6985453: Font.createFont may expose some system properties in exception text

Reviewed-by: prr, hawtin

src/share/classes/sun/font/FileFont.java

@@ -32,22 +32,13 @@ import java.awt.geom.Point2D;
 import java.awt.geom.Rectangle2D;
 import java.io.File;
 import java.nio.ByteBuffer;
-import java.nio.channels.FileChannel;
 import sun.java2d.Disposer;
 import sun.java2d.DisposerRecord;
 
-import java.lang.ref.WeakReference;
-import java.io.FileNotFoundException;
 import java.io.IOException;
-import java.io.RandomAccessFile;
-import java.io.UnsupportedEncodingException;
-import java.nio.ByteOrder;
-import java.nio.MappedByteBuffer;
-import java.nio.BufferUnderflowException;
-import java.nio.channels.ClosedChannelException;
-import java.util.HashSet;
-import java.util.HashMap;
-import java.awt.Font;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 
 public abstract class FileFont extends PhysicalFont {
 
@@ -286,4 +277,49 @@ public abstract class FileFont extends PhysicalFont {
             });
         }
     }
+
+    protected String getPublicFileName() {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm == null) {
+            return platName;
+        }
+        boolean canReadProperty = true;
+
+        try {
+            sm.checkPropertyAccess("java.io.tmpdir");
+        } catch (SecurityException e) {
+            canReadProperty = false;
+        }
+
+        if (canReadProperty) {
+            return platName;
+        }
+
+        final File f = new File(platName);
+
+        Boolean isTmpFile = Boolean.FALSE;
+        try {
+            isTmpFile = AccessController.doPrivileged(
+                new PrivilegedExceptionAction<Boolean>() {
+                    public Boolean run() {
+                        File tmp = new File(System.getProperty("java.io.tmpdir"));
+                        try {
+                            String tpath = tmp.getCanonicalPath();
+                            String fpath = f.getCanonicalPath();
+
+                            return (fpath == null) || fpath.startsWith(tpath);
+                        } catch (IOException e) {
+                            return Boolean.TRUE;
+                        }
+                    }
+                }
+            );
+        } catch (PrivilegedActionException e) {
+            // unable to verify whether value of java.io.tempdir will be
+            // exposed, so return only a name of the font file.
+            isTmpFile = Boolean.TRUE;
+        }
+
+        return  isTmpFile ? "temp file" : platName;
+    }
 }

src/share/classes/sun/font/TrueTypeFont.java

@@ -519,7 +519,8 @@ public class TrueTypeFont extends FileFont {
                 break;
 
             default:
-                throw new FontFormatException("Unsupported sfnt " + platName);
+                throw new FontFormatException("Unsupported sfnt " +
+                                              getPublicFileName());
             }
 
             /* Now have the offset of this TT font (possibly within a TTC)
@@ -1680,7 +1681,6 @@ public class TrueTypeFont extends FileFont {
     @Override
     public String toString() {
         return "** TrueType Font: Family="+familyName+ " Name="+fullName+
-            " style="+style+" fileName="+platName;
+            " style="+style+" fileName="+getPublicFileName();
     }
-
 }

src/share/classes/sun/font/Type1Font.java

@@ -677,6 +677,6 @@ public class Type1Font extends FileFont {
 
     public String toString() {
         return "** Type1 Font: Family="+familyName+ " Name="+fullName+
-            " style="+style+" fileName="+platName;
+            " style="+style+" fileName="+getPublicFileName();
     }
 }