Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
a3ba6001
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
a3ba6001
编写于
5月 18, 2015
作者:
A
asmotrak
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8079140: IgnoreAllErrorHandler should use doPrivileged when it reads system properties
Reviewed-by: mullan
上级
f4e91231
变更
4
显示空白变更内容
内联
并排
Showing
4 changed file
with
147 addition
and
5 deletion
+147
-5
src/share/classes/com/sun/org/apache/xml/internal/security/utils/IgnoreAllErrorHandler.java
...he/xml/internal/security/utils/IgnoreAllErrorHandler.java
+18
-5
test/javax/xml/crypto/dsig/ErrorHandlerPermissions.java
test/javax/xml/crypto/dsig/ErrorHandlerPermissions.java
+121
-0
test/javax/xml/crypto/dsig/ErrorHandlerPermissions.policy
test/javax/xml/crypto/dsig/ErrorHandlerPermissions.policy
+5
-0
test/javax/xml/crypto/dsig/data/signature-external-rsa.xml
test/javax/xml/crypto/dsig/data/signature-external-rsa.xml
+3
-0
未找到文件。
src/share/classes/com/sun/org/apache/xml/internal/security/utils/IgnoreAllErrorHandler.java
浏览文件 @
a3ba6001
...
...
@@ -35,19 +35,30 @@ import org.xml.sax.SAXParseException;
public
class
IgnoreAllErrorHandler
implements
ErrorHandler
{
/** {@link org.apache.commons.logging} logging facility */
private
static
java
.
util
.
logging
.
Logger
log
=
private
static
final
java
.
util
.
logging
.
Logger
log
=
java
.
util
.
logging
.
Logger
.
getLogger
(
IgnoreAllErrorHandler
.
class
.
getName
());
/** Field throwExceptions */
private
static
final
boolean
warnOnExceptions
=
System
.
getProperty
(
"com.sun.org.apache.xml.internal.security.test.warn.on.exceptions"
,
"false"
).
equals
(
"true
"
);
private
static
final
boolean
warnOnExceptions
=
getProperty
(
"com.sun.org.apache.xml.internal.security.test.warn.on.exceptions
"
);
/** Field throwExceptions */
private
static
final
boolean
throwExceptions
=
System
.
getProperty
(
"com.sun.org.apache.xml.internal.security.test.throw.exceptions"
,
"false"
).
equals
(
"true
"
);
private
static
final
boolean
throwExceptions
=
getProperty
(
"com.sun.org.apache.xml.internal.security.test.throw.exceptions
"
);
private
static
boolean
getProperty
(
String
name
)
{
return
java
.
security
.
AccessController
.
doPrivileged
(
new
java
.
security
.
PrivilegedAction
<
Boolean
>()
{
@Override
public
Boolean
run
()
{
return
Boolean
.
getBoolean
(
name
);
}
});
}
/** @inheritDoc */
@Override
public
void
warning
(
SAXParseException
ex
)
throws
SAXException
{
if
(
IgnoreAllErrorHandler
.
warnOnExceptions
)
{
log
.
log
(
java
.
util
.
logging
.
Level
.
WARNING
,
""
,
ex
);
...
...
@@ -59,6 +70,7 @@ public class IgnoreAllErrorHandler implements ErrorHandler {
/** @inheritDoc */
@Override
public
void
error
(
SAXParseException
ex
)
throws
SAXException
{
if
(
IgnoreAllErrorHandler
.
warnOnExceptions
)
{
log
.
log
(
java
.
util
.
logging
.
Level
.
SEVERE
,
""
,
ex
);
...
...
@@ -70,6 +82,7 @@ public class IgnoreAllErrorHandler implements ErrorHandler {
/** @inheritDoc */
@Override
public
void
fatalError
(
SAXParseException
ex
)
throws
SAXException
{
if
(
IgnoreAllErrorHandler
.
warnOnExceptions
)
{
log
.
log
(
java
.
util
.
logging
.
Level
.
WARNING
,
""
,
ex
);
...
...
test/javax/xml/crypto/dsig/ErrorHandlerPermissions.java
0 → 100644
浏览文件 @
a3ba6001
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import
java.io.ByteArrayInputStream
;
import
java.io.File
;
import
java.security.KeyFactory
;
import
java.security.PublicKey
;
import
java.security.spec.X509EncodedKeySpec
;
import
java.util.Base64
;
import
javax.xml.XMLConstants
;
import
javax.xml.crypto.Data
;
import
javax.xml.crypto.KeySelector
;
import
javax.xml.crypto.OctetStreamData
;
import
javax.xml.crypto.URIDereferencer
;
import
javax.xml.crypto.URIReference
;
import
javax.xml.crypto.URIReferenceException
;
import
javax.xml.crypto.XMLCryptoContext
;
import
javax.xml.crypto.dsig.XMLSignature
;
import
javax.xml.crypto.dsig.XMLSignatureFactory
;
import
javax.xml.crypto.dsig.dom.DOMValidateContext
;
import
javax.xml.parsers.DocumentBuilderFactory
;
import
org.w3c.dom.Document
;
import
org.w3c.dom.Element
;
import
org.w3c.dom.NodeList
;
/**
* @test
* @bug 8079140
* @summary Check if IgnoreAllErrorHandler doesn't require additional permission
* @run main/othervm/java.security.policy=ErrorHandlerPermissions.policy
* ErrorHandlerPermissions
*/
public
class
ErrorHandlerPermissions
{
private
final
static
String
FS
=
System
.
getProperty
(
"file.separator"
);
private
final
static
String
DIR
=
System
.
getProperty
(
"test.src"
,
"."
