Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
7741730c
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
3
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
7741730c
编写于
1月 22, 2013
作者:
V
vinnie
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
6263419: No way to clean the memory for a java.security.Key
Reviewed-by: mullan
上级
cb5188a2
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
303 addition
and
25 deletion
+303
-25
src/share/classes/java/security/PrivateKey.java
src/share/classes/java/security/PrivateKey.java
+18
-8
src/share/classes/javax/crypto/SecretKey.java
src/share/classes/javax/crypto/SecretKey.java
+23
-14
src/share/classes/javax/security/auth/Destroyable.java
src/share/classes/javax/security/auth/Destroyable.java
+9
-3
test/javax/security/auth/Destroyable/KeyDestructionTest.java
test/javax/security/auth/Destroyable/KeyDestructionTest.java
+253
-0
未找到文件。
src/share/classes/java/security/PrivateKey.java
浏览文件 @
7741730c
/*
/*
* Copyright (c) 1996, 20
01
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 20
13
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -26,13 +26,22 @@
...
@@ -26,13 +26,22 @@
package
java.security
;
package
java.security
;
/**
/**
*
<p>A private key. This interface contains no methods or constants
.
*
A private key
.
*
It merely serves to group (and provide type safety for) all private ke
y
*
The purpose of this interface is to group (and provide type safet
y
* interfaces.
*
for) all private key
interfaces.
*
*
<p>
* Note: The specialized private key interfaces extend this interface.
* Note: The specialized private key interfaces extend this interface.
* See, for example, the DSAPrivateKey interface in
* See, for example, the {@code DSAPrivateKey} interface in
* <code>java.security.interfaces</code>.
* {@link java.security.interfaces}.
* <p>
* Implementations should override the default {@code destroy} and
* {@code isDestroyed} methods from the
* {@link javax.security.auth.Destroyable} interface to enable
* sensitive key information to be destroyed, cleared, or in the case
* where such information is immutable, unreferenced.
* Finally, since {@code PrivateKey} is {@code Serializable}, implementations
* should also override {@link java.io.ObjectOutputStream.writeObject}
* to prevent keys that have been destroyed from being serialized.
*
*
* @see Key
* @see Key
* @see PublicKey
* @see PublicKey
...
@@ -46,7 +55,8 @@ package java.security;
...
@@ -46,7 +55,8 @@ package java.security;
* @author Josh Bloch
* @author Josh Bloch
*/
*/
public
interface
PrivateKey
extends
Key
{
public
interface
PrivateKey
extends
Key
,
javax
.
security
.
auth
.
Destroyable
{
// Declare serialVersionUID to be compatible with JDK1.1
// Declare serialVersionUID to be compatible with JDK1.1
/**
/**
* The class fingerprint that is set to indicate serialization
* The class fingerprint that is set to indicate serialization
...
...
src/share/classes/javax/crypto/SecretKey.java
浏览文件 @
7741730c
/*
/*
* Copyright (c) 1997, 20
07
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 20
13
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -27,20 +27,27 @@ package javax.crypto;
...
@@ -27,20 +27,27 @@ package javax.crypto;
/**
/**
* A secret (symmetric) key.
* A secret (symmetric) key.
*
* The purpose of this interface is to group (and provide type safety
* <p>This interface contains no methods or constants.
* for) all secret key interfaces.
* Its only purpose is to group (and provide type safety for) secret keys.
* <p>
*
* Provider implementations of this interface must overwrite the
* <p>Provider implementations of this interface must overwrite the
* {@code equals} and {@code hashCode} methods inherited from
* <code>equals</code> and <code>hashCode</code> methods inherited from
* {@link java.lang.Object}, so that secret keys are compared based on
* <code>java.lang.Object</code>, so that secret keys are compared based on
* their underlying key material and not based on reference.
* their underlying key material and not based on reference.
* Implementations should override the default {@code destroy} and
* {@code isDestroyed} methods from the
* {@link javax.security.auth.Destroyable} interface to enable
* sensitive key information to be destroyed, cleared, or in the case
* where such information is immutable, unreferenced.
* Finally, since {@code SecretKey} is {@code Serializable}, implementations
* should also override {@link java.io.ObjectOutputStream.writeObject}
* to prevent keys that have been destroyed from being serialized.
*
*
* <p>Keys that implement this interface return the string
<code>RAW</code>
* <p>Keys that implement this interface return the string
{@code RAW}
* as their encoding format (see
<code>getFormat</code>
), and return the
* as their encoding format (see
{@code getFormat}
), and return the
* raw key bytes as the result of a
<code>getEncoded</code>
method call. (The
* raw key bytes as the result of a
{@code getEncoded}
method call. (The
*
<code>getFormat</code> and <code>getEncoded</code>
methods are inherited
*
{@code getFormat} and {@code getEncoded}
methods are inherited
* from the
<code>java.security.Key</code>
parent interface.)
