Re: RFR: 8267485: Remove the dependency on SecurityManager in JceSecurityManager.java [v4]

Thu, 03 Jun 2021 15:53:56 -0700 

On Thu, 3 Jun 2021 22:27:16 GMT, Bradford Wetmore <wetm...@openjdk.org> wrote:

>> The JceSecurityManager is currently a subclass of 
>> java.security.SecurityManager.  Now that JEP 411 has been integrated, this 
>> class should be updated to no longer subclass SecurityManager.
>> 
>> The only reason for using SecurityManager to easily get the Class Context 
>> (call stack), but we can achieve the same effect by using the JDK 9 API 
>> java.lang.StackWalkeer.  None of the other SecurityManager API are used.
>> 
>> I have run mach5 tier1/tier2 plus --test 
>> jck:api/java_security,jck:api/javax_crypto,jck:api/javax_net,jck:api/javax_security,jck:api/org_ietf,jck:api/javax_xml/crypto
>>  with all green.
>
> Bradford Wetmore has updated the pull request with a new target base due to a 
> merge or a rebase. The pull request now contains 14 commits:
> 
>  - More Codereview Comments
>  - Merge branch 'master' into JDK-8267485
>  - Minor typo
>  - Reduced SuppressWarnings scope
>  - Codereview Comments #2
>  - Merge branch 'master' into JDK-8267485
>  - Address codereview comments
>  - Merge branch 'master' into JDK-8267485
>  - Merge branch 'master' into JDK-8267485
>  - Merge branch 'master' into JDK-8267485
>  - ... and 4 more: 
> https://git.openjdk.java.net/jdk/compare/9f05c411...a441778b

src/java.base/share/classes/javax/crypto/JceSecurityManager.java line 109:

> 107:         @SuppressWarnings("removal")
> 108:         List<StackFrame> stack =
> 109:                 AccessController.doPrivileged(pa).walk(Stream::toList);

You can replace line 108-125 with something like this: 

StackWalker walker = AccessController.doPrivileged(pa);
Optional<URL> callerCodeBase = walker.walk(s -> {
    s.map(f -> JceSecurity.getCodeBase(f.getDeclaringClass()))
      .findFirst();
});

src/java.base/share/classes/javax/crypto/JceSecurityManager.java line 245:

> 243:         @SuppressWarnings("removal")
> 244:         Optional<StackFrame> stackFrame = 
> AccessController.doPrivileged(pa)
> 245:                 .walk((s) -> s.skip(2).findFirst());

You can use the same `StackWalker` instance in multiple places. 

`StackWalker::getCallerClass` is the API to get the caller class.   You want to 
get the caller of the subclass of `Cipher` in this case.    So `Cipher` 
constructor will call `walker.getCallerClass()` and then pass it to 
`isCallerTrusted` which will take an additional caller class parameter for 
validation.

-------------

PR: https://git.openjdk.java.net/jdk/pull/4150

Reply via email to