);
private
final
static
String
DATA_DIR
=
DIR
+
FS
+
"data"
;
private
final
static
String
SIGNATURE
=
DATA_DIR
+
FS
+
"signature-external-rsa.xml"
;
private
static
final
String
validationKey
=
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnx4TdvPSA5vcsPi0OJZi9Ox0Z"
+
"2FRz2oeUCtuWoyEg0kUCeFd+jJZMstDJUiZNSOeuCO3FWSpdJgAwI4zlveHvuU/o"
+
"qHSa1eYTObOCvxfVYGGflWsSvGXyiANtRWVUrYODBeyL+2pWxDYh+Fi5EKizPfTG"
+
"wRjBVRSkRZKTnSjnQwIDAQAB"
;
private
static
final
URIDereferencer
dereferencer
=
new
DummyURIDereferencer
();
public
static
void
main
(
String
[]
args
)
throws
Exception
{
DocumentBuilderFactory
dbf
=
DocumentBuilderFactory
.
newInstance
();
dbf
.
setNamespaceAware
(
true
);
dbf
.
setValidating
(
false
);
dbf
.
setFeature
(
XMLConstants
.
FEATURE_SECURE_PROCESSING
,
Boolean
.
TRUE
);
Document
doc
=
dbf
.
newDocumentBuilder
().
parse
(
new
File
(
SIGNATURE
));
NodeList
nl
=
doc
.
getElementsByTagNameNS
(
XMLSignature
.
XMLNS
,
"Signature"
);
if
(
nl
.
getLength
()
==
0
)
{
throw
new
RuntimeException
(
"Couldn't find 'Signature' element"
);
}
Element
element
=
(
Element
)
nl
.
item
(
0
);
byte
[]
keyBytes
=
Base64
.
getDecoder
().
decode
(
validationKey
);
X509EncodedKeySpec
spec
=
new
X509EncodedKeySpec
(
keyBytes
);
KeyFactory
kf
=
KeyFactory
.
getInstance
(
"RSA"
);
PublicKey
key
=
kf
.
generatePublic
(
spec
);
KeySelector
ks
=
KeySelector
.
singletonKeySelector
(
key
);
DOMValidateContext
vc
=
new
DOMValidateContext
(
ks
,
element
);
// disable secure validation mode
vc
.
setProperty
(
"org.jcp.xml.dsig.secureValidation"
,
Boolean
.
FALSE
);
// set a dummy dereferencer to be able to get content by references
vc
.
setURIDereferencer
(
dereferencer
);
XMLSignatureFactory
factory
=
XMLSignatureFactory
.
getInstance
();
XMLSignature
signature
=
factory
.
unmarshalXMLSignature
(
vc
);
// run validation
signature
.
validate
(
vc
);
}
/**
* This URIDereferencer returns a static XML document.
*/
private
static
class
DummyURIDereferencer
implements
URIDereferencer
{
@Override
public
Data
dereference
(
final
URIReference
ref
,
XMLCryptoContext
ctx
)
throws
URIReferenceException
{
// return static content
return
new
OctetStreamData
(
new
ByteArrayInputStream
(
"<test>test</test>"
.
getBytes
()),
ref
.
getURI
(),
ref
.
getType
());
}
}
}
test/javax/xml/crypto/dsig/ErrorHandlerPermissions.policy
0 → 100644
浏览文件 @
a3ba6001
grant {
permission java.util.PropertyPermission "test.src", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.io.FilePermission "${test.src}/-", "read";
};
test/javax/xml/crypto/dsig/data/signature-external-rsa.xml
0 → 100644
浏览文件 @
a3ba6001
<test
xmlns=
"http://example.org/envelope"
>
test
<Signature
xmlns=
"http://www.w3.org/2000/09/xmldsig#"
><SignedInfo
xmlns=
"http://www.w3.org/2000/09/xmldsig#"
><CanonicalizationMethod
Algorithm=
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
></CanonicalizationMethod><SignatureMethod
Algorithm=
"http://www.w3.org/2000/09/xmldsig#rsa-sha1"
></SignatureMethod><Reference
URI=
"http://oracle.com"
><Transforms><Transform
Algorithm=
"http://www.w3.org/2000/09/xmldsig#enveloped-signature"
></Transform></Transforms><DigestMethod
Algorithm=
"http://www.w3.org/2000/09/xmldsig#sha1"
></DigestMethod><DigestValue>
1Bq8FsjajUBYPD7stQeJSc66GlM=
</DigestValue></Reference></SignedInfo><SignatureValue>
f6trDCcPsLLkIV/V4DGFbRf8b9Jwal8xGBDshNzEXwPmym2ChN85rbKIg/cbunf04F89/SXLo2v9
AYjLcUr3G/Vz5YUmqNhnBvJukXgsIG0ddWl3mFi9Tk+CLINlbgfsaFqU9pQwFjmDyAqIrvZYqW7p
rTHLetv218mbUVBBAkc=
</SignatureValue></Signature></test>
\ No newline at end of file
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录