* from the
{@link java.security.Key}
parent interface.)
*
*
* @author Jan Luehe
* @author Jan Luehe
*
*
...
@@ -49,7 +56,9 @@ package javax.crypto;
...
@@ -49,7 +56,9 @@ package javax.crypto;
* @since 1.4
* @since 1.4
*/
*/
public
interface
SecretKey
extends
java
.
security
.
Key
{
public
interface
SecretKey
extends
java
.
security
.
Key
,
javax
.
security
.
auth
.
Destroyable
{
/**
/**
* The class fingerprint that is set to indicate serialization
* The class fingerprint that is set to indicate serialization
* compatibility since J2SE 1.4.
* compatibility since J2SE 1.4.
...
...
src/share/classes/javax/security/auth/Destroyable.java
浏览文件 @
7741730c
/*
/*
* Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999,
2013,
Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -42,21 +42,27 @@ public interface Destroyable {
...
@@ -42,21 +42,27 @@ public interface Destroyable {
* <code>IllegalStateException</code> being thrown.
* <code>IllegalStateException</code> being thrown.
*
*
* <p>
* <p>
* The default implementation throws {@code DestroyFailedException}.
*
*
* @exception DestroyFailedException if the destroy operation fails. <p>
* @exception DestroyFailedException if the destroy operation fails. <p>
*
*
* @exception SecurityException if the caller does not have permission
* @exception SecurityException if the caller does not have permission
* to destroy this <code>Object</code>.
* to destroy this <code>Object</code>.
*/
*/
void
destroy
()
throws
DestroyFailedException
;
public
default
void
destroy
()
throws
DestroyFailedException
{
throw
new
DestroyFailedException
();
}
/**
/**
* Determine if this <code>Object</code> has been destroyed.
* Determine if this <code>Object</code> has been destroyed.
*
*
* <p>
* <p>
* The default implementation returns false.
*
*
* @return true if this <code>Object</code> has been destroyed,
* @return true if this <code>Object</code> has been destroyed,
* false otherwise.
* false otherwise.
*/
*/
boolean
isDestroyed
();
public
default
boolean
isDestroyed
()
{
return
false
;
}
}
}
test/javax/security/auth/Destroyable/KeyDestructionTest.java
0 → 100644
浏览文件 @
7741730c
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6263419
* @summary No way to clean the memory for a java.security.Key
*/
import
java.security.*
;
import
java.util.*
;
import
javax.crypto.*
;
import
javax.security.auth.Destroyable
;
import
javax.security.auth.DestroyFailedException
;
public
class
KeyDestructionTest
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
KeyPair
keypair
=
generateKeyPair
(
"RSA"
,
1024
);
// Check keys that support and have implemented key destruction
testKeyDestruction
(
new
MyDestroyableSecretKey
());
testKeyDestruction
(
new
MyDestroyablePrivateKey
());
// Check keys that support but have not implemented key destruction
testNoKeyDestruction
(
generateSecretKey
(
"AES"
,
128
));
testNoKeyDestruction
(
keypair
.
getPrivate
());
// Check keys that do not support key destruction
try
{
testKeyDestruction
(
keypair
.
getPublic
());
}
catch
(
UnsupportedOperationException
uoe
)
{
// not an error
System
.
out
.
println
(
keypair
.
getPublic
().
getClass
().
getName
()
+
" keys do not support key destruction"
);
}
System
.
out
.
println
(
"PASSED."
);
}
// Check the behaviour of a key that implements key destruction
private
static
void
testKeyDestruction
(
Key
key
)
throws
Exception
{
String
klass
=
key
.
getClass
().
getName
();
boolean
hasUsable
=
key
instanceof
Usable
;
try
{
key
.
getAlgorithm
();
key
.
getFormat
();
if
(
allZero
(
key
.
getEncoded
()))
{
throw
new
Exception
(
"error: key destroyed prematurely"
);
}
}
catch
(
IllegalStateException
ise
)
{
throw
new
Exception
(
"error: unexpected ISE"
,
ise
);
}
if
(
hasUsable
)
{
((
Usable
)
key
).
useKey
();
}
destroyKey
(
key
);
try
{
if
(
hasUsable
)
{
((
Usable
)
key
).
useKey
();
}
}
catch
(
IllegalStateException
ise
)
{
// not an error
}
try
{
key
.
getAlgorithm
();
key
.
getFormat
();
if
(!
allZero
(
key
.
