rsa/RSAKeyFactory.java
index d869a8aaca4..d3497aea557 100644
--- a/jdk/src/java.base/share/classes/sun/security/rsa/RSAKeyFactory.java
+++ b/jdk/src/java.base/share/classes/sun/security/rsa/RSAKeyFactory.java
@@ -84,9 +84,8 @@ public final class RSAKeyFactory extends KeyFactorySpi {
public static final int MAX_RESTRICTED_EXPLEN = 64;
private static final boolean restrictExpLen =
- "true".equalsIgnoreCase(AccessController.doPrivileged(
- new GetPropertyAction(
- "sun.security.rsa.restrictRSAExponent", "true")));
+ "true".equalsIgnoreCase(GetPropertyAction.getProperty(
+ "sun.security.rsa.restrictRSAExponent", "true"));
// instance used for static translateKey();
private static final RSAKeyFactory INSTANCE = new RSAKeyFactory();
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/ClientKeyExchangeService.java b/jdk/src/java.base/share/classes/sun/security/ssl/ClientKeyExchangeService.java
index 8da221961a0..8f849f8d54f 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ClientKeyExchangeService.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ClientKeyExchangeService.java
@@ -50,10 +50,7 @@ public interface ClientKeyExchangeService {
providers = new HashMap<>();
static {
- final String key = "java.home";
- String path = AccessController.doPrivileged(
- new GetPropertyAction(key), null,
- new PropertyPermission(key, "read"));
+ String path = GetPropertyAction.getProperty("java.home");
ServiceLoader sc =
AccessController.doPrivileged(
(PrivilegedAction>)
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/Debug.java b/jdk/src/java.base/share/classes/sun/security/ssl/Debug.java
index 494dd3257ba..c05505edf4a 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/Debug.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/Debug.java
@@ -26,7 +26,6 @@
package sun.security.ssl;
import java.io.PrintStream;
-import java.security.AccessController;
import java.util.Locale;
import sun.security.util.HexDumpEncoder;
@@ -46,8 +45,7 @@ public class Debug {
private static String args;
static {
- args = java.security.AccessController.doPrivileged(
- new GetPropertyAction("javax.net.debug", ""));
+ args = GetPropertyAction.getProperty("javax.net.debug", "");
args = args.toLowerCase(Locale.ENGLISH);
if (args.equals("help")) {
Help();
@@ -184,8 +182,7 @@ public class Debug {
*/
static boolean getBooleanProperty(String propName, boolean defaultValue) {
// if set, require value of either true or false
- String b = AccessController.doPrivileged(
- new GetPropertyAction(propName));
+ String b = GetPropertyAction.getProperty(propName);
if (b == null) {
return defaultValue;
} else if (b.equalsIgnoreCase("false")) {
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java b/jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
index 903f6fb376a..f3384c5b746 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
@@ -656,8 +656,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
// the provider service. Instead, please handle the initialization
// exception in the caller's constructor.
static {
- String property = AccessController.doPrivileged(
- new GetPropertyAction(PROPERTY_NAME));
+ String property = GetPropertyAction.getProperty(PROPERTY_NAME);
if (property != null && property.length() != 0) {
// remove double quote marks from beginning/end of the property
if (property.length() > 1 && property.charAt(0) == '"' &&
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java b/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java
index 32e434aa6b4..5ce147a3af3 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java
@@ -119,8 +119,8 @@ final class ServerHandshaker extends Handshaker {
private long statusRespTimeout;
static {
- String property = AccessController.doPrivileged(
- new GetPropertyAction("jdk.tls.ephemeralDHKeySize"));
+ String property =
+ GetPropertyAction.getProperty("jdk.tls.ephemeralDHKeySize");
if (property == null || property.length() == 0) {
useLegacyEphemeralDHKeys = false;
useSmartEphemeralDHKeys = false;
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java b/jdk/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java
index b618ab31a13..3e21616e48e 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java
@@ -73,8 +73,8 @@ final class StatusResponseManager {
DEFAULT_CACHE_LIFETIME));
cacheLifetime = life > 0 ? life : 0;
- String uriStr = AccessController.doPrivileged(
- new GetPropertyAction("jdk.tls.stapling.responderURI"));
+ String uriStr =
+ GetPropertyAction.getProperty("jdk.tls.stapling.responderURI");
URI tmpURI;
try {
tmpURI = ((uriStr != null && !uriStr.isEmpty()) ?
diff --git a/jdk/src/java.base/share/classes/sun/security/util/Debug.java b/jdk/src/java.base/share/classes/sun/security/util/Debug.java
index 35ce8d66348..514608dc73c 100644
--- a/jdk/src/java.base/share/classes/sun/security/util/Debug.java
+++ b/jdk/src/java.base/share/classes/sun/security/util/Debug.java
@@ -29,6 +29,7 @@ import java.math.BigInteger;
import java.util.regex.Pattern;
import java.util.regex.Matcher;
import java.util.Locale;
+import sun.security.action.GetPropertyAction;
/**
* A utility class for debuging.
@@ -42,13 +43,10 @@ public class Debug {
private static String args;
static {
- args = java.security.AccessController.doPrivileged
- (new sun.security.action.GetPropertyAction
- ("java.security.debug"));
+ args = GetPropertyAction.getProperty("java.security.debug");
- String args2 = java.security.AccessController.doPrivileged
- (new sun.security.action.GetPropertyAction
- ("java.security.auth.debug"));
+ String args2 =
+ GetPropertyAction.getProperty("java.security.auth.debug");
if (args == null) {
args = args2;
diff --git a/jdk/src/java.base/share/classes/sun/util/calendar/LocalGregorianCalendar.java b/jdk/src/java.base/share/classes/sun/util/calendar/LocalGregorianCalendar.java
index 10cbbdceee1..90389c73252 100644
--- a/jdk/src/java.base/share/classes/sun/util/calendar/LocalGregorianCalendar.java
+++ b/jdk/src/java.base/share/classes/sun/util/calendar/LocalGregorianCalendar.java
@@ -27,6 +27,7 @@ package sun.util.calendar;
import java.security.AccessController;
import java.util.TimeZone;
+import sun.security.action.GetPropertyAction;
/**
*
@@ -142,8 +143,8 @@ public class LocalGregorianCalendar extends BaseCalendar {
}
// Append an era to the predefined eras if it's given by the property.
- String prop = AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("jdk.calendar.japanese.supplemental.era"));
+ String prop = GetPropertyAction
+ .getProperty("jdk.calendar.japanese.supplemental.era");
if (prop != null) {
Era era = parseEraEntry(prop);
if (era != null) {
diff --git a/jdk/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java b/jdk/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
index 365e0e7967c..58c0c5bbe01 100644
--- a/jdk/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
+++ b/jdk/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
@@ -245,11 +245,12 @@ public final class ZoneInfoFile {
};
static {
- String oldmapping = AccessController.doPrivileged(
- new GetPropertyAction("sun.timezone.ids.oldmapping", "false")).toLowerCase(Locale.ROOT);
+ String oldmapping = GetPropertyAction
+ .getProperty("sun.timezone.ids.oldmapping", "false")
+ .toLowerCase(Locale.ROOT);
USE_OLDMAPPING = (oldmapping.equals("yes") || oldmapping.equals("true"));
- AccessController.doPrivileged(new PrivilegedAction