getEncoded
()))
{
throw
new
Exception
(
"error: key destroyed incorrectly"
);
}
}
catch
(
IllegalStateException
ise
)
{
// not an error
}
System
.
out
.
println
(
"A "
+
klass
+
" key has been successfully destroyed"
);
}
// Check the behaviour of a key that does not implement key destruction
private
static
void
testNoKeyDestruction
(
Destroyable
key
)
throws
Exception
{
String
klass
=
key
.
getClass
().
getName
();
if
(
key
.
isDestroyed
())
{
throw
new
Exception
(
"error: a "
+
klass
+
" key has been unexpectedly destroyed"
);
}
try
{
key
.
destroy
();
}
catch
(
DestroyFailedException
dfe
)
{
// not an error
if
(
key
.
isDestroyed
())
{
throw
new
Exception
(
"error: a "
+
klass
+
" key has been unexpectedly destroyed"
);
}
System
.
out
.
println
(
klass
+
" keys are not destroyable"
);
return
;
}
throw
new
Exception
(
"error: key may been unexpectedly destroyed"
);
}
private
static
KeyPair
generateKeyPair
(
String
algorithm
,
int
size
)
throws
NoSuchAlgorithmException
{
KeyPairGenerator
generator
=
KeyPairGenerator
.
getInstance
(
algorithm
);
generator
.
initialize
(
size
);
return
generator
.
genKeyPair
();
}
private
static
SecretKey
generateSecretKey
(
String
algorithm
,
int
size
)
throws
NoSuchAlgorithmException
{
KeyGenerator
generator
=
KeyGenerator
.
getInstance
(
algorithm
);
generator
.
init
(
size
);
return
generator
.
generateKey
();
}
private
static
void
destroyKey
(
Key
key
)
throws
Exception
{
String
klass
=
key
.
getClass
().
getName
();
if
(!(
key
instanceof
Destroyable
))
{
throw
new
UnsupportedOperationException
();
}
Destroyable
dKey
=
(
Destroyable
)
key
;
if
(
dKey
.
isDestroyed
())
{
throw
new
Exception
(
"error: a "
+
klass
+
" key has already been destroyed"
);
}
dKey
.
destroy
();
if
(!
dKey
.
isDestroyed
())
{
throw
new
Exception
(
"error: a "
+
klass
+
" key has NOT been destroyed"
);
}
}
private
static
boolean
allZero
(
byte
[]
bytes
)
{
int
count
=
0
;
for
(
byte
b
:
bytes
)
{
if
(
b
==
0x00
)
{
count
++;
}
}
return
(
bytes
.
length
==
count
);
}
}
interface
Usable
{
public
void
useKey
();
}
class
MyDestroyableSecretKey
implements
SecretKey
,
Usable
{
private
byte
[]
encoded
=
new
byte
[]{
0x0F
,
0x1F
,
0x2F
,
0x3F
};
// non-zero
private
boolean
isDestroyed
=
false
;
@Override
public
void
useKey
()
{
if
(
isDestroyed
)
{
throw
new
IllegalStateException
();
}
}
@Override
public
String
getAlgorithm
()
{
return
"MyDestroyableSecretKey algorithm"
;
}
@Override
public
String
getFormat
()
{
return
"MyDestroyableSecretKey format"
;
}
@Override
public
byte
[]
getEncoded
()
{
return
this
.
encoded
;
}
@Override
public
void
destroy
()
throws
DestroyFailedException
{
if
(!
this
.
isDestroyed
)
{
Arrays
.
fill
(
encoded
,
(
byte
)
0
);
this
.
isDestroyed
=
true
;
}
}
@Override
public
boolean
isDestroyed
()
{
return
this
.
isDestroyed
;
}
}
class
MyDestroyablePrivateKey
implements
PrivateKey
,
Usable
{
private
byte
[]
encoded
=
new
byte
[]{
0x4F
,
0x5F
,
0x6F
,
0x7F
};
// non-zero
private
boolean
isDestroyed
=
false
;
@Override
public
void
useKey
()
{
if
(
isDestroyed
)
{
throw
new
IllegalStateException
();
}
}
@Override
public
String
getAlgorithm
()
{
return
"MyDestroyablePrivateKey algorithm"
;
}
@Override
public
String
getFormat
()
{
return
"MyDestroyablePrivateKey format"
;
}
@Override
public
byte
[]
getEncoded
()
{
return
this
.
encoded
;
}
@Override
public
void
destroy
()
throws
DestroyFailedException
{
if
(!
this
.
isDestroyed
)
{
Arrays
.
fill
(
encoded
,
(
byte
)
0
);
this
.
isDestroyed
=
true
;
}
}
@Override
public
boolean
isDestroyed
()
{
return
this
.
isDestroyed
;